attach-consumer-label
除了 X-Consumer-Username 和 X-Credential-Identifier 之外,attach-consumer-label 插件还将自定义消费者相关标签附加到经过身份验证的请求中,以便上游服务区分消费者并实施额外的逻辑。
示例
附加消费者标签
以下示例演示了如何在经过身份验证的请求转发到上游服务之前,将自定义标签附加到请求头。如果请求被拒绝,你不应看到任何消费者标签附加到请求头。如果在消费者上未配置某个标签值但在 attach-consumer-label 插件中引用了该标签值,则相应的请求头也将不会被附加。
创建一个带有自定义标签的消费者 john:
curl "http://127.0.0.1:9180/apisix/admin/consumers" -X PUT \
-H "X-API-KEY: ${ADMIN_API_KEY}" \
-d '{
"username": "john",
"labels": {
"department": "devops",
"company": "api7"
}
}'
❶ 为消费者标记 department 信息。
❷ 为消费者标记 company 信息。
为消费者 john 配置 key-auth 凭证:
curl "http://127.0.0.1:9180/apisix/admin/consumers/john/credentials" -X PUT \
-H "X-API-KEY: ${ADMIN_API_KEY}" \
-d '{
"id": "cred-john-key-auth",
"plugins": {
"key-auth": {
"key": "john-key"
}
}
}'
创建一个启用 key-auth 和 attach-consumer-label 插件的路由:
curl "http://127.0.0.1:9180/apisix/admin/routes" -X PUT \
-H "X-API-KEY: ${ADMIN_API_KEY}" \
-d '{
"id": "attach-consumer-label-route",
"uri": "/get",
"plugins": {
"key-auth": {},
"attach-consumer-label": {
"headers": {
"X-Consumer-Department": "$department",
"X-Consumer-Company": "$company",
"X-Consumer-Role": "$role"
}
}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"httpbin.org:80": 1
}
}
}'
❶ 将 department 消费者标签值附加到 X-Consumer-Department 请求头中。
❷ 将 company 消费者标签值附加到 X-Consumer-Company 请求头中。
❸ 将 role 消费者标签值附加到 X-Consumer-Role 请求头中。由于在消费者上未配置 role 标签,因此预期该请求头不会出现在转发给上游服务的请求中。
提示
消费者标签引用必须以美元符号($)作为前缀。
要进行验证,请使用有效凭证向路由发送请求:
curl -i "http://127.0.0.1:9080/get" -H 'apikey: john-key'
你应该看到类似于以下的 HTTP/1.1 200 OK 响应:
{
"args": {},
"headers": {
"Accept": "*/*",
"Apikey": "john-key",
"Host": "127.0.0.1",
"X-Consumer-Username": "john",
"X-Credential-Identifier": "cred-john-key-auth",
"X-Consumer-Company": "api7",
"X-Consumer-Department": "devops",
"User-Agent": "curl/8.6.0",
"X-Amzn-Trace-Id": "Root=1-66e5107c-5bb3e24f2de5baf733aec1cc",
"X-Forwarded-Host": "127.0.0.1"
},
"origin": "192.168.65.1, 205.198.122.37",
"url": "http://127.0.0.1/get"
}