microservices - 为什么我的 kong 网关 api 不授权 Web 服务访问微服务?
问题描述
我在 Docker 容器中设置了一个 kong 实例,我在其中配置了具有多个路由的 4 个服务,应用了 key-auth 和 jwt 插件。如果我发出一个请求,传递与消费者关联的密钥以访问微服务,我会收到来自 Postman 的 200 个响应和一个用 Python 编写的测试脚本,但来自 Web 服务器(真正的消费者)它告诉我我没有被授权( 401)。如果消费者是 Web 服务器,GATEWAY API 是否有任何特殊配置?
GATEWAY API 的配置由 Python 脚本自动完成。
import requests
import json
def elements_register(setting_data):
for service in setting_data['services']:
service_id = service.copy()
del service_id['plugins']
requests.post('http://kong:8001/services', data = service_id)
url_route = 'http://kong:8001/services/' + service.get('name').strip() + '/routes'
if service.get('name') == 'example1-server':
routes_data = {'hosts': 'myservice:55000/api' ,
'paths': ['/' + service.get('name').strip(),
'/' + service.get('name').strip() + '/auth/singin',
'/' + service.get('name').strip() + '/auth/singup']}
elif service.get('name') == 'example2-server':
routes_data = {'hosts': 'https://myservice:44000/api' ,
'paths': ['/' + service.get('name').strip(),
'/' + service.get('name').strip() + '/room']}
elif service.get('name') == 'example3-server':
routes_data = {'hosts': 'https://myservice:3005/api' ,
'paths': ['/' + service.get('name').strip()]}
elif service.get('name') == 'example4-server':
routes_data = {'hosts': 'https://myservice:8888/api' ,
'paths': ['/' + service.get('name').strip(),
'/' + service.get('name').strip() + '/files/',
'/' + service.get('name').strip() + '/file/']}
requests.post(url_route, data = routes_data)
url_plugins_services = 'http://kong:8001/services/' + service.get('name').strip() + '/plugins'
json_route = requests.get(url_route)
json_route = json_route.json()
json_route = json_route['data'][0]
id_route = json_route['id']
url_plugins_routes = 'http://kong:8001/routes/' + id_route + '/plugins'
if service.get('plugins') == 'key-auth':
plugins_json = {'name':'key-auth', 'config.key_names':"apikey", 'config.key_in_body':'true'}
elif service.get('plugins') == 'jwt':
plugins_json = {'name':'jwt'}
requests.post(url_plugins_services, data = plugins_json)
requests.post(url_plugins_routes, data = plugins_json)
headers = {'Content-Type': 'application/x-www-form-urlencoded',}
secret_server_auth = {'secret': 'mysecret',}
for consumer in setting_data['consumers']:
requests.post('http://kong:8001/consumers', data = consumer)
url_consumer_key_auth = 'http://kong:8001/consumers/' + consumer.get('username').strip() + '/key-auth'
url_consumer_jwt = 'http://kong:8001/consumers/' + consumer.get('username').strip() + '/jwt'
requests.post(url_consumer_key_auth)
requests.post(url_consumer_jwt, headers= headers, data = secret_server_auth)
def main():
with open('settings.json') as json_file:
setting_data = json.load(json_file)
consumers = requests.get('http://kong:8001/consumers').json()['data']
deleted_consumers = []
for consumer in consumers:
consumer_name = consumer['username']
registered_consumers_names = map(lambda x: x['username'], setting_data['consumers'])
list_registered_consumers_names = list(registered_consumers_names).copy()
if consumer_name in list_registered_consumers_names and not (consumer_name in deleted_consumers):
idx = list_registered_consumers_names.index(consumer_name)
deleted_consumers.append(setting_data['consumers'].pop(idx))
elements_register(setting_data)
if __name__ == '__main__':
main()
有关服务和消费者的信息以 json 格式传递。
{
"services": [
{
"name": "example1-server",
"url": "http://myservice:55000/api",
"plugins" : "key-auth"
},
{
"name": "example2-server",
"url": "https://myservice:8888/api",
"plugins": "jwt"
},
{
"name": "example3-server",
"url": "https://myservice.io:44000/api",
"plugins": "jwt"
},
{
"name": "example4-server",
"url": "https://myservice:3005/api",
"plugins": "jwt"
}
],
"consumers": [
{
"username": "front1"
},
{ "username": "front2"
}
]
}
解决方案
推荐阅读
- r - 带有线型的 R ggplot2 图例
- r - 如何在 R 中使用 gsub 对字符串搜索使用两个条件?
- android - 如果从链接启动,Xamarin Forms WithParentActivityOrWindow 不起作用
- javascript - react redux 应用程序中的空闲超时
- sql - 如何将特定列作为行
- javascript - 有没有一种优雅的方法来检查至少一个元素是否具有某个类?
- google-apps-script - 如何将 Logger.log 内容发布到电子表格单元格中?
- javascript - CSS - 为什么我的 JS 脚本占满高度?
- javascript - 使用 React 钩子实现 shouldComponentUpdate - 仅渲染一次子节点,但在 props 更改时进行 DOM 更改
- prism - 使用 Prism IEventAggregator 跨平台