Open deiwin opened 3 months ago
welcome to raise a PR to fix this!
Thanks! @shreemaan-abhishek, do you know if a PR would be accepted if it also introduced the usage of the nginxinc/nginx-aws-signature library?
I'm asking because for me to be able to actually use the aws-lambda
plugin I'd need it to support IAM roles for service accounts, which it currently doesn't.
Okay, maybe that wasn't a great library to suggest, as it's in JS and whatnot. But would the addition of https://github.com/Kong/lua-resty-aws be acceptable?
This could be used for getting the credentials (defaulting to env variables, EKS pod identity, EC2 identity, etc) and the existing code could be kept for the signing logic.
I'd need it to support IAM roles for service accounts, which it currently doesn't.
If this is a separate feature, please create an issue describing this feature request, then we can move forward with whether or not we should have it. After that we can return to this issue. WDYT?
Thanks @shreemaan-abhishek, created https://github.com/apache/apisix/issues/11137
Current Behavior
When using the the
aws-lambda
plugin with IAM auth, then any request that includes URL-encoded query parameters will fail with the following error returned from AWS:I believe this happens because:
get_uri_args
unescapes query parametersaws-lambda
plugin usesget_uri_args
, which unescapes the parameters but then also unescapes them itself, causing the args to be unescaped twice.Expected Behavior
No response
Error Logs
No response
Steps to Reproduce
Create a route including the
aws-lambda
plugin:Then send a request to the route, including a query parameter such as
?param=with%20spaces
, for example.Environment
apisix version
): 3.7.0 (but the issue is also on master)uname -a
): Debian (fromapache/apisix:3.7.0-debian
Docker image)