backstage / backstage

Backstage is an open framework for building developer portals
https://backstage.io/
Apache License 2.0
28.49k stars 6.04k forks source link

🚀 Feature: add support for request validation in AwsSqsConsumingEventPublisher #25654

Open alexymantha opened 4 months ago

alexymantha commented 4 months ago

🔖 Feature description

Add a request validator to the events-backend-module-aws-sqs, similar to the HttpPostIngressEventPublisher

🎤 Context

When using the events-backend-module-aws-sqs, there does not seem to be an easy way to add validations to the messages that come in. I am using an SQS to ingest GitHub webhook events, and I would like to be able to add a signature validation using the webhook secret, similar to what is done for the HTTP publisher here: https://github.com/backstage/backstage/blob/master/plugins/events-backend-module-github/README.md#signature-validator

✌️ Possible Implementation

When initializing the AwsSqsConsumingEventPublisher, we could add an optional field containing the validator to call for specific topics.

Then, just before the event is published to the events services, we could run the validator and void the event if it fails the validation.

(payload, metadata) => bool

👀 Have you spent some time to check if this feature request has been raised before?

🏢 Have you read the Code of Conduct?

Are you willing to submit PR?

Yes I am willing to submit a PR!

benjdlambert commented 4 months ago

Could you do the validation before the messages are pushed to the SQS queue? I'm wondering if it's better to trust all messages that are on the queue are valid rather than having a queue with mixed trust and possibly unknown formats?

Let us know if this is an option? :pray:

alexymantha commented 4 months ago

Yes that's an option as well, that's what I turned to currently but I feel like from a security standpoint, it makes sense to have E2E validation meaning that the consumer should be the one validating to make sure that it hasn't been tampered with during the transport.

While the risks and impacts are probably pretty low, anything with access to the queue can send messages.

I think having the option to do the validation in either depending on the use-case has value

github-actions[bot] commented 2 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

alexymantha commented 2 months ago

This is still relevant. If there are not objections, I am willing to implement this is the next few weeks.

github-actions[bot] commented 1 day ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.