Help Center/ ServiceStage/ User Guide/ Microservice Engine/ Managing Microservice Engines/ Managing Security Authentication for a Microservice Engine
Updated on 2024-09-27 GMT+08:00

Managing Security Authentication for a Microservice Engine

A microservice engine may be used by multiple users. Different users must have different microservice engine access and operation permissions based on their responsibilities and permissions. If security authentication is enabled for an exclusive microservice engine, grant different access and operation permissions to users based on the roles associated with the accounts used by the users to access the microservice engine.

For details about security authentication, see System Management.

Currently, Java chassis and Spring Cloud support security authentication for microservices. The Java chassis version must be 2.3.5 or later, and Spring Cloud must integrate Spring Cloud Huawei 1.6.1 or later.

You can enable or disable security authentication for the exclusive microservice engine based on service requirements.

  • Enabling Security Authentication

    If a microservice engine is available with security authentication disabled, you can enable security authentication based on service requirements.

    After security authentication is enabled and programming interface authentication is also enabled, if security authentication parameters are not configured for the microservice components connected to the engine, or the security authentication account and password configured for the microservice components are incorrect, the heartbeat of the microservice components fails and the service is forced to go offline. Perform the following steps:

  • Disabling Security Authentication

    If a microservice engine is available with security authentication enabled, you can disable security authentication based on service requirements.

    After security authentication is disabled for a microservice component, service functions of the microservice component are not affected no matter whether security authentication parameters are configured for the microservice component.

Enabling Security Authentication

  1. Log in to ServiceStage and choose Cloud Service Engine > Engines.
  2. Select the target microservice engine from the Microservice Engine drop-down list in the upper part of the page.
  3. In the Network Configuration and Security area, click Set Authentication.

    • If the engine version is earlier than 1.2.0, go to 4.
    • If the engine version is 1.2.0 or later, go to 5.

  4. Upgrade the engine to 1.2.0 or later.

    1. Click Upgrade.
    2. Select Target Version and view the version description. Determine whether to upgrade the software to this version. Then, click OK.
    3. Select the upgraded microservice engine. In the Network Configuration and Security area, click Set Authentication.

  5. On the System Management page, enable security authentication.

    • To enable security authentication for the first time, click Enable security authentication.

      You need to create user root first. Enter and confirm the password of user root. Then, click Create Now.

    • Enable security authentication again and enter the name and password of the account associated with the admin role in the engine.

  6. (Optional) Create a role based on service requirements. For details, see Roles.
  7. (Optional) Create an account based on service requirements. For details, see Accounts.
  8. On the System Management page, click Enable security authentication and configure the security settings.

    • If you enable Authenticate Console, go to 10.

      After Authenticate Console is enabled, you need to use an account and password to log in to the CSE console. The login user can only view and configure services on which the user has permission.

    • If you enable Authenticate Programming Interface, go to 9.

      After Authenticate Programming Interface is enabled, Authenticate Console is automatically enabled.

      After it is enabled, you need to add the corresponding account and password to the microservice configuration file. Otherwise, the service cannot be registered with the engine.

      After it is disabled, you can register the service with the engine without configuring the account and password in the microservice configuration file, which improves the efficiency. You are advised to disable this function when accessing the service in a VPC.

  9. Configure the SDK. For microservice components that have been deployed but not configured with security authentication parameters, configure the account name and password for security authentication and then upgrade the component. For details, see Configuring the Security Authentication Account and Password for a Microservice.
  10. Click OK.

    After the microservice engine is updated and the engine status changes from Configuring to Available, security authentication is enabled successfully.

Disabling Security Authentication

  1. Log in to ServiceStage and choose Cloud Service Engine > Engines.
  2. Select the target microservice engine from the Microservice Engine drop-down list in the upper part of the page.
  3. In the Network Configuration and Security area, click Set Authentication.
  4. On the System Management page, click Set Authentication.
  5. On the Security Settings page, disable Authenticate Console.
  6. Click OK. After the microservice engine is updated and the engine status changes from Configuring to Available, security authentication is disabled successfully.

    After security authentication is disabled, accounts created on the engine will not be deleted.