bug: failed to retrtive data from aws secret manager when the secret name contains a slash `/`

[kayx23]

Current Behavior

When configuring secrets in AWS, the suggestive text for secret name uses slashes, so that it could be quite common that users have slashes in their secret names.

Suppose the secret name is john/secret in AWS and the key of the credential is john-key-auth. In apisix, the secret is referenced by key-auth as such:

curl "http://127.0.0.1:9180/apisix/admin/consumers/john/credentials" -X PUT \
  -d '{
    "id": "cred-key-auth",
    "plugins": {
      "key-auth": {
        "key": "$secret://aws/1/john/secret/john-key-auth"
      }
    }
  }'

Suppose the key-auth is enabled on a route. When requesting this route, you would receive 401 from APISIX and see the below error in the error log:

failed to fetch secret value: failed to retrtive data from aws secret manager: invalid status code 400, {"Message":"Secrets Manager can't find the specified 
...
run_plugin(): key-auth exits with http status code 401, client: [192.168.65.1](http://192.168.65.1/), server: _, request: "GET /anything HTTP/1.1", host: "[127.0.0.1:9080](http://127.0.0.1:9080/)"

This is likely due to the slash in the secret name. There might be a parsing case to catch. From testing, it seems that a slash in the secret name leads to errors, but a slash in the key of the credential key-value pair does not.

Expected Behavior

APISIX to accommodate the situation where secret names contain slashes.

Environment

• APISIX version (run apisix version): 3.11.0

[kayx23]

just fyi @HuanXin-Chen

[HuanXin-Chen]

just fyi @HuanXin-Chen

Ok, I know what the problem is, it may take a little time to do a fix.