apache
feat: aws-auth plugin
Description
Implementing the AWS Signature v4 authentication plugin.
Checklist
- [x] I have explained the need for this PR and the problem it solves
- [x] I have explained the changes or the new features added to this PR
- [x] I have added tests corresponding to this change
- [ ] I have updated the documentation to reflect this change
- [x] I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)
Attributes
For Consumer:
| Name | Type | Requirement | Description |
|---|---|---|---|
| access_key | string | required | Unique access_key for a Consumer. This field supports saving the value in Secret Manager using the APISIX Secret resource. |
| secret_key | string | required | Unique secret_key for a Consumer. This field supports saving the value in Secret Manager using the APISIX Secret resource. |
NOTE: encrypt_fields = {"access_key", "secret_key"} is also defined in the schema, which means that the field will be stored encrypted in etcd. See encrypted storage fields.
For Route:
| Name | Type | Requirement | Default | Description |
|---|---|---|---|---|
| host | string | optional | Host to validate. Without validate if not provided. | |
| region | string | optional | Region to validate. Without validate if not provided. | |
| service | string | optional | Service to validate. Without validate if not provided. | |
| clock_skew | integer | optional | 60 * 15 | Clock skew allowed by the signature in seconds. The default value is 900 seconds (15 minutes). If X-Amz-Date is not in request parameter, an error will occur. Setting it to 0 will skip checking the date (UNSAFE). |
| max_req_body | integer | optional | 1024 * 512 | Max Request Body size. The default value is 512 KiB. |
| enable_header_method | boolean | optional | true | Enable HTTP authorization header method. The default is true. |
| enable_query_string_method | boolean | optional | true | Enable Query string parameters method. The default is true. |
| max_expires | integer | optional | 60 * 60 * 24 * 7 | Sets the maximum value allowed for the X-Amz-Expires parameter. The default value is 604800 seconds (7 days). Setting it to 0 will skip checking exprires limit (UNSAFE). |
| extra_must_sign_headers | array of string | optional | The Request Headers that must be signed. Case insensitive. | |
| keep_unsigned_headers | boolean | optional | false | Whether to keep the Unsigned Request Header. The default is false. |
My first lua PR. Please tell me what else needs to be done. And How to. Thanks.
My first lua PR. Please tell me what else needs to be done. And How to. Thanks.
@Lensual nice work, I will ask more committers to review.
This pull request has been marked as stale due to 60 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If you think that's incorrect or this pull request should instead be reviewed, please simply write any comment. Even if closed, you can still revive the PR at any time or discuss it on the [email protected] list. Thank you for your contributions.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This pull request/issue has been closed due to lack of activity. If you think that is incorrect, or the pull request requires review, you can revive the PR at any time.