awsSigV4 signature (Issue: MUR-11346)

exosite · May 21, 2020 · 1843fba · 1843fba
1 parent 6f61dea
commit 1843fba
Show file tree

Hide file tree

Showing 2 changed files with 83 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -619,6 +619,85 @@ createServer({key, cert}, (req, res) => {
 }).listen(8000);
 ```
 
+###### AWS V4 Signature
+
+Murano support native AWS signature header construction, enable easy integration with any AWS services.
+See more info at https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html.
+
+To use it add the signature definition flag: `x-exosite-from: awsSigV4`
+
+To use it the request **MUST** provide `aws_key_id` & `aws_secret` along with the `aws_region` or `Region` as request parameters.
+Those parameters should be defined in the service [Config Parameters](#config-parameters-object) with the flag `x-exosite-restricted: true` for user input.
+
+*Example (can be added as is in your service swagger)*
+
+```
+host: "awsservicename.{aws_region}.amazonaws.com"
+x-exosite-config-parameters:
+  - name:         aws_key_id
+    title:        AWS Key ID
+    description:  Your AWS Access KEY ID
+    type:         string
+    required:     true
+  - name:         aws_secret
+    title:        AWS Secret
+    description:  Your AWS Access KEY Secret
+    type:         string
+    format:       password
+    required:     true
+  - name:         Region
+    title:        AWS Region
+    description:  Your AWS Region
+    type:         string
+    default:      us-west-1
+    enum:
+      - us-east-2
+      - us-east-1
+      - us-west-1
+      - us-west-2
+      - af-south-1
+      - ap-east-1
+      - ap-south-1
+      - ap-northeast-3
+      - ap-northeast-2
+      - ap-southeast-1
+      - ap-southeast-2
+      - ap-northeast-1
+      - ca-central-1
+      - cn-north-1
+      - cn-northwest-1
+      - eu-central-1
+      - eu-west-1
+      - eu-west-2
+      - eu-south-1
+      - eu-west-3
+      - eu-north-1
+      - me-south-1
+      - sa-east-1
+      - us-gov-east-1
+      - us-gov-west-1
+  securityDefinitions:
+    awsSigV4:
+      type: signature
+      x-exosite-from: awsSigV4
+  security:
+  - awsSigV4: []
+  parameters:
+    Region:
+      in: host
+      description: AWS region
+      name: Region
+      required: true
+      type: string
+paths:
+  "/#AwsOp":
+    parameters:
+    - "$ref": "#/parameters/Region"
+    get:
+      operationId: AwsOp
+      ...
+```
+
 ##### ClientCA
 
 Validating request from murano using client certificate.
@@ -763,7 +842,7 @@ x-exosite-token: "myprivatetoken"
 # ...
 ```
 
-Once the service swagger has been published and processed, the token will be removed and will not be accessible from Murano anymore. 
+Once the service swagger has been published and processed, the token will be removed and will not be accessible from Murano anymore.
 So you MUST keep it securely saved. If you forget it you can overload the current token by updating the service swagger definition.
 
 ##### Step 2: call dispatcher

diff --git a/examples/muranoauth.yaml b/examples/muranoauth.yaml
@@ -28,6 +28,9 @@ securityDefinitions:
      # See doc at https://github.com/exosite/open_api_integration/blob/master/README.md#signature
      type: signature
      # name: signature # optional by default goint in signature header
+     # To use AWS V4 signature (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)
+     # add following option
+     # x-exosite-from: awsSigV4
   clientCA:
      # Client CA authentication, using Murano Services CA
      # See doc at https://github.com/exosite/open_api_integration/blob/master/README.md#clientca