Open alexymantha opened 4 months ago
Could you do the validation before the messages are pushed to the SQS queue? I'm wondering if it's better to trust all messages that are on the queue are valid rather than having a queue with mixed trust and possibly unknown formats?
Let us know if this is an option? :pray:
Yes that's an option as well, that's what I turned to currently but I feel like from a security standpoint, it makes sense to have E2E validation meaning that the consumer should be the one validating to make sure that it hasn't been tampered with during the transport.
While the risks and impacts are probably pretty low, anything with access to the queue can send messages.
I think having the option to do the validation in either depending on the use-case has value
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This is still relevant. If there are not objections, I am willing to implement this is the next few weeks.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
🔖 Feature description
Add a request validator to the
events-backend-module-aws-sqs
, similar to theHttpPostIngressEventPublisher
🎤 Context
When using the
events-backend-module-aws-sqs
, there does not seem to be an easy way to add validations to the messages that come in. I am using an SQS to ingest GitHub webhook events, and I would like to be able to add a signature validation using the webhook secret, similar to what is done for the HTTP publisher here: https://github.com/backstage/backstage/blob/master/plugins/events-backend-module-github/README.md#signature-validator✌️ Possible Implementation
When initializing the
AwsSqsConsumingEventPublisher
, we could add an optional field containing the validator to call for specific topics.Then, just before the event is published to the events services, we could run the validator and void the event if it fails the validation.
👀 Have you spent some time to check if this feature request has been raised before?
🏢 Have you read the Code of Conduct?
Are you willing to submit PR?
Yes I am willing to submit a PR!