Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: As a user, I want to allow external ips in allow_admin without adminKey in debug mode, so that users can request containered APISIX Admin API from the host for test #9071

Closed
An-DJ opened this issue Mar 15, 2023 · 3 comments · Fixed by #9147
Closed

feat: As a user, I want to allow external ips in allow_admin without adminKey in debug mode, so that users can request containered APISIX Admin API from the host for test #9071

An-DJ opened this issue Mar 15, 2023 · 3 comments · Fixed by #9147
Assignees
@An-DJ

Comments

@An-DJ
Copy link
Contributor

An-DJ commented Mar 15, 2023

Description

As a user, I want to allow external ips in allow_admin without adminKey in debug mode, so that users can request containered APISIX Admin API from the host for test.

To simplify the operating steps in the "Getting Started" document, we want to make empty adminKey.

However, the APISIX now does not allow the requests without adminKey to visit Admin API except 127.0.0.0/24,
https://github.com/apache/apisix/blob/master/apisix/cli/ops.lua#L191
so that users cannot visit containered APISIX Admin API from the host.

Such a strategy is made for safety, but we can support it in debug mode, so that users can try the APISIX easily with "Getting Started".

What I want to do is allow the external custom ips in allow_admin with empty admin_key in debug mode, like below:

deployment:
  admin:
    allow_admin:
      - 0.0.0.0/0
    admin_key:
    # empty
@An-DJ
Copy link
Contributor Author

An-DJ commented Mar 15, 2023

CC @spacewander

@spacewander
Copy link
Member

Such a strategy is made for safety, but we can support it in debug mode, so that users can try the APISIX easily with "Getting Started".

It seems this feature is not for debugging, but to make it easy to get started. What about adding an env value to do it, like bitnami/etcd's ALLOW_NONE_AUTHENTICATION?

@An-DJ
Copy link
Contributor Author

An-DJ commented Mar 15, 2023

Such a strategy is made for safety, but we can support it in debug mode, so that users can try the APISIX easily with "Getting Started".

It seems this feature is not for debugging, but to make it easy to get started. What about adding an env value to do it, like bitnami/etcd's ALLOW_NONE_AUTHENTICATION?

Agree.

@An-DJ An-DJ mentioned this issue Mar 22, 2023
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@An-DJ An-DJ

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(cli): support bypassing Admin API Auth by configuration An-DJ/apisix
2 participants
@spacewander @An-DJ