区块链扩展技术>> kong-plugin-upstream-basic-auth>> 返回
项目作者: mvanholsteijn

项目描述 :
A Kong API Gateway plugin for inserting a basic authentication header per consumer to the upstream service
高级语言: Lua
项目地址: git://github.com/mvanholsteijn/kong-plugin-upstream-basic-auth.git
创建时间: 2017-10-30T15:30:14Z
项目社区:https://github.com/mvanholsteijn/kong-plugin-upstream-basic-auth
开源协议:Apache License 2.0
下载


Kong plugin upstream-basic-auth

This repository contains a Kong plugin to insert a different basic authentication header per consumer
to the upstream service. This plugin requires that a consumer is identified with the request.

Configuration

Configuring the plugin is straightforward, you can add it on top of an API by executing the following request on your Kong server:

  1. curl -X POST http://kong:8001/routes/{route}/plugins \
  2.     --data "name=upstream-basic-auth"

There are no configuration parameters for this plugin.

Example

To use this plugin, create an API with some form of authentication:

  1. curl -i -X POST \
  2.     --url http://kong:8001/services/ \
  3.     --data 'name=headers-service' \
  4.     --data 'url=http://mockbin.org'
  6. curl -i -X POST \
  7.     --url http://kong:8001/services/headers-service/routes \
  8.     --data 'name=headers-route' \
  9.     --data 'paths[]=/headers' \
  10.     --data 'strip_path=false'
  12. curl -X POST http://kong:8001/services/headers-service/plugins \
  13.     --data name=basic-auth \
  14.     --data config.hide_credentials=true

And a consumer:

  1. curl http://kong:8001/consumers/ \
  2.     --data username=aladdin
  4. curl -X POST http://kong:8001/consumers/aladdin/basic-auth \
  5.     --data username=aladdin \
  6.     --data password=open-sesame

Now we can call the service:

  1. curl --user aladdin:open-sesame http://kong:8000/headers

Now we can add the upstream basic authentication plugin:

  1. curl -X POST http://kong:8001/routes/headers-route/plugins \
  2.     --data name=upstream-basic-auth

and add the credential to the consumer aladdin that we would like to pass to the upstream service:

  1. curl -X POST http://kong:8001/consumers/aladdin/upstream-basic-auth \
  2.     --data username=genie \
  3.     --data password=of-the-lamp

Now you can call the service:

  1. curl --user aladdin:open-sesame http://kong:8000/headers

Installation

To install the plugin, type:

  1. luarocks install kong-plugin-upstream-basic-auth

And add the custom plugin to the kong.conf file (e.g. /etc/kong/kong.conf)

  1. plugins = bundled,upstream-basic-auth

Create the required database tables, by running:

  1. kong stop
  2. kong migrations up
  3. kong start

Compatibility matrix

The following matrix lists compatible versions of Kong and upstream-basic-auth plugin:

upstream-basic-auth 0.1.x 0.2.x
Kong 0.14.x :white_check_mark: :x:
Kong 1.0.x :x: :white_check_mark:

Release history

0.2.1

  • Fixed performance regression introduced in v0.2.0

0.2.0

  • Added compatibility with Kong 1.0.x
  • Added tests against Cassandra backend
  • Dropped compatibility with Kong 0.x
  • Dropped support for username as an alternative to entity id in /consumers/:consumers/upstream-basic-auth/:upstreambasicauth_credentials APIs
    • Those operation were error-prone since username is not unique
  • Performance regression in the Load upstream-basic-auth Credentials by Consumer ID operation
    caused by limitations of the new Kong DAO framework
    • Caching is still in place, however occasional DB Query is no longer an index lookup but rather a sequential scan
    • This is a temporary situation until Kong DAO framework is improved
    • There is also an option to bring performance back
      by introducing a synthetic cache_key field similarly to plugins entity
  • Updated Example section to use Service and Routes objects instead of APIs

0.1.0

  • Initial release
  • Compatible with Kong 0.14.x