[cherry release/3.4.x] backport aws lambda refactor change #11906
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…aws (#11350) * refactor(aws-lambda): add lua-resty-aws library and libexpat dependencies into rockspec and bazel configs The commit introduces latest version of lua-resty-aws as Kong's dependency. Since lua-resty-aws relies on luaexpat to do xml decoding, Kong also needs to build libexpat during compiling/packaging. * refactor(aws-lambda): use lua-resty-aws and rewrite fetch credential The commits rewrite part of the aws-lambda plugin code so that the IAM role credential fetching is replaced by using lua-resty-aws credential provider. * refactor(aws-lambda): refactor aws-lambda plugin This commits does refactoring on the majority of the aws-lambda plugin code. The IAM role credential fetching and lambda function invoking has been replaced by using the lua-resty-aws library directly. * style(*): remove useless lua file * fix(cd): fix explain manifest for libexpat * fix(cd): fix buildifier style * fix(*): try to fix lambda plugin init_worker * fix(*): fix http proxy & sts regional endpoint config * fix(*): execute plugin init code correctly * fix(*): remove lambda returned content length * chore(*): move libexpat from cross_deps to standalone repo * fix(*): do not override global config credential * chore(*): remove non-debug flag * chore(*): bump lua-resty-aws version to 1.3.0
…ion mode (#11413) * tests(aws-lambda): add response content type for multiple tests, add proxy integration test for sam * fix(aws-lambda): better type & error handling when extracting proxy response * tests(aws-lambda): fix test * docs(changelog): add missing changelog
…ntial provider (#11551) This PR contains a fix to let aws-lambda plugin-level proxy configuration take effect when fetching IAM credentials in an EKS environment. The EKS IRSA credential provider(aka TokenFileWebIdentityCredentials) will fire a request to AWS STS service when fetching the credential, and the request itself may need to go through the plugin-level proxy configuration. Here we check if a proxy is configured and whether the plugin is running inside the EKS environment with IRSA related configuration provided, then we replace the provider with a new TokenFileWebIdentityCredentials that supports proxy. FTI-5242
### Summary Lazily initializes AWS library on a first use, to remove startup delay caused by AWS metadata discovery. Signed-off-by: Aapo Talvensaari <[email protected]>
windmgc
force-pushed
the
ce-cherry-aws-lambda-refactor
branch
from
8d48e85
to
b1bba5b
Compare
…11805) Cache the aws lambda service by composing a cache key using the service related fields, so that service object can be reused between plugins and vault refresh can take effect when key/secret is rotated * fix(aws-lambda): aws lambda service cache by service related fields * tests(aws-lambda): add test for checking service cache refresh when vault rotates * style(*): lint Fix KAG-2832
Before the fix, error message is: [kong] init.lua:405 [aws-lambda] table: 0x04183d70, client:127.0.0.1... After: [kong] init.lua:405 [aws-lambda] Function not found: arn:aws:lambda:us-east-1:xxx:function:test-lambda-2, client: 127.0.0.1...
windmgc
force-pushed
the
ce-cherry-aws-lambda-refactor
branch
from
b1bba5b
to
88bbea0
Compare
VicYP
approved these changes
Nov 2, 2023
|
Please update the description with a link to the PR this backport from so it can be tracked better. |
|
@ms2008 Sure! I've updated the PR description to contain a full list of backported PRs. |
ms2008
approved these changes
Nov 3, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR backports AWS-Lambda plugin refactor related changes to 3.4 release.
PR List:
#11350
#11413
#11551
#11614
#11800
#11805
Checklist
changelog/unreleased/kongorskip-changeloglabel added on PR if changelog is unnecessary. README.mdFull changelog
Issue reference
Fix FTI-5528