Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: aws-auth plugin #11595

Draft
wants to merge 8 commits into
base: master
Choose a base branch
from
Draft

feat: aws-auth plugin #11595

wants to merge 8 commits into from

Conversation

Lensual
Copy link

@Lensual Lensual commented Sep 20, 2024

Description

Implementing the AWS Signature v4 authentication plugin.

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

Attributes

For Consumer:

Name Type Requirement Description
access_key string required Unique access_key for a Consumer. This field supports saving the value in Secret Manager using the APISIX Secret resource.
secret_key string required Unique secret_key for a Consumer. This field supports saving the value in Secret Manager using the APISIX Secret resource.

NOTE: encrypt_fields = {"access_key", "secret_key"} is also defined in the schema, which means that the field will be stored encrypted in etcd. See encrypted storage fields.

For Route:

Name Type Requirement Default Description
host string optional Host to validate. Without validate if not provided.
region string optional Region to validate. Without validate if not provided.
service string optional Service to validate. Without validate if not provided.
clock_skew integer optional 60 * 15 Clock skew allowed by the signature in seconds. The default value is 900 seconds (15 minutes). If X-Amz-Date is not in request parameter, an error will occur. Setting it to 0 will skip checking the date (UNSAFE).
max_req_body integer optional 1024 * 512 Max Request Body size. The default value is 512 KiB.
enable_header_method boolean optional true Enable HTTP authorization header method. The default is true.
enable_query_string_method boolean optional true Enable Query string parameters method. The default is true.
max_expires integer optional 60 * 60 * 24 * 7 Sets the maximum value allowed for the X-Amz-Expires parameter. The default value is 604800 seconds (7 days). Setting it to 0 will skip checking exprires limit (UNSAFE).
extra_must_sign_headers array of string optional The Request Headers that must be signed. Case insensitive.
keep_unsigned_headers boolean optional false Whether to keep the Unsigned Request Header. The default is false.

@Lensual
Copy link
Author

Lensual commented Sep 20, 2024

My first lua PR. Please tell me what else needs to be done. And How to. Thanks.

@moonming
Copy link
Member

My first lua PR. Please tell me what else needs to be done. And How to. Thanks.

@Lensual nice work, I will ask more committers to review.

Copy link
Contributor

@shreemaan-abhishek shreemaan-abhishek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what are the practical use cases for this PR? I see some test cases are failing, please fix them. Also, please include docs that shows how to use this plugin. Once you have done this please mark this PR "ready for review"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants