feat(admin): add kms admin api #8394
Conversation
t/admin/kms.t
Outdated
| $block->set_value("request", "GET /t"); | ||
| } | ||
|
|
||
| if ((!defined $block->error_log) && (!defined $block->no_error_log)) { |
apisix/admin/kms.lua
Outdated
|
|
||
|
|
||
| function _M.delete(id, conf, sub_path) | ||
| local uri_segs = core.utils.split_uri(sub_path) |
There was a problem hiding this comment.
Can we refactor the code to get type & id from sub_path in a function?
There was a problem hiding this comment.
PATCH requires a different number of segments than GET and PUT, then it makes function wrap a bit complicated.
And the goal is to replace id with real id, and the original id is actually kms type, which is different from other admin resources. And the replacement happens after the invocation, so I think it's trivial to wrap them into function.
There was a problem hiding this comment.
But we can share the same code for GET and PUT and DELETE right? This is enough to simplify the implementation instead of copying the code three times.
apisix/admin/kms.lua
Outdated
|
|
||
| local res, err = core.etcd.atomic_set(key, node_value, nil, modified_index) | ||
| if not res then | ||
| core.log.error("failed to set new consumer group[", key, "]: ", err) |
apisix/admin/kms.lua
Outdated
| function _M.put(id, conf, sub_path) | ||
| local uri_segs = core.utils.split_uri(sub_path) | ||
| if #uri_segs ~= 1 then | ||
| return 400, "no kms id in uri" |
There was a problem hiding this comment.
Better to keep the style of error message. We should use {error_msg = xxx} like other places
docs/en/latest/admin-api.md
Outdated
| | prefix | True | string | key prefix | ||
| | token | True | string | vault token. | | | ||
| | desc | False | Auxiliary | Description of usage scenarios. | kms xxxx | | ||
| | labels | False | Match Rules | Attributes of the kms specified as key-value pairs. | {"version":"v2","build":"16","env":"production"} | |
There was a problem hiding this comment.
Does kms have these fields?
docs/en/latest/admin-api.md
Outdated
| | uri | True | URI | URI of the vault server. | | | ||
| | prefix | True | string | key prefix | ||
| | token | True | string | vault token. | | | ||
| | desc | False | Auxiliary | Description of usage scenarios. | kms xxxx | |
There was a problem hiding this comment.
The kms_vault doesn't have desc field
* upstream/master: (48 commits) fix(ai): remove BUILD_ROUTER event when ai module is unloaded (apache#8184) chore: add some comment for make_request_to_vault function (apache#8420) docs: update admin api English doc (apache#8227) ci: use fixed os version of ubuntu (apache#8438) feat: Support store secrets in secrets manager for auth plugin via kms components (apache#8421) feat: interact via gRPC in APISIX Admin API (apache#8411) fix: last_err can be nil when the reconnection is successful (apache#8377) feat: support global data encryption of secret information (apache#8403) refactor(env): rename funtion name (apache#8426) feat(admin): add kms admin api (apache#8394) docs: update consumer and upstream docs (apache#8223) ci: add cron job for GM (apache#8398) docs: add kms env doc (apache#8419) feat: Added log format support in syslog plugin. (apache#8279) feat: add vault common components (apache#8412) docs: update global-rule/plugin-config/plugin/ docs (apache#8262) docs: update consumer-group/router/service/script doc (apache#8332) feat: support store secret in env for auth plugin (apache#8390) docs: update Upgrade Guide CN version (apache#8392) docs: add GM plugin EN doc to make website display normally (apache#8393) ...
| end | ||
|
|
||
|
|
||
| function _M.get(id, conf, sub_path) |
There was a problem hiding this comment.
This is to be consistent with the operation functions of other resources, and they will be called uniformly here https://github.com/apache/apisix/blob/master/apisix/admin/init.lua#L201
In fact, we are refactoring this part, you are welcome to participate in the review #8611
| end | ||
|
|
||
| utils.fix_count(res.body, id) | ||
| return res.status, res.body |
There was a problem hiding this comment.
What do you think about return res, nil? This way the second return variable is always of type error and first one will always be response
Description
As part of #8319:
Support adding KMS resources through Admin API.
Checklist