跳转至

08 apig

Let's look at the effect first, and then complete the configuration step by step.

Configurate APIG + CCE workloads

Create the APIG step by step like this:

buyapig

click Gateway Information--> Basic Information --> Routes , Edit and add the container CIDR.

import CCE workload

apig import workload

The backend configuration of APIG must be consistent with that of CCE workload.

apig backend

If we want to access the publish APIG through the public network, this is need bind Inbond Access EIP.

If need CCE workload access the outside, this is need open the outbound access permission.

apig backend

APIG policy

You can select the corresponding plug-in to implement different functions. for example: Rate limit, IP block

apig policies

configurate authenticate

create a function and integrate with APIG

apig policies

the python demo code like this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# -*- coding:utf-8 -*-
import json


def handler(event, context):
    if event["headers"].get("authorization") == 'Basic dXNlcjE6cGFzc3dvcmQ=':
        return {
            'statusCode': 200,
            'body': json.dumps({
                "status": "allow",
                "context": {
                    "user_name": "user1"
                }
            })
        }
    else:
        return {
            'statusCode': 200,
            'body': json.dumps({
                "status": "deny",
                "context": {
                    "code": "1001",
                    "message": "incorrect username or password"
                }
            })
        }

Follow this procedure to create API Policies --> Custom Authorizers

apig custom authorizser

let's debug the apis, if didn use authorize, you will recive this response:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
HTTP/1.1 401 Unauthorized
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: application/json
Date: Mon, 04 Sep 2023 11:57:37 GMT
Server: api-gateway
X-Apig-Latency: 557
X-Request-Id: 822cf60eb35d5280fc83614b31e7b507

{"error_msg":"Incorrect authentication information: frontend authorizer","error_code":"APIG.0305","request_id":"822cf60eb35d5280fc83614b31e7b507"}

Add the authorzation header and requeste again

apig authorization

捐赠本站(Donate)

weixin_pay
如您感觉文章有用,可扫码捐赠本站!(If the article useful, you can scan the QR code to donate))