Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: aws-auth plugin #11595

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

feat: aws-auth plugin #11595

wants to merge 1 commit into from

Conversation

Lensual
Copy link

@Lensual Lensual commented Sep 20, 2024
edited
Loading

Description

Implementing the AWS Signature v4 authentication plugin.

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

Attributes

For Consumer:

Name Type Requirement Description
access_key string required Unique access_key for a Consumer. This field supports saving the value in Secret Manager using the APISIX Secret resource.
secret_key string required Unique secret_key for a Consumer. This field supports saving the value in Secret Manager using the APISIX Secret resource.

NOTE: encrypt_fields = {"access_key", "secret_key"} is also defined in the schema, which means that the field will be stored encrypted in etcd. See encrypted storage fields.

For Route:

Name Type Requirement Default Description
host string optional Host to validate. Without validate if not provided.
region string optional Region to validate. Without validate if not provided.
service string optional Service to validate. Without validate if not provided.
clock_skew integer optional 60 * 15 Clock skew allowed by the signature in seconds. The default value is 900 seconds (15 minutes). If X-Amz-Date is not in request parameter, an error will occur. Setting it to 0 will skip checking the date (UNSAFE).
max_req_body integer optional 1024 * 512 Max Request Body size. The default value is 512 KiB.
enable_header_method boolean optional true Enable HTTP authorization header method. The default is true.
enable_query_string_method boolean optional true Enable Query string parameters method. The default is true.
max_expires integer optional 60 * 60 * 24 * 7 Sets the maximum value allowed for the X-Amz-Expires parameter. The default value is 604800 seconds (7 days). Setting it to 0 will skip checking exprires limit (UNSAFE).
extra_must_sign_headers array of string optional The Request Headers that must be signed. Case insensitive.
keep_unsigned_headers boolean optional false Whether to keep the Unsigned Request Header. The default is false.

@Lensual
Copy link
Author

Lensual commented Sep 20, 2024

My first lua PR. Please tell me what else needs to be done. And How to. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Lensual