Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(cmd) implement kong config db_export command #4809

Merged
merged 1 commit into from Jul 18, 2019
Merged

feat(cmd) implement kong config db_export command #4809

merged 1 commit into from Jul 18, 2019

Conversation

kikito
Copy link
Member

@kikito kikito commented Jul 18, 2019

No description provided.

@kikito kikito added this to the 1.3.0 milestone Jul 18, 2019
@hishamhm hishamhm merged commit 5d815e2 into next Jul 18, 2019
@hishamhm hishamhm deleted the feat/db-export branch July 18, 2019 19:56
@hbagdi
Copy link
Member

hbagdi commented Jul 18, 2019

basic-auth credentials are hashed in the database. Should we skip exporting them?

@kikito
Copy link
Member Author

kikito commented Jul 22, 2019

@hbagdi Unsure about this. If I'm understanding the crypto algorithm correctly, it uses the consumer id as salt, and such ids are also exported. So exported and reimported credentials should work, if they accompany their Consumers.

If your concern is not whether we could but whether we should ... well that's where I don't know.

I guess we could add a filter option to the export command line (something like kong config db_export except=basic_auth_credentials,snis). But for 1.3.0 we're definitively going with the "getting the basic functionality out and running". It is expected that we'll iterate over this a bit in future versions, or at least that's my understanding.

@hbagdi
Copy link
Member

hbagdi commented Jul 22, 2019

@hbagdi Unsure about this. If I'm understanding the crypto algorithm correctly, it uses the consumer id as salt, and such ids are also exported. So exported and reimported credentials should work, if they accompany their Consumers.

We will be exporting a hashed password and ID of the consumer.
Importing it again will probably lead to another round of hash with the salt (as we don't have a way of knowing if a password is already hashed or not) and the password won't work on the proxy path.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hishamhm hishamhm hishamhm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.3.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kikito @hbagdi @hishamhm