-
Notifications
You must be signed in to change notification settings - Fork 350
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS sigv4 auth filter #2911
Comments
Hey @szuecs
I believe we need to consider that
|
@Anurag252 I am not sure if I want to have the AWS sdk as dependency, rather not. I think it seems to be open enough to build this without AWS SDK, but I am not sure. |
@szuecs makes sense to me. I can try and implement this . What are your thoughts around reading the whole body in filter ( as described in point 2 of considerations) ? |
Sounds like we have to do it. Not sure if it makes sense to have 2 kind of filters, 1 that requires body and the other which does not. Similar to https://opensource.zalando.com/skipper/reference/filters/#opaauthorizerequest and https://opensource.zalando.com/skipper/reference/filters/#opaauthorizerequestwithbody What do you think? |
Okay then I can probably take a param in I could not think of a reason when having two filters would be better, but I maybe missing out some case 🤔 . |
Then I would ignore it and handle it inside the filter.
|
makes sense. I will try to submit a PR 👍 |
Sometimes you want to proxy to an aws service and aws uses sigv4 to do authnz.
It would be great to be able to sign with sigv4 the request with https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/aws/signer/v4#HTTPSigner to be able to call AWS services from the proxy itself.
Maybe leverage a similar kind of roundtripper which depends also on aws sdk https://github.com/prometheus/common/blob/main/sigv4/sigv4.go
The text was updated successfully, but these errors were encountered: