From 63a39f1b2d7333893c51b7ba8e92f994985bb944 Mon Sep 17 00:00:00 2001 From: HuanXin-Chen <1056216208@qq.com> Date: Wed, 11 Sep 2024 09:17:52 -0700 Subject: [PATCH 1/9] docs(admin): add more secret information to the admin api --- docs/en/latest/admin-api.md | 96 ++++++++++++++++++++++++++++++++++++ docs/zh/latest/admin-api.md | 98 +++++++++++++++++++++++++++++++++++++ 2 files changed, 194 insertions(+) diff --git a/docs/en/latest/admin-api.md b/docs/en/latest/admin-api.md index d928e7a6936d..4ebbcd17f6a1 100644 --- a/docs/en/latest/admin-api.md +++ b/docs/en/latest/admin-api.md @@ -1497,6 +1497,102 @@ HTTP/1.1 200 OK {"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}} ``` +When `{secretmanager}` is `aws`: + +| Parameter | Required | Type | Description | Example | +| --- | --- | --- | --- | --- | +| access_key_id | True | string | AWS Access Key ID | | +| secret_access_key | True | string | AWS Secret Access Key | | +| session_token | False | string | Temporary access credential information | | +| region | False | string | AWS Region | | +| endpoint_url | False | URI | AWS Secret Manager URL | https://secretsmanagerus-east-1.amazonaws.com | + +Example Configuration: + +```shell +{ + "endpoint_url": "http://127.0.0.1:4566", + "region": "us-east-1", + "access_key_id": "access", + "secret_access_key": "secret", + "session_token": "token" +} +``` + +Example API usage: + +```shell +curl -i http://127.0.0.1:9180/apisix/admin/secrets/aws/test3 \ +-H "X-API-KEY: $admin_key" -X PUT -d ' +{ + "endpoint_url": "http://127.0.0.1:4566", + "region": "us-east-1", + "access_key_id": "access", + "secret_access_key": "secret", + "session_token": "token" +}' +``` + +```shell +HTTP/1.1 200 OK +... + +{"value":{"create_time":1726069970,"endpoint_url":"http://127.0.0.1:4566","region":"us-east-1","access_key_id":"access","secret_access_key":"secret","id":"aws/test3","update_time":1726069970,"session_token":"token"},"key":"/apisix/secrets/aws/test3"} +``` + +When `{secretmanager}` is `gcp`: + +| Parameter | Required | Type | Description | Example | +| --- | --- | --- | --- | --- | +| auth_config | True | object | Either `auth_config` or `auth_file` must be provided. | | +| auth_config.client_email | True | string | Email address of the Google Cloud service account. | | +| auth_config.private_key | True | string | Private key of the Google Cloud service account. | | +| auth_config.project_id | True | string | Project ID in the Google Cloud service account. | | +| auth_config.token_uri | False | string | Token URI of the Google Cloud service account. | [https://oauth2.googleapis.com/token](https://oauth2.googleapis.com/token) | +| auth_config.entries_uri | False | string | The API access endpoint for the Google Secrets Manager. | [https://secretmanager.googleapis.com/v1](https://secretmanager.googleapis.com/v1) | +| auth_config.scope | False | string | Access scopes of the Google Cloud service account. See [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes) | [https://www.googleapis.com/auth/cloud-platform](https://www.googleapis.com/auth/cloud-platform) | +| auth_file | True | string | Path to the Google Cloud service account authentication JSON file. Either `auth_config` or `auth_file` must be provided. | | +| ssl_verify | False | boolean | When set to `true`, enables SSL verification as mentioned in [OpenResty docs](https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake). | true | + +Example Configuration: + +```shell +{ + "auth_config" : { + "client_email": "email@apisix.iam.gserviceaccount.com", + "private_key": "private_key", + "project_id": "apisix-project", + "token_uri": "https://oauth2.googleapis.com/token", + "entries_uri": "https://secretmanager.googleapis.com/v1", + "scope": ["https://www.googleapis.com/auth/cloud-platform"] + } +} +``` + +Example API usage: + +```shell +curl -i http://127.0.0.1:9180/apisix/admin/secrets/gcp/test4 \ +-H "X-API-KEY: $admin_key" -X PUT -d ' +{ + "auth_config" : { + "client_email": "email@apisix.iam.gserviceaccount.com", + "private_key": "private_key", + "project_id": "apisix-project", + "token_uri": "https://oauth2.googleapis.com/token", + "entries_uri": "https://secretmanager.googleapis.com/v1", + "scope": ["https://www.googleapis.com/auth/cloud-platform"] + } +}' +``` + +```shell +HTTP/1.1 200 OK +... + +{"value":{"id":"gcp/test4","ssl_verify":true,"auth_config":{"token_uri":"https://oauth2.googleapis.com/token","scope":["https://www.googleapis.com/auth/cloud-platform"],"entries_uri":"https://secretmanager.googleapis.com/v1","client_email":"email@apisix.iam.gserviceaccount.com","private_key":"private_key","project_id":"apisix-project"},"create_time":1726070161,"update_time":1726070161},"key":"/apisix/secrets/gcp/test4"} +``` + ### Response Parameters Currently, the response is returned from etcd. diff --git a/docs/zh/latest/admin-api.md b/docs/zh/latest/admin-api.md index 5cefb428b0a0..b601d99e3baa 100644 --- a/docs/zh/latest/admin-api.md +++ b/docs/zh/latest/admin-api.md @@ -1508,6 +1508,104 @@ HTTP/1.1 200 OK {"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}} ``` +当 `{secretmanager}` 是 `aws` 时: + +| 名称 | 必选项 | 默认值 | 描述 | +| --- | --- | --- | --- | +| access_key_id | 是 | | AWS 访问密钥 ID | +| secret_access_key | 是 | | AWS 访问密钥 | +| session_token | 否 | | 临时访问凭证信息 | +| region | 否 | us-east-1 | AWS 区域 | +| endpoint_url | 否 | https://secretsmanager.{region}.amazonaws.com | AWS Secret Manager 地址 | + +配置示例: + +```shell +{ + "endpoint_url": "http://127.0.0.1:4566", + "region": "us-east-1", + "access_key_id": "access", + "secret_access_key": "secret", + "session_token": "token" +} + +``` + +使用示例: + +```shell +curl -i http://127.0.0.1:9180/apisix/admin/secrets/aws/test3 \ +-H "X-API-KEY: $admin_key" -X PUT -d ' +{ + "endpoint_url": "http://127.0.0.1:4566", + "region": "us-east-1", + "access_key_id": "access", + "secret_access_key": "secret", + "session_token": "token" +}' +``` + +```shell +HTTP/1.1 200 OK +... + +{"value":{"create_time":1726069970,"endpoint_url":"http://127.0.0.1:4566","region":"us-east-1","access_key_id":"access","secret_access_key":"secret","id":"aws/test3","update_time":1726069970,"session_token":"token"},"key":"/apisix/secrets/aws/test3"} +``` + +当 `{secretmanager}` 是 `gcp` 时: + +| 名称 | 必选项 | 默认值 | 描述 | +| ----------------------- | -------- | ------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------- | +| auth_config | 是 | | `auth_config` 和 `auth_file` 必须配置一个。 | +| auth_config.client_email | 是 | | 谷歌服务帐号的 email 参数。 | +| auth_config.private_key | 是 | | 谷歌服务帐号的私钥参数。 | +| auth_config.project_id | 是 | | 谷歌服务帐号的项目 ID。 | +| auth_config.token_uri | 否 | https://oauth2.googleapis.com/token | 请求谷歌服务帐户的令牌的 URI。 | +| auth_config.entries_uri | 否 | https://secretmanager.googleapis.com/v1 | 谷歌密钥服务访问端点 API。 | +| auth_config.scope | 否 | https://www.googleapis.com/auth/cloud-platform | 谷歌服务账号的访问范围,可参考 [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes)| +| auth_file | 是 | | `auth_config` 和 `auth_file` 必须配置一个。 | +| ssl_verify | 否 | true | 当设置为 `true` 时,启用 `SSL` 验证。 | + +配置示例: + +```shell +{ + "auth_config" : { + "client_email": "email@apisix.iam.gserviceaccount.com", + "private_key": "private_key", + "project_id": "apisix-project", + "token_uri": "https://oauth2.googleapis.com/token", + "entries_uri": "https://secretmanager.googleapis.com/v1", + "scope": ["https://www.googleapis.com/auth/cloud-platform"] + } +} + +``` + +使用示例: + +```shell +curl -i http://127.0.0.1:9180/apisix/admin/secrets/gcp/test4 \ +-H "X-API-KEY: $admin_key" -X PUT -d ' +{ + "auth_config" : { + "client_email": "email@apisix.iam.gserviceaccount.com", + "private_key": "private_key", + "project_id": "apisix-project", + "token_uri": "https://oauth2.googleapis.com/token", + "entries_uri": "https://secretmanager.googleapis.com/v1", + "scope": ["https://www.googleapis.com/auth/cloud-platform"] + } +}' +``` + +```shell +HTTP/1.1 200 OK +... + +{"value":{"id":"gcp/test4","ssl_verify":true,"auth_config":{"token_uri":"https://oauth2.googleapis.com/token","scope":["https://www.googleapis.com/auth/cloud-platform"],"entries_uri":"https://secretmanager.googleapis.com/v1","client_email":"email@apisix.iam.gserviceaccount.com","private_key":"private_key","project_id":"apisix-project"},"create_time":1726070161,"update_time":1726070161},"key":"/apisix/secrets/gcp/test4"} +``` + ### 应答参数 {#secret-config-response-parameters} 当前的响应是从 etcd 返回的。 From 9317c61eedacae896a9f32c42f9817bde9cd1dbb Mon Sep 17 00:00:00 2001 From: HuanXin-Chen <111850224+HuanXin-Chen@users.noreply.github.com> Date: Thu, 12 Sep 2024 14:21:33 +0800 Subject: [PATCH 2/9] Update admin-api.md --- docs/en/latest/admin-api.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/en/latest/admin-api.md b/docs/en/latest/admin-api.md index 4ebbcd17f6a1..dc2b191048f0 100644 --- a/docs/en/latest/admin-api.md +++ b/docs/en/latest/admin-api.md @@ -1459,7 +1459,7 @@ Secret resource request address: /apisix/admin/secrets/{secretmanager}/{id} ### Request Body Parameters -When `{secretmanager}` is `vault`: +#### When `{secretmanager}` is `vault`: | Parameter | Required | Type | Description | Example | | ----------- | -------- | ----------- | ------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------ | @@ -1497,7 +1497,7 @@ HTTP/1.1 200 OK {"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}} ``` -When `{secretmanager}` is `aws`: +#### When `{secretmanager}` is `aws`: | Parameter | Required | Type | Description | Example | | --- | --- | --- | --- | --- | @@ -1505,7 +1505,7 @@ When `{secretmanager}` is `aws`: | secret_access_key | True | string | AWS Secret Access Key | | | session_token | False | string | Temporary access credential information | | | region | False | string | AWS Region | | -| endpoint_url | False | URI | AWS Secret Manager URL | https://secretsmanagerus-east-1.amazonaws.com | +| endpoint_url | False | URI | AWS Secret Manager URL | https://secretsmanager.{region}.amazonaws.com | Example Configuration: @@ -1540,7 +1540,7 @@ HTTP/1.1 200 OK {"value":{"create_time":1726069970,"endpoint_url":"http://127.0.0.1:4566","region":"us-east-1","access_key_id":"access","secret_access_key":"secret","id":"aws/test3","update_time":1726069970,"session_token":"token"},"key":"/apisix/secrets/aws/test3"} ``` -When `{secretmanager}` is `gcp`: +#### When `{secretmanager}` is `gcp`: | Parameter | Required | Type | Description | Example | | --- | --- | --- | --- | --- | From 619780b5d0d1feef71841b4b16c8684b3216996d Mon Sep 17 00:00:00 2001 From: HuanXin-Chen <111850224+HuanXin-Chen@users.noreply.github.com> Date: Thu, 12 Sep 2024 14:22:49 +0800 Subject: [PATCH 3/9] Update admin-api.md --- docs/zh/latest/admin-api.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/zh/latest/admin-api.md b/docs/zh/latest/admin-api.md index b601d99e3baa..9edcba6a72c5 100644 --- a/docs/zh/latest/admin-api.md +++ b/docs/zh/latest/admin-api.md @@ -1469,7 +1469,7 @@ Secret 资源请求地址:/apisix/admin/secrets/{secretmanager}/{id} ### body 请求参数 {#secret-config-body-requset-parameters} -当 `{secretmanager}` 是 `vault` 时: +#### 当 `{secretmanager}` 是 `vault` 时: | 名称 | 必选项 | 类型 | 描述 | 例子 | | ----------- | -------- | ----------- | ------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------ | @@ -1508,7 +1508,7 @@ HTTP/1.1 200 OK {"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}} ``` -当 `{secretmanager}` 是 `aws` 时: +#### 当 `{secretmanager}` 是 `aws` 时: | 名称 | 必选项 | 默认值 | 描述 | | --- | --- | --- | --- | @@ -1552,7 +1552,7 @@ HTTP/1.1 200 OK {"value":{"create_time":1726069970,"endpoint_url":"http://127.0.0.1:4566","region":"us-east-1","access_key_id":"access","secret_access_key":"secret","id":"aws/test3","update_time":1726069970,"session_token":"token"},"key":"/apisix/secrets/aws/test3"} ``` -当 `{secretmanager}` 是 `gcp` 时: +#### 当 `{secretmanager}` 是 `gcp` 时: | 名称 | 必选项 | 默认值 | 描述 | | ----------------------- | -------- | ------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------- | From 4d817400b9007ad0d0c340c2ec933ba5629d076c Mon Sep 17 00:00:00 2001 From: HuanXin-Chen <111850224+HuanXin-Chen@users.noreply.github.com> Date: Thu, 12 Sep 2024 16:52:20 +0800 Subject: [PATCH 4/9] Update admin-api.md --- docs/en/latest/admin-api.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/en/latest/admin-api.md b/docs/en/latest/admin-api.md index dc2b191048f0..f4e699f8d695 100644 --- a/docs/en/latest/admin-api.md +++ b/docs/en/latest/admin-api.md @@ -1459,7 +1459,7 @@ Secret resource request address: /apisix/admin/secrets/{secretmanager}/{id} ### Request Body Parameters -#### When `{secretmanager}` is `vault`: +#### When Secret Manager is Vault | Parameter | Required | Type | Description | Example | | ----------- | -------- | ----------- | ------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------ | @@ -1497,7 +1497,7 @@ HTTP/1.1 200 OK {"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}} ``` -#### When `{secretmanager}` is `aws`: +#### When Secret Manager is AWS | Parameter | Required | Type | Description | Example | | --- | --- | --- | --- | --- | @@ -1540,7 +1540,7 @@ HTTP/1.1 200 OK {"value":{"create_time":1726069970,"endpoint_url":"http://127.0.0.1:4566","region":"us-east-1","access_key_id":"access","secret_access_key":"secret","id":"aws/test3","update_time":1726069970,"session_token":"token"},"key":"/apisix/secrets/aws/test3"} ``` -#### When `{secretmanager}` is `gcp`: +#### When Secret Manager is GCP | Parameter | Required | Type | Description | Example | | --- | --- | --- | --- | --- | From 134898252cdcd2597211a95ad1889828c5ce68c1 Mon Sep 17 00:00:00 2001 From: HuanXin-Chen <111850224+HuanXin-Chen@users.noreply.github.com> Date: Thu, 12 Sep 2024 16:55:12 +0800 Subject: [PATCH 5/9] Update admin-api.md --- docs/zh/latest/admin-api.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/zh/latest/admin-api.md b/docs/zh/latest/admin-api.md index 9edcba6a72c5..0853f3e812d8 100644 --- a/docs/zh/latest/admin-api.md +++ b/docs/zh/latest/admin-api.md @@ -1469,7 +1469,7 @@ Secret 资源请求地址:/apisix/admin/secrets/{secretmanager}/{id} ### body 请求参数 {#secret-config-body-requset-parameters} -#### 当 `{secretmanager}` 是 `vault` 时: +#### 当 Secret Manager 是 Vault 时 | 名称 | 必选项 | 类型 | 描述 | 例子 | | ----------- | -------- | ----------- | ------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------ | @@ -1508,7 +1508,7 @@ HTTP/1.1 200 OK {"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}} ``` -#### 当 `{secretmanager}` 是 `aws` 时: +#### 当 Secret Manager 是 AWS 时 | 名称 | 必选项 | 默认值 | 描述 | | --- | --- | --- | --- | @@ -1552,7 +1552,7 @@ HTTP/1.1 200 OK {"value":{"create_time":1726069970,"endpoint_url":"http://127.0.0.1:4566","region":"us-east-1","access_key_id":"access","secret_access_key":"secret","id":"aws/test3","update_time":1726069970,"session_token":"token"},"key":"/apisix/secrets/aws/test3"} ``` -#### 当 `{secretmanager}` 是 `gcp` 时: +#### 当 Secret Manager 是 GCP 时 | 名称 | 必选项 | 默认值 | 描述 | | ----------------------- | -------- | ------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------- | From 13e1f9a6301a67ca34d9c5eb4d3167a8900abef3 Mon Sep 17 00:00:00 2001 From: HuanXin-Chen <1056216208@qq.com> Date: Tue, 17 Sep 2024 07:56:07 -0700 Subject: [PATCH 6/9] docs(admin): fix the style shell to json --- docs/en/latest/admin-api.md | 4 ++-- docs/zh/latest/admin-api.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/en/latest/admin-api.md b/docs/en/latest/admin-api.md index 4ebbcd17f6a1..8f81334ec5b5 100644 --- a/docs/en/latest/admin-api.md +++ b/docs/en/latest/admin-api.md @@ -1509,7 +1509,7 @@ When `{secretmanager}` is `aws`: Example Configuration: -```shell +```json { "endpoint_url": "http://127.0.0.1:4566", "region": "us-east-1", @@ -1556,7 +1556,7 @@ When `{secretmanager}` is `gcp`: Example Configuration: -```shell +```json { "auth_config" : { "client_email": "email@apisix.iam.gserviceaccount.com", diff --git a/docs/zh/latest/admin-api.md b/docs/zh/latest/admin-api.md index b601d99e3baa..a4059afbc547 100644 --- a/docs/zh/latest/admin-api.md +++ b/docs/zh/latest/admin-api.md @@ -1520,7 +1520,7 @@ HTTP/1.1 200 OK 配置示例: -```shell +```json { "endpoint_url": "http://127.0.0.1:4566", "region": "us-east-1", @@ -1568,7 +1568,7 @@ HTTP/1.1 200 OK 配置示例: -```shell +```json { "auth_config" : { "client_email": "email@apisix.iam.gserviceaccount.com", From cf681419b73e2a902eb1dd771bdb9ca508a659da Mon Sep 17 00:00:00 2001 From: HuanXin-Chen <1056216208@qq.com> Date: Tue, 17 Sep 2024 08:18:36 -0700 Subject: [PATCH 7/9] docs(admin): Table formatting --- docs/en/latest/admin-api.md | 36 ++++++++++++++++++------------------ docs/zh/latest/admin-api.md | 36 ++++++++++++++++++------------------ 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/docs/en/latest/admin-api.md b/docs/en/latest/admin-api.md index 4a1a9da207dc..cd370a876b9d 100644 --- a/docs/en/latest/admin-api.md +++ b/docs/en/latest/admin-api.md @@ -1499,13 +1499,13 @@ HTTP/1.1 200 OK #### When Secret Manager is AWS -| Parameter | Required | Type | Description | Example | -| --- | --- | --- | --- | --- | -| access_key_id | True | string | AWS Access Key ID | | -| secret_access_key | True | string | AWS Secret Access Key | | -| session_token | False | string | Temporary access credential information | | -| region | False | string | AWS Region | | -| endpoint_url | False | URI | AWS Secret Manager URL | https://secretsmanager.{region}.amazonaws.com | +| Parameter | Required | Type | Description | Example | +| ----------------- | -------- | ------ | --------------------------------------- | --------------------------------------------- | +| access_key_id | True | string | AWS Access Key ID | | +| secret_access_key | True | string | AWS Secret Access Key | | +| session_token | False | string | Temporary access credential information | | +| region | False | string | AWS Region | us-east-1 | +| endpoint_url | False | URI | AWS Secret Manager URL | https://secretsmanager.{region}.amazonaws.com | Example Configuration: @@ -1542,17 +1542,17 @@ HTTP/1.1 200 OK #### When Secret Manager is GCP -| Parameter | Required | Type | Description | Example | -| --- | --- | --- | --- | --- | -| auth_config | True | object | Either `auth_config` or `auth_file` must be provided. | | -| auth_config.client_email | True | string | Email address of the Google Cloud service account. | | -| auth_config.private_key | True | string | Private key of the Google Cloud service account. | | -| auth_config.project_id | True | string | Project ID in the Google Cloud service account. | | -| auth_config.token_uri | False | string | Token URI of the Google Cloud service account. | [https://oauth2.googleapis.com/token](https://oauth2.googleapis.com/token) | -| auth_config.entries_uri | False | string | The API access endpoint for the Google Secrets Manager. | [https://secretmanager.googleapis.com/v1](https://secretmanager.googleapis.com/v1) | -| auth_config.scope | False | string | Access scopes of the Google Cloud service account. See [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes) | [https://www.googleapis.com/auth/cloud-platform](https://www.googleapis.com/auth/cloud-platform) | -| auth_file | True | string | Path to the Google Cloud service account authentication JSON file. Either `auth_config` or `auth_file` must be provided. | | -| ssl_verify | False | boolean | When set to `true`, enables SSL verification as mentioned in [OpenResty docs](https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake). | true | +| Parameter | Required | Type | Description | Example | +| ------------------------ | -------- | ------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | +| auth_config | True | object | Either `auth_config` or `auth_file` must be provided. | | +| auth_config.client_email | True | string | Email address of the Google Cloud service account. | | +| auth_config.private_key | True | string | Private key of the Google Cloud service account. | | +| auth_config.project_id | True | string | Project ID in the Google Cloud service account. | | +| auth_config.token_uri | False | string | Token URI of the Google Cloud service account. | [https://oauth2.googleapis.com/token](https://oauth2.googleapis.com/token) | +| auth_config.entries_uri | False | string | The API access endpoint for the Google Secrets Manager. | [https://secretmanager.googleapis.com/v1](https://secretmanager.googleapis.com/v1) | +| auth_config.scope | False | string | Access scopes of the Google Cloud service account. See [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes) | [https://www.googleapis.com/auth/cloud-platform](https://www.googleapis.com/auth/cloud-platform) | +| auth_file | True | string | Path to the Google Cloud service account authentication JSON file. Either `auth_config` or `auth_file` must be provided. | | +| ssl_verify | False | boolean | When set to `true`, enables SSL verification as mentioned in [OpenResty docs](https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake). | true | Example Configuration: diff --git a/docs/zh/latest/admin-api.md b/docs/zh/latest/admin-api.md index 8ef1e51864f2..19d97d7808b7 100644 --- a/docs/zh/latest/admin-api.md +++ b/docs/zh/latest/admin-api.md @@ -1510,13 +1510,13 @@ HTTP/1.1 200 OK #### 当 Secret Manager 是 AWS 时 -| 名称 | 必选项 | 默认值 | 描述 | -| --- | --- | --- | --- | -| access_key_id | 是 | | AWS 访问密钥 ID | -| secret_access_key | 是 | | AWS 访问密钥 | -| session_token | 否 | | 临时访问凭证信息 | -| region | 否 | us-east-1 | AWS 区域 | -| endpoint_url | 否 | https://secretsmanager.{region}.amazonaws.com | AWS Secret Manager 地址 | +| 名称 | 必选项 | 默认值 | 描述 | +| ----------------- | ------ | --------------------------------------------- | ----------------------- | +| access_key_id | 是 | | AWS 访问密钥 ID | +| secret_access_key | 是 | | AWS 访问密钥 | +| session_token | 否 | | 临时访问凭证信息 | +| region | 否 | us-east-1 | AWS 区域 | +| endpoint_url | 否 | https://secretsmanager.{region}.amazonaws.com | AWS Secret Manager 地址 | 配置示例: @@ -1554,17 +1554,17 @@ HTTP/1.1 200 OK #### 当 Secret Manager 是 GCP 时 -| 名称 | 必选项 | 默认值 | 描述 | -| ----------------------- | -------- | ------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------- | -| auth_config | 是 | | `auth_config` 和 `auth_file` 必须配置一个。 | -| auth_config.client_email | 是 | | 谷歌服务帐号的 email 参数。 | -| auth_config.private_key | 是 | | 谷歌服务帐号的私钥参数。 | -| auth_config.project_id | 是 | | 谷歌服务帐号的项目 ID。 | -| auth_config.token_uri | 否 | https://oauth2.googleapis.com/token | 请求谷歌服务帐户的令牌的 URI。 | -| auth_config.entries_uri | 否 | https://secretmanager.googleapis.com/v1 | 谷歌密钥服务访问端点 API。 | -| auth_config.scope | 否 | https://www.googleapis.com/auth/cloud-platform | 谷歌服务账号的访问范围,可参考 [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes)| -| auth_file | 是 | | `auth_config` 和 `auth_file` 必须配置一个。 | -| ssl_verify | 否 | true | 当设置为 `true` 时,启用 `SSL` 验证。 | +| 名称 | 必选项 | 默认值 | 描述 | +| ------------------------ | ------ | ---------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| auth_config | 是 | | `auth_config` 和 `auth_file` 必须配置一个。 | +| auth_config.client_email | 是 | | 谷歌服务帐号的 email 参数。 | +| auth_config.private_key | 是 | | 谷歌服务帐号的私钥参数。 | +| auth_config.project_id | 是 | | 谷歌服务帐号的项目 ID。 | +| auth_config.token_uri | 否 | https://oauth2.googleapis.com/token | 请求谷歌服务帐户的令牌的 URI。 | +| auth_config.entries_uri | 否 | https://secretmanager.googleapis.com/v1 | 谷歌密钥服务访问端点 API。 | +| auth_config.scope | 否 | https://www.googleapis.com/auth/cloud-platform | 谷歌服务账号的访问范围,可参考 [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes) | +| auth_file | 是 | | `auth_config` 和 `auth_file` 必须配置一个。 | +| ssl_verify | 否 | true | 当设置为 `true` 时,启用 `SSL` 验证。 | 配置示例: From 8eb656dcd2908e98756ed11202b27a0e772b3ab9 Mon Sep 17 00:00:00 2001 From: HuanXin-Chen <1056216208@qq.com> Date: Tue, 17 Sep 2024 08:24:55 -0700 Subject: [PATCH 8/9] fix(docs): ci lint problem --- docs/en/latest/admin-api.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/en/latest/admin-api.md b/docs/en/latest/admin-api.md index cd370a876b9d..a39f69b27756 100644 --- a/docs/en/latest/admin-api.md +++ b/docs/en/latest/admin-api.md @@ -1542,17 +1542,17 @@ HTTP/1.1 200 OK #### When Secret Manager is GCP -| Parameter | Required | Type | Description | Example | -| ------------------------ | -------- | ------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | -| auth_config | True | object | Either `auth_config` or `auth_file` must be provided. | | -| auth_config.client_email | True | string | Email address of the Google Cloud service account. | | -| auth_config.private_key | True | string | Private key of the Google Cloud service account. | | -| auth_config.project_id | True | string | Project ID in the Google Cloud service account. | | -| auth_config.token_uri | False | string | Token URI of the Google Cloud service account. | [https://oauth2.googleapis.com/token](https://oauth2.googleapis.com/token) | -| auth_config.entries_uri | False | string | The API access endpoint for the Google Secrets Manager. | [https://secretmanager.googleapis.com/v1](https://secretmanager.googleapis.com/v1) | -| auth_config.scope | False | string | Access scopes of the Google Cloud service account. See [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes) | [https://www.googleapis.com/auth/cloud-platform](https://www.googleapis.com/auth/cloud-platform) | -| auth_file | True | string | Path to the Google Cloud service account authentication JSON file. Either `auth_config` or `auth_file` must be provided. | | -| ssl_verify | False | boolean | When set to `true`, enables SSL verification as mentioned in [OpenResty docs](https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake). | true | +| Parameter | Required | Type | Description | Example | +| ------------------------ | -------- | ------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | +| auth_config | True | object | Either `auth_config` or `auth_file` must be provided. | | +| auth_config.client_email | True | string | Email address of the Google Cloud service account. | | +| auth_config.private_key | True | string | Private key of the Google Cloud service account. | | +| auth_config.project_id | True | string | Project ID in the Google Cloud service account. | | +| auth_config.token_uri | False | string | Token URI of the Google Cloud service account. | [https://oauth2.googleapis.com/token](https://oauth2.googleapis.com/token) | +| auth_config.entries_uri | False | string | The API access endpoint for the Google Secrets Manager. | [https://secretmanager.googleapis.com/v1](https://secretmanager.googleapis.com/v1) | +| auth_config.scope | False | string | Access scopes of the Google Cloud service account. See [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes) | [https://www.googleapis.com/auth/cloud-platform](https://www.googleapis.com/auth/cloud-platform) | +| auth_file | True | string | Path to the Google Cloud service account authentication JSON file. Either `auth_config` or `auth_file` must be provided. | | +| ssl_verify | False | boolean | When set to `true`, enables SSL verification as mentioned in [OpenResty docs](https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake). | true | Example Configuration: From 349b2567647da000fc51c6e8da7cf23922f88459 Mon Sep 17 00:00:00 2001 From: HuanXin-Chen <111850224+HuanXin-Chen@users.noreply.github.com> Date: Wed, 18 Sep 2024 13:55:31 +0800 Subject: [PATCH 9/9] docs(admin): remove example --- docs/en/latest/admin-api.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/en/latest/admin-api.md b/docs/en/latest/admin-api.md index a39f69b27756..b6f03cbd5855 100644 --- a/docs/en/latest/admin-api.md +++ b/docs/en/latest/admin-api.md @@ -1499,13 +1499,13 @@ HTTP/1.1 200 OK #### When Secret Manager is AWS -| Parameter | Required | Type | Description | Example | -| ----------------- | -------- | ------ | --------------------------------------- | --------------------------------------------- | -| access_key_id | True | string | AWS Access Key ID | | -| secret_access_key | True | string | AWS Secret Access Key | | -| session_token | False | string | Temporary access credential information | | -| region | False | string | AWS Region | us-east-1 | -| endpoint_url | False | URI | AWS Secret Manager URL | https://secretsmanager.{region}.amazonaws.com | +| Parameter | Required | Type | Description | +| ----------------- | -------- | ------ | --------------------------------------- | +| access_key_id | True | string | AWS Access Key ID | +| secret_access_key | True | string | AWS Secret Access Key | +| session_token | False | string | Temporary access credential information | +| region | False | string | AWS Region | +| endpoint_url | False | URI | AWS Secret Manager URL | Example Configuration: