diff --git a/README.md b/README.md index f904ef9..3497184 100644 --- a/README.md +++ b/README.md @@ -619,6 +619,85 @@ createServer({key, cert}, (req, res) => { }).listen(8000); ``` +###### AWS V4 Signature + +Murano support native AWS signature header construction, enable easy integration with any AWS services. +See more info at https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html. + +To use it add the signature definition flag: `x-exosite-from: awsSigV4` + +To use it the request **MUST** provide `aws_key_id` & `aws_secret` along with the `aws_region` or `Region` as request parameters. +Those parameters should be defined in the service [Config Parameters](#config-parameters-object) with the flag `x-exosite-restricted: true` for user input. + +*Example (can be added as is in your service swagger)* + +``` +host: "awsservicename.{aws_region}.amazonaws.com" +x-exosite-config-parameters: + - name: aws_key_id + title: AWS Key ID + description: Your AWS Access KEY ID + type: string + required: true + - name: aws_secret + title: AWS Secret + description: Your AWS Access KEY Secret + type: string + format: password + required: true + - name: Region + title: AWS Region + description: Your AWS Region + type: string + default: us-west-1 + enum: + - us-east-2 + - us-east-1 + - us-west-1 + - us-west-2 + - af-south-1 + - ap-east-1 + - ap-south-1 + - ap-northeast-3 + - ap-northeast-2 + - ap-southeast-1 + - ap-southeast-2 + - ap-northeast-1 + - ca-central-1 + - cn-north-1 + - cn-northwest-1 + - eu-central-1 + - eu-west-1 + - eu-west-2 + - eu-south-1 + - eu-west-3 + - eu-north-1 + - me-south-1 + - sa-east-1 + - us-gov-east-1 + - us-gov-west-1 + securityDefinitions: + awsSigV4: + type: signature + x-exosite-from: awsSigV4 + security: + - awsSigV4: [] + parameters: + Region: + in: host + description: AWS region + name: Region + required: true + type: string +paths: + "/#AwsOp": + parameters: + - "$ref": "#/parameters/Region" + get: + operationId: AwsOp + ... +``` + ##### ClientCA Validating request from murano using client certificate. @@ -763,7 +842,7 @@ x-exosite-token: "myprivatetoken" # ... ``` -Once the service swagger has been published and processed, the token will be removed and will not be accessible from Murano anymore. +Once the service swagger has been published and processed, the token will be removed and will not be accessible from Murano anymore. So you MUST keep it securely saved. If you forget it you can overload the current token by updating the service swagger definition. ##### Step 2: call dispatcher diff --git a/examples/muranoauth.yaml b/examples/muranoauth.yaml index 9e7f391..f30e3cf 100644 --- a/examples/muranoauth.yaml +++ b/examples/muranoauth.yaml @@ -28,6 +28,9 @@ securityDefinitions: # See doc at https://github.com/exosite/open_api_integration/blob/master/README.md#signature type: signature # name: signature # optional by default goint in signature header + # To use AWS V4 signature (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) + # add following option + # x-exosite-from: awsSigV4 clientCA: # Client CA authentication, using Murano Services CA # See doc at https://github.com/exosite/open_api_integration/blob/master/README.md#clientca