Add SigV4 support #78
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Changes:
- Connector:
- `enable_sigv4_auth` environment variable has been added. If this environment variable is true, basic auth headers will be ignored and the connector will attempt to use local credentials.
- SAM template:
- `EnableSigV4Auth` parameter has been added, which sets authentication to `AWS_IAM` for the routes (`/write` and `/read`) and passes in the `enable_sigv4_auth` environment variable to the connector Lambda function with the value `true`.
- Events have been removed from the Lambda function and replaced with routes to configure SigV4 authentication.
- The `APIGateway` resource has been changed to an `AWS::ApiGatewayV2::Api` with protocol set to `HTTP`. This was done because using API Gateway resources (such as `AWS::ApiGatewayV2::Route` resources) on an `AWS::Serverless::HttpApi` resource has undefined behaviour.
- Documentation:
- `Launch (SigV4)` links have been added to the DEVELOPER_README, which set the `EnableSigV4Auth` parameter to `true`.
- [x] Integration tests passed (`go test -v ./integration/`).
- [x] Unit tests passed (`go test -tags=unit -cover -v ./timestream ./`).
- [x] TLS tests passed (`go test -v ./integration/tls`).
- [x] Correctness tests passed (`go test -v ./correctness`).
- [x] Stack deployment tested with SigV4 enabled using the OpenTelemetry collector.
- [x] Stack deployment tested with SigV4 disabled using Prometheus for reading and writing.
forestmvey
approved these changes
Nov 20, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
N/A.
Description of changes:
Connector:
enable_sigv4_authenvironment variable has been added. If this environment variable is true, basic auth headers will be ignored and the connector will attempt to use local credentials.SAM template:
EnableSigV4Authparameter has been added, which sets authentication toAWS_IAMfor the routes (/writeand/read) and passes in theenable_sigv4_authenvironment variable to the connector Lambda function with the valuetrue.APIGatewayresource has been changed to anAWS::ApiGatewayV2::Apiwith protocol set toHTTP. This was done because using API Gateway resources (such asAWS::ApiGatewayV2::Routeresources) on anAWS::Serverless::HttpApiresource has undefined behaviour.Documentation:
Launch (SigV4)links have been added to the DEVELOPER_README, which set theEnableSigV4Authparameter totrue.Integration tests passed (
go test -v ./integration/).Unit tests passed (
go test -tags=unit -cover -v ./timestream ./).TLS tests passed (
go test -v ./integration/tls).Correctness tests passed (
go test -v ./correctness).Stack deployment tested with SigV4 enabled using the OpenTelemetry collector.
Stack deployment tested with SigV4 disabled using Prometheus for reading and writing.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.