Merge pull request #41 from LEGO/feat/canary-integration

feat: will now work with canary-release plugin

Author: hafstroem

Readme.md

@@ -6,12 +6,14 @@
 
 This plugin will sign a request with AWS SIGV4 and temporary credentials from `sts.amazonaws.com` requested using an OAuth token.
 
-It enables the secure use of AWS Lambdas as upstreams in Kong using [Lambda URLs](https://aws.amazon.com/blogs/aws/announcing-aws-lambda-function-urls-built-in-https-endpoints-for-single-function-microservices/).
+The AWS SIGV4 signature enables secure proxying directly towards AWS services such as [Lambda URLs](https://aws.amazon.com/blogs/aws/announcing-aws-lambda-function-urls-built-in-https-endpoints-for-single-function-microservices/).
 
 At the same time it drives down cost and complexity by excluding the AWS API Gateway and allowing to use AWS Lambdas directly.
 
 The required AWS setup to make the plugin work with your Lambda HTTPS endpoint is described below.
 
+Note that this plugin cannot be used in combination with Kong [upstreams](https://docs.konghq.com/gateway/latest/get-started/load-balancing/).
+
 ## Plugin configuration parameters
 
 ```lua
@@ -31,7 +33,7 @@ aws_service - AWS Service you are trying to access (lambda and s3 were tested)
 type = "string"
 required = true
 
-override_target_host - To be used when deploying multiple lambdas on a single Kong service (because lambdas have differennt URLs)
+override_target_host - To be used when deploying multiple lambdas on a single Kong service (because lambdas have different URLs)
 type = "string"
 required = false
 
@@ -111,8 +113,8 @@ plugins:
 
 ## Signing requests containing a body
 
-In case of requests contanining a body, the plugin is highly reliant on the nginx configuration, because it neets to access the body to sign it.
-The behaviour is controlled by the following Kong configuration parameters:
+In case of requests containing a body, the plugin is highly reliant on the nginx configuration, because it needs to access the body to sign it.
+The behavior is controlled by the following Kong configuration parameters:
 
 ```text
 nginx_http_client_max_body_size
@@ -135,7 +137,7 @@ The default value for max body size is `0`, which means unlimited, so consider s
 </details>
 
 2. Your OpenID Connect provider is added to [AWS IAM](https://us-east-1.console.aws.amazon.com/iamv2/home?region=us-east-1#/identity_providers)
-3. You have a role with  `arn:aws:iam::aws:policy/AWSLambda_FullAccess` and/or `arn:aws:iam::aws:policy/AmazonS3FullAccess`  permision (or any other permision that grants access to your desired AWS service ) and the trust relationship below:
+3. You have a role with  `arn:aws:iam::aws:policy/AWSLambda_FullAccess` and/or `arn:aws:iam::aws:policy/AmazonS3FullAccess`  permission (or any other permission that grants access to your desired AWS service ) and the trust relationship below:
 
 <details>
 <summary>Show JSON</summary>

kong-aws-request-signing-1.0.5-3.rockspec renamed to kong-aws-request-signing-1.0.6-3.rockspec

@@ -1,6 +1,6 @@
 local plugin_name = "aws-request-signing"
 local package_name = "kong-" .. plugin_name
-local package_version = "1.0.5"
+local package_version = "1.0.6"
 local rockspec_revision = "3"
 
 local github_account_name = "LEGO"

kong/plugins/aws-request-signing/handler.lua

@@ -103,7 +103,7 @@ end
 function AWSLambdaSTS:access(conf)
   local service = kong.router.get_service()
   local request_headers = kong.request.get_headers()
-  local final_host = conf.override_target_host or service.host
+  local final_host = conf.override_target_host or ngx.ctx.balancer_data.host
 
   if service == nil then
     kong.log.err("Unable to retrieve bound service!")
@@ -188,7 +188,7 @@ function AWSLambdaSTS:access(conf)
   kong.service.request.set_raw_query(signed_request.query)
 end
 
-AWSLambdaSTS.PRIORITY = 110
-AWSLambdaSTS.VERSION = "1.0.5"
+AWSLambdaSTS.PRIORITY = 15
+AWSLambdaSTS.VERSION = "1.0.6"
 
 return AWSLambdaSTS