Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lay foundation of crypto module in Rhai #2025

Closed
2 of 4 tasks
abernix opened this issue Oct 28, 2022 — with Slack · 5 comments · Fixed by #2394
Closed
2 of 4 tasks

Lay foundation of crypto module in Rhai #2025

abernix opened this issue Oct 28, 2022 — with Slack · 5 comments · Fixed by #2394
Assignees
Labels
component/rhai enhancement An enhancement to an existing feature raised by user

Comments

Copy link
Member

abernix commented Oct 28, 2022

When communicating with some subgraphs, it is necessary to sign the requests — for example various Google Cloud and AWS functions have their own HMAC requirements:

When building your own native Rust plugin, this isn't particularly challenging (in fact, there are off the shelf AWS and GCP specific Crates that can make it even easier), but should we consider exposing such functionality in Rhai directly?

Perhaps something off-the-shelf that is relatively full-featured along the lines of the Node.js crypto stdlib? (No strong feelings on what — e.g., sodium, orion, etc.; figuring that out would be part of the task.)

Alternatives

The alternative here is that we just bake-in utility functions that do these for you for providers who are big enough to warrant it (I'm largely thinking about AWS, Google, Azure). It will take a non-zero amount of time, effort and code for someone to implement those with just basic crypto functions, but maybe we still enable folks to do something more ad-hoc by having the functions there anyhow.

Basic Requirements

Lay the foundation for a set of crypto helpers. Let's just start with some simple things for now but be open to more:

@abernix abernix added component/rhai enhancement An enhancement to an existing feature labels Oct 28, 2022 — with Slack
@abernix abernix changed the title Expose crypto functions from Rhai Lay foundation of crypto module in Rhai Nov 22, 2022
@brh55
Copy link
Member

brh55 commented Jan 5, 2023

+1 Currently need this for a customer, and has been brought up in the past.

But given Rhai is positioned to reduce the path of resistance for folks moving from gateway with limited Rust expertise. It should be able handle common customizations seamlessly (i.e. header manipulation), so we should at least provide base64 decode/encode and sha-256.

garypen added a commit that referenced this issue Jan 12, 2023
partially fixes: #2025

 - 2 new functions which work on ImmutableString
garypen added a commit that referenced this issue Jan 18, 2023
- Partially Fix #2025 

Add support for base64 decode/encode to rhai

**Checklist**

Complete the checklist (and note appropriate exceptions) before a final
PR is raised.

- [x] Changes are compatible[^1]
- [x] Documentation[^2] completed
- [x] Performance impact assessed and acceptable
- Tests added and passing[^3]
    - [x] Unit Tests
    ~~- [ ] Integration Tests~~
    ~~- [ ] Manual Tests~~

**Exceptions**

No Exceptions

**Notes**

[^1]. It may be appropriate to bring upcoming changes to the attention
of other (impacted) groups. Please endeavour to do this before seeking
PR approval. The mechanism for doing this will vary considerably, so use
your judgement as to how and when to do this.
[^2]. Configuration is an important part of many changes. Where
applicable please try to document configuration examples.
[^3]. Tick whichever testing boxes are applicable. If you are adding
Manual Tests:
- please document the manual testing (extensively) in the Exceptions.
- please raise a separate issue to automate the test and label it (or
ask for it to be labeled) as `manual test`
@garypen
Copy link
Contributor

garypen commented Jan 18, 2023

It's not complete. Just the base64 part, so re-opening.

@garypen garypen reopened this Jan 18, 2023
This was referenced Jan 20, 2023
@prasek
Copy link
Contributor

prasek commented Apr 5, 2023

@abernix @chandrikas see related AWS Signaturev4 subgraph fetch signing in:

@o0Ignition0o
Copy link
Contributor

Sigv4 support just landed, but it looks orthogonal to this issue, so we'll keep it open.

@abernix
Copy link
Member Author

abernix commented Aug 7, 2023

Given that SigV4 and Base64 Encode/Decode are done, I'm going to go ahead and close this as it's less visionary at this point and more just an omnibus ticket that doesn't add quite as much value. Concrete asks for more functions can be opened as new issues. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component/rhai enhancement An enhancement to an existing feature raised by user
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants