feat(cli): support bypassing Admin API Auth by configuration

apisix/cli/ngx_tpl.lua

@@ -51,6 +51,8 @@ worker_shutdown_timeout {* worker_shutdown_timeout *};
 env APISIX_PROFILE;
 env PATH; # for searching external plugin runner's binary
 
+env APISIX_ALLOW_NONE_AUTHENTICATION; # allow any IP with empty admin_key
+
 # reserved environment variables for configuration
 env APISIX_DEPLOYMENT_ETCD_HOST;
 

apisix/cli/ops.lua

@@ -193,6 +193,13 @@ local function init(env)
         end
     end
 
+    -- check if APISIX_ALLOW_NONE_AUTHENTICATION=true
+    -- if so, allow any IP to access admin api with empty admin_key
+    local allow_none_auth = getenv("APISIX_ALLOW_NONE_AUTHENTICATION")
+    if allow_none_auth == "true" then
+        checked_admin_key = true
+    end
+
     if yaml_conf.apisix.enable_admin and not checked_admin_key then
         local help = [[
 

t/cli/test_admin.sh

@@ -154,6 +154,27 @@ fi
 
 echo "pass: missing admin key and show ERROR message"
 
+# allow any IP to access admin api with empty admin_key, when APISIX_ALLOW_NONE_AUTHENTICATION=true
+
+git checkout conf/config.yaml
+
+echo '
+deployment:
+  admin:
+    admin_key: ~
+    allow_admin: ~
+' > conf/config.yaml
+
+APISIX_ALLOW_NONE_AUTHENTICATION=true make init > output.log 2>&1 | true
+
+grep -E "ERROR: missing valid Admin API token." output.log > /dev/null
+if [ ! $? -ne 0 ]; then
+    echo "failed: should show 'ERROR: missing valid Admin API token.'"
+    exit 1
+fi
+
+echo "pass: allow empty admin_key, when APISIX_ALLOW_NONE_AUTHENTICATION=true"
+
 # admin api, allow any IP but use default key
 
 echo '