fekitibi opened a new pull request, #12484: URL: https://github.com/apache/apisix/pull/12484
### Description <!-- Please include a summary of the change and which issue is fixed. --> <!-- Please also include relevant motivation and context. --> This implementation addresses the need for secure default admin keys in APISIX deployments. While I've tried to follow APISIX's existing patterns and best practices, I recognize there may be alternative approaches or ongoing work in this area. The solution uses shared memory for cross-worker key management and integrates with APISIX's worker initialization lifecycle. However, I'm uncertain whether the test format and structure in `t/core/admin_key.t` follows APISIX's testing conventions and best practices. The tests use Test::Nginx patterns that I observed in other core module tests, but there may be preferred testing approaches or standards I'm not aware of. If this implementation doesn't align with the project's direction, testing standards, or if there are better solutions in development, I'm happy to close this PR and learn from the feedback. I enjoyed the opportunity to work with APISIX at a deeper level and explore its internal architecture. Any guidance on proper testing practices or implementation approach would be greatly appreciated! ## Changes ### New Features - **Shared Memory Storage**: Stores admin keys in `ngx.shared.admin_keys` for efficient cross-worker access - **Worker Coordination**: Race-condition safe initialization across multiple worker processes ### Files Added - `apisix/core/admin_key.lua` - Core admin key management module - `t/core/admin_key.t` - Comprehensive test suite ### Files Modified - `apisix/core.lua` - Added admin_key module export - `apisix/init.lua` - Added worker initialization call - `apisix/admin/init.lua` - Integrated authentication logic ### Key Functions - `admin_key_required()` - Check if authentication is enabled - `get_admin_keys()` - Retrieve stored admin keys - `init_worker()` - Initialize keys during worker startup #### Which issue(s) this PR fixes: <!-- *Automatically closes linked issue when PR is merged. Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`. --> Fixes #12170 ### Checklist - [x] I have explained the need for this PR and the problem it solves - [x] I have explained the changes or the new features added to this PR - [x] I have added tests corresponding to this change - [ ] I have updated the documentation to reflect this change - [ ] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first) <!-- Note 1. Mark the PR as draft until it's ready to be reviewed. 2. Always add/update tests for any changes unless you have a good reason. 3. Always update the documentation to reflect the changes made in the PR. 4. Make a new commit to resolve conversations instead of `push -f`. 5. To resolve merge conflicts, merge master instead of rebasing. 6. Use "request review" to notify the reviewer after making changes. 7. Only a reviewer can mark a conversation as resolved. --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
