时间戳

首页 > 解决方案 > Google Cloud Endpoints 不限制对我的 API 的访问

kubernetes - Google Cloud Endpoints 不限制对我的 API 的访问

问题描述

我在这里使用 Google Kubernetes 引擎教程遵循了谷歌云端点:https ://cloud.google.com/endpoints/docs/openapi/get-started-kubernetes-engine 使用我自己的 docker 映像。Kubernetes 部分工作正常,我可以通过负载均衡器 IP 访问我的服务。

但是,当我尝试将我的服务放在云端点之后以保护它时,端点仍然是公开的,并且可以在没有 API 密钥的情况下访问。这是我的openapi.yaml,部署gcloud endpoints services deploy openapi.yaml

swagger: "2.0"
info:
  description: "A test."
  title: "API test"
  version: "1.0.0"
host: "<test-api.endpoints.MY-PROJECT-ID.cloud.goog>"
x-google-endpoints:
- name: "<test-api.endpoints.MY-PROJECT-ID.cloud.goog>"
  target: "<MY LOADBALANCER IP>"
#require an API key to access project
security:
  - api_key: []
paths:
  /:
    get:
      summary: Return django REST default page
      description: test
      operationId: test
      responses:
        "200":
          description: OK
securityDefinitions:
  # This section configures basic authentication with an API key.
  api_key:
    type: "apiKey"
    name: "key"
    in: "query"

当我尝试通过值访问我的服务时host(因为它仍处于打开状态而被隐藏),它仍然处于打开状态并且不需要 API 密钥。云端点日志中也没有显示任何内容。据我了解,openapi.yaml单独的配置应该足以限制访问?

标签: kubernetesgoogle-cloud-endpoints

解决方案

在此页面(https://swagger.io/docs/specification/2-0/authentication/api-keys/)之后,您的安全性放错了位置。它应该看起来像这样:

swagger: "2.0"
info:
  description: "A test."
  title: "API test"
  version: "1.0.0"
host: "<test-api.endpoints.MY-PROJECT-ID.cloud.goog>"
x-google-endpoints:
- name: "<test-api.endpoints.MY-PROJECT-ID.cloud.goog>"
  target: "<MY LOADBALANCER IP>"
#require an API key to access project
paths:
  /:
    get:
      security:
        - api_key: []
      summary: Return django REST default page
      description: test
      operationId: test
      responses:
        "200":
          description: OK
securityDefinitions:
  # This section configures basic authentication with an API key.
  api_key:
    type: "apiKey"
    name: "key"
    in: "query"

编辑:

如果您希望在标头中使用 api-key,则必须更改定义,但您可以将安全性保留在您声明的位置:

swagger: "2.0"
info:
  description: "A test."
  title: "API test"
  version: "1.0.0"
host: "<test-api.endpoints.MY-PROJECT-ID.cloud.goog>"
x-google-endpoints:
- name: "<test-api.endpoints.MY-PROJECT-ID.cloud.goog>"
  target: "<MY LOADBALANCER IP>"
#require an API key to access project
security:
  - api_key: []
paths:
  /:
    get:
      summary: Return django REST default page
      description: test
      operationId: test
      responses:
        "200":
          description: OK
securityDefinitions:
  # This section configures basic authentication with an API key.
  api_key:
    type: "apiKey"
    name: "key"
    in: "header"

我不明白你喜欢哪个版本,所以我都调整了。

推荐阅读