feat: kong gateway's aws vault backend now supports automatic IAM credential fetch and role assuming #6181
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…dential fetch and role assuming
windmgc
added
review:tech
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
app/_src/gateway/kong-enterprise/secrets-management/backends/aws-sm.md
Outdated
Show resolved
Hide resolved
app/_src/gateway/kong-enterprise/secrets-management/backends/aws-sm.md
Outdated
Show resolved
Hide resolved
|
Hmm, the smoke test seems to be broken for a long time(at least since the last time I raised a PR here) is there anyway I can get a preview for this PR? |
hanshuebner
suggested changes
Sep 27, 2023
app/_src/gateway/kong-enterprise/secrets-management/backends/aws-sm.md
Outdated
Show resolved
Hide resolved
app/_src/gateway/kong-enterprise/secrets-management/backends/aws-sm.md
Outdated
Show resolved
Hide resolved
app/_src/gateway/kong-enterprise/secrets-management/backends/aws-sm.md
Outdated
Show resolved
Hide resolved
app/_src/gateway/kong-enterprise/secrets-management/backends/aws-sm.md
Outdated
Show resolved
Hide resolved
app/_src/gateway/kong-enterprise/secrets-management/backends/aws-sm.md
Outdated
Show resolved
Hide resolved
app/_src/gateway/kong-enterprise/secrets-management/backends/aws-sm.md
Outdated
Show resolved
Hide resolved
app/_src/gateway/kong-enterprise/secrets-management/backends/aws-sm.md
Outdated
Show resolved
Hide resolved
hanshuebner
suggested changes
Sep 27, 2023
Co-authored-by: Hans Hübner <[email protected]>
|
@hanshuebner Done! Thanks for the suggestions! |
zhongweiy
approved these changes
Sep 27, 2023
hanshuebner
approved these changes
Sep 28, 2023
Guaris
force-pushed
the
release/gateway-3.5
branch
from
89349c9 to
343dffd
Compare
✅ Deploy Preview for kongdocs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Guaris
added a commit
that referenced
this pull request
Nov 8, 2023
* create 3.5 pages and bump version * feat(opentelemetry): propagate GCP trace header (#5829) feat(opentelemetry): propagate GCP header * feat(request-id): introduce Request ID (#6163) * feat(request-id): introduce Request ID Docs for Kong/kong#11624 where the Request ID is introduced. Few minor changes to the log serializer as well to make mapping between IDs easier. * fix if statement * fix if statement in other plugin --------- Co-authored-by: lena-larionova <[email protected]> * update submodule for 3.5 placeholders * feat(labels): add on premise dp labels (#6173) * Update plugin submodule to Lena's placeholder branch Signed-off-by: Diana <[email protected]> * feat(oidc): certificate bound access tokens (#6284) * feat(oidc): certificate bound access tokens Docs for: Kong/kong-ee#6446 * Apply copyedits and some minor formatting Signed-off-by: Diana <[email protected]> --------- Signed-off-by: Diana <[email protected]> Co-authored-by: Diana <[email protected]> * GW 3.5 Self-hosted Portal and Vitals Sustaining Mode (#6341) * test * more deprecation * spelling on redirects * shot scraper * shot scraper * Feat: Add /schemas/vaults/:name endpoint [skip-ci] (#6347) Add 3.5 specs and schema vault endpoint * docs(vaults): add docs for Azure Key Vault support in Kong Gateway (#6215) * docs(vaults): add docs for Azure Key Vault support in Kong Gateway Signed-off-by: Joshua Schmid <[email protected]> * fixes Signed-off-by: Joshua Schmid <[email protected]> * nav bar * copy edits * style --------- Signed-off-by: Joshua Schmid <[email protected]> Co-authored-by: Angel <[email protected]> Co-authored-by: Angel <[email protected]> * feat: kong gateway's aws vault backend now supports automatic IAM credential fetch and role assuming (#6181) * feat: kong gateway's aws vault backend now supports automatic IAM credential fetch and role assuming * apply suggestions * update docs Co-authored-by: Hans Hübner <[email protected]> * copy edit --------- Co-authored-by: Hans Hübner <[email protected]> Co-authored-by: Angel <[email protected]> Co-authored-by: Angel <[email protected]> * fix: cert bound access token conditional rendering (#6349) Add conditional rendering for cert-bound access tokens, fix note formatting Signed-off-by: Diana <[email protected]> * feat: Kong Manager forced workspace deletion (#6327) * Update workspace deletion instructions, add changelog entry about forced KM workspace deletion Signed-off-by: Diana <[email protected]> * Consolidate delete workspace sections, fix changelog formatting Signed-off-by: Diana <[email protected]> * Add missing API option to auto delete entities Signed-off-by: Diana <[email protected]> * Fix kong-plugin submodule sha Signed-off-by: Diana <[email protected]> * Apply suggestions from code review Co-authored-by: lena-larionova <[email protected]> * Fix step formatting, clarify what entities are deleted Signed-off-by: Diana <[email protected]> * Add conditional rendering Signed-off-by: Diana <[email protected]> * Conditionally render the delete workspace section, remove Portal CLI from 3.5 instructions Signed-off-by: Diana <[email protected]> * Apply suggestions from code review Co-authored-by: lena-larionova <[email protected]> --------- Signed-off-by: Diana <[email protected]> Co-authored-by: lena-larionova <[email protected]> * Feat: Rename Kong Enterprise to Kong Gateway Enterprise (#6372) * kong enterprise rename * update product name and use variables wherever possible * feature tables alignment with longer name * add some missing enterprise badges; use correct variables on gateway overview * appease vale * remove broken links * update the admin_gui_auth_conf of the OIDC (#6331) * update the admin_gui_auth_conf of the OIDC * fix vale error * Update app/_src/gateway/kong-manager/auth/oidc/configure.md Co-authored-by: Makito <[email protected]> * Update app/_src/gateway/kong-manager/auth/oidc/configure.md Co-authored-by: Makito <[email protected]> * Add conditional rendering, revise the table, make copy edits Signed-off-by: Diana <[email protected]> --------- Signed-off-by: Diana <[email protected]> Co-authored-by: Makito <[email protected]> Co-authored-by: Diana <[email protected]> * feat: aws lambda plugin now supports more IAM-based authentication scenarios (#6002) * feat: aws lambda plugin now supports more IAM-based authentication scenarios * Add to vale dictionary, fix conditional rendering, copyedits Signed-off-by: Diana <[email protected]> --------- Signed-off-by: Diana <[email protected]> Co-authored-by: Diana <[email protected]> * feat(license_report): update description of licensing report (#6307) * feat(license_report): update description of licensing report * version the source file * comment out 3.4 source file until 3.4 patch goes out --------- Co-authored-by: lena.larionova <[email protected]> Co-authored-by: lena-larionova <[email protected]> * feat: dedicated config processing (#6442) * feat: dedicated config processing Signed-off-by: Joshua Schmid <[email protected]> * minor formatting edits * remove backticks from around hybrid --------- Signed-off-by: Joshua Schmid <[email protected]> Co-authored-by: lena-larionova <[email protected]> * feat(openid-connect): cert-bound tokens doc edits (#6441) feat(openid-connect): cert-bound tokens typos few typos and rewording of the openid-connect certificate-bound tokens feature * chore: Update Gateway config reference for 3.5 (#6445) update config reference for 3.5 * chore: Remove performance testing framework from 3.5 (#6452) remove performance testing framework from 3.5 * chore: Copy over nav changes from 3.4 to 3.5 (#6455) * copy over nav changes from 3.4 to 3.5 * use better url for consumer groups * Gateway 3.5 Autodocs (#6419) * Autodocs * update spec * Chore: Support matrix updates for Gateway 3.5 (#6470) add EOL date for 3.5; update PG supported versions * chore: Replace mockbin with httpbin/httpbun (#6453) * replace mockbin with httpbin/httpbun * Update app/_src/gateway/get-started/proxy-caching.md Co-authored-by: Angel <[email protected]> --------- Co-authored-by: Angel <[email protected]> * chore: add compatibility updates for Gateway 3.5 release (#6474) * chore: add compatibility updates for Gateway 3.5 release Adds version compatibility issues for gateway v3.5. Rewords "data plane" -> "data plane node". * fix: formatting and names * change single quote to backtick --------- Co-authored-by: lena-larionova <[email protected]> * docs(plugins): add docs about `plugin:configure` handler (#6463) * docs(plugins): add docs about `plugin:configure` handler ### Summary In Kong 3.5 we added `plugin:configure` as an additional handler that is called each time there is a change in Kong plugin iterator. This commit adds documentation for it. Signed-off-by: Aapo Talvensaari <[email protected]> * if_version + cleanup --------- Signed-off-by: Aapo Talvensaari <[email protected]> Co-authored-by: Angel <[email protected]> * Add wasm filter config schema document (#6459) * Add wasm filter config schema document * fix indents & add missing chapter metadata * Apply suggestions from code review Co-authored-by: lena-larionova <[email protected]> * revert some unintentional whitespace changes * relocate draft-4 disclaimer * rework request/response format --------- Co-authored-by: lena.larionova <[email protected]> Co-authored-by: lena-larionova <[email protected]> * chore: Dev Portal broken links (#6484) * fix redirects * re-add deleted redirects --------- Co-authored-by: lena-larionova <[email protected]> * Release 3.5 Changelog (#6471) * save * changelog * formatting and cleanup; rephrase the Dev Portal and Vitals entry + add to breaking changes * copyedit changelog and add plugin changelog entries to plugin changelogs * add fix entry for oidc plugin in 3.5 * backport missing plugin changelog entries to 3.4 * add a couple of entries to breaking changes * add links to docs * Apply suggestions from code review Co-authored-by: Diana <[email protected]> * add some more links; apply reviewer feedback --------- Co-authored-by: lena.larionova <[email protected]> Co-authored-by: lena-larionova <[email protected]> Co-authored-by: Diana <[email protected]> * Chore: update upgrade paths for Gateway 3.5 (#6482) * Add 3.5 upgrade path to table, remove duplicate links to general upgrade instructions Signed-off-by: Diana <[email protected]> * Update based on LTS versions Signed-off-by: Diana <[email protected]> --------- Signed-off-by: Diana <[email protected]> * feat: Request Debug Header docs for Kong Gateway 3.5 (#6475) * Add request debug header page to 3.5 as well as changelog Signed-off-by: Diana <[email protected]> * Apply suggestions from code review Co-authored-by: lena-larionova <[email protected]> * Remove changelog entry Signed-off-by: Diana <[email protected]> * Move debug request to logging section Signed-off-by: Diana <[email protected]> * Move debug request doc to logging folder, reformat json examples Signed-off-by: Diana <[email protected]> * Apply suggestions from code review Co-authored-by: lena-larionova <[email protected]> * Move debug request file to stop test from failing Signed-off-by: Diana <[email protected]> --------- Signed-off-by: Diana <[email protected]> Co-authored-by: lena-larionova <[email protected]> --------- Signed-off-by: Diana <[email protected]> Signed-off-by: Joshua Schmid <[email protected]> Signed-off-by: Aapo Talvensaari <[email protected]> Co-authored-by: lena.larionova <[email protected]> Co-authored-by: Jon Ruskin <[email protected]> Co-authored-by: Samuele <[email protected]> Co-authored-by: lena-larionova <[email protected]> Co-authored-by: Diana <[email protected]> Co-authored-by: Joshua Schmid <[email protected]> Co-authored-by: Qirui(Keery) Nie <[email protected]> Co-authored-by: Hans Hübner <[email protected]> Co-authored-by: Xiaoyan Rao <[email protected]> Co-authored-by: Makito <[email protected]> Co-authored-by: Michael Heap <[email protected]> Co-authored-by: Yufu Zhao <[email protected]> Co-authored-by: Alex Gaesser <[email protected]> Co-authored-by: Aapo Talvensaari <[email protected]> Co-authored-by: Michael Martin <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
KAG-1542
This is a combination update of KAG-1991 and KAG-1993
This is an enhancement of Kong Gateway's Vault AWS backend, to let it support multiple ways of automatic IAM credential fetching, and role assuming.
Description
Testing instructions
Preview link:
Checklist
mainfor immediate publishing, or a release branch: e.g.release/gateway-3.2,release/deck-1.17)