diff --git a/LICENSES b/LICENSES index 398ba3b11..afa410d81 100644 --- a/LICENSES +++ b/LICENSES @@ -10,8 +10,22 @@ github.com/Venafi/vcert/v5,https://github.com/Venafi/vcert/blob/v5.3.0/LICENSE,A github.com/akamai/AkamaiOPEN-edgegrid-golang,https://github.com/akamai/AkamaiOPEN-edgegrid-golang/blob/v1.2.2/LICENSE,Apache-2.0 github.com/antlr/antlr4/runtime/Go/antlr/v4,https://github.com/antlr/antlr4/blob/8188dc5388df/runtime/Go/antlr/v4/LICENSE,BSD-3-Clause github.com/asaskevich/govalidator,https://github.com/asaskevich/govalidator/blob/a9d515a09cc2/LICENSE,MIT -github.com/aws/aws-sdk-go,https://github.com/aws/aws-sdk-go/blob/v1.50.5/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go/internal/sync/singleflight,https://github.com/aws/aws-sdk-go/blob/v1.50.5/internal/sync/singleflight/LICENSE,BSD-3-Clause +github.com/aws/aws-sdk-go-v2,https://github.com/aws/aws-sdk-go-v2/blob/v1.24.1/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/config,https://github.com/aws/aws-sdk-go-v2/blob/config/v1.26.6/config/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/credentials,https://github.com/aws/aws-sdk-go-v2/blob/credentials/v1.16.16/credentials/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/feature/ec2/imds,https://github.com/aws/aws-sdk-go-v2/blob/feature/ec2/imds/v1.14.11/feature/ec2/imds/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/internal/configsources,https://github.com/aws/aws-sdk-go-v2/blob/internal/configsources/v1.2.10/internal/configsources/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2,https://github.com/aws/aws-sdk-go-v2/blob/internal/endpoints/v2.5.10/internal/endpoints/v2/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/internal/ini,https://github.com/aws/aws-sdk-go-v2/blob/internal/ini/v1.7.3/internal/ini/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/internal/sync/singleflight,https://github.com/aws/aws-sdk-go-v2/blob/v1.24.1/internal/sync/singleflight/LICENSE,BSD-3-Clause +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/accept-encoding/v1.10.4/service/internal/accept-encoding/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/presigned-url/v1.10.10/service/internal/presigned-url/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/route53,https://github.com/aws/aws-sdk-go-v2/blob/service/route53/v1.37.0/service/route53/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/sso,https://github.com/aws/aws-sdk-go-v2/blob/service/sso/v1.18.7/service/sso/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/ssooidc,https://github.com/aws/aws-sdk-go-v2/blob/service/ssooidc/v1.21.7/service/ssooidc/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/sts,https://github.com/aws/aws-sdk-go-v2/blob/service/sts/v1.26.7/service/sts/LICENSE.txt,Apache-2.0 +github.com/aws/smithy-go,https://github.com/aws/smithy-go/blob/v1.19.0/LICENSE,Apache-2.0 +github.com/aws/smithy-go/internal/sync/singleflight,https://github.com/aws/smithy-go/blob/v1.19.0/internal/sync/singleflight/LICENSE,BSD-3-Clause github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT github.com/cenkalti/backoff/v3,https://github.com/cenkalti/backoff/blob/v3.2.2/LICENSE,MIT diff --git a/cmd/controller/LICENSES b/cmd/controller/LICENSES index dac476620..71ae34093 100644 --- a/cmd/controller/LICENSES +++ b/cmd/controller/LICENSES @@ -7,8 +7,22 @@ github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e6932135 github.com/AzureAD/microsoft-authentication-library-for-go/apps,https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/v1.2.1/LICENSE,MIT github.com/Venafi/vcert/v5,https://github.com/Venafi/vcert/blob/v5.3.0/LICENSE,Apache-2.0 github.com/akamai/AkamaiOPEN-edgegrid-golang,https://github.com/akamai/AkamaiOPEN-edgegrid-golang/blob/v1.2.2/LICENSE,Apache-2.0 -github.com/aws/aws-sdk-go,https://github.com/aws/aws-sdk-go/blob/v1.50.5/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go/internal/sync/singleflight,https://github.com/aws/aws-sdk-go/blob/v1.50.5/internal/sync/singleflight/LICENSE,BSD-3-Clause +github.com/aws/aws-sdk-go-v2,https://github.com/aws/aws-sdk-go-v2/blob/v1.24.1/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/config,https://github.com/aws/aws-sdk-go-v2/blob/config/v1.26.6/config/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/credentials,https://github.com/aws/aws-sdk-go-v2/blob/credentials/v1.16.16/credentials/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/feature/ec2/imds,https://github.com/aws/aws-sdk-go-v2/blob/feature/ec2/imds/v1.14.11/feature/ec2/imds/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/internal/configsources,https://github.com/aws/aws-sdk-go-v2/blob/internal/configsources/v1.2.10/internal/configsources/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2,https://github.com/aws/aws-sdk-go-v2/blob/internal/endpoints/v2.5.10/internal/endpoints/v2/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/internal/ini,https://github.com/aws/aws-sdk-go-v2/blob/internal/ini/v1.7.3/internal/ini/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/internal/sync/singleflight,https://github.com/aws/aws-sdk-go-v2/blob/v1.24.1/internal/sync/singleflight/LICENSE,BSD-3-Clause +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/accept-encoding/v1.10.4/service/internal/accept-encoding/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/presigned-url/v1.10.10/service/internal/presigned-url/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/route53,https://github.com/aws/aws-sdk-go-v2/blob/service/route53/v1.37.0/service/route53/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/sso,https://github.com/aws/aws-sdk-go-v2/blob/service/sso/v1.18.7/service/sso/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/ssooidc,https://github.com/aws/aws-sdk-go-v2/blob/service/ssooidc/v1.21.7/service/ssooidc/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/sts,https://github.com/aws/aws-sdk-go-v2/blob/service/sts/v1.26.7/service/sts/LICENSE.txt,Apache-2.0 +github.com/aws/smithy-go,https://github.com/aws/smithy-go/blob/v1.19.0/LICENSE,Apache-2.0 +github.com/aws/smithy-go/internal/sync/singleflight,https://github.com/aws/smithy-go/blob/v1.19.0/internal/sync/singleflight/LICENSE,BSD-3-Clause github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT github.com/cenkalti/backoff/v3,https://github.com/cenkalti/backoff/blob/v3.2.2/LICENSE,MIT diff --git a/cmd/controller/go.mod b/cmd/controller/go.mod index ccfa43af4..965ba65be 100644 --- a/cmd/controller/go.mod +++ b/cmd/controller/go.mod @@ -31,7 +31,20 @@ require ( github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect github.com/Venafi/vcert/v5 v5.3.0 // indirect github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 // indirect - github.com/aws/aws-sdk-go v1.50.5 // indirect + github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect + github.com/aws/aws-sdk-go-v2/config v1.26.6 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect + github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect + github.com/aws/smithy-go v1.19.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cenkalti/backoff/v3 v3.2.2 // indirect diff --git a/cmd/controller/go.sum b/cmd/controller/go.sum index 38acdb822..606caa528 100644 --- a/cmd/controller/go.sum +++ b/cmd/controller/go.sum @@ -22,8 +22,34 @@ github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 h1:F1j7z+/DKEsYqZNoxC6wvfmai github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2/go.mod h1:QlXr/TrICfQ/ANa76sLeQyhAJyNR9sEcfNuZBkY9jgY= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= -github.com/aws/aws-sdk-go v1.50.5 h1:H2Aadcgwr7a2aqS6ZwcE+l1mA6ZrTseYCvjw2QLmxIA= -github.com/aws/aws-sdk-go v1.50.5/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU= +github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= +github.com/aws/aws-sdk-go-v2/config v1.26.6 h1:Z/7w9bUqlRI0FFQpetVuFYEsjzE3h7fpU6HuGmfPL/o= +github.com/aws/aws-sdk-go-v2/config v1.26.6/go.mod h1:uKU6cnDmYCvJ+pxO9S4cWDb2yWWIH5hra+32hVh1MI4= +github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8= +github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw= +github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 h1:n3GDfwqF2tzEkXlv5cuy4iy7LpKDtqDMcNLfZDu9rls= +github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino= +github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 h1:f3hBZWtpn9clZGXJoqahQeec9ZPZnu22g8pg+zNyif0= +github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0/go.mod h1:8qqfpG4mug2JLlEyWPSFhEGvJiaZ9iPmMDDMYc5Xtas= +github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow= +github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8= +github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0= +github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U= +github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM= +github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= diff --git a/go.mod b/go.mod index 13ec32468..d86dc5d5b 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,12 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 github.com/Venafi/vcert/v5 v5.3.0 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 - github.com/aws/aws-sdk-go v1.50.5 + github.com/aws/aws-sdk-go-v2 v1.24.1 + github.com/aws/aws-sdk-go-v2/config v1.26.6 + github.com/aws/aws-sdk-go-v2/credentials v1.16.16 + github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 + github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 + github.com/aws/smithy-go v1.19.0 github.com/cpu/goacmedns v0.1.1 github.com/digitalocean/godo v1.108.0 github.com/go-ldap/ldap/v3 v3.4.6 @@ -59,6 +64,14 @@ require ( github.com/NYTimes/gziphandler v1.1.1 // indirect github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cenkalti/backoff/v3 v3.2.2 // indirect diff --git a/go.sum b/go.sum index e85b02b42..c00b3b850 100644 --- a/go.sum +++ b/go.sum @@ -28,8 +28,34 @@ github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/aws/aws-sdk-go v1.50.5 h1:H2Aadcgwr7a2aqS6ZwcE+l1mA6ZrTseYCvjw2QLmxIA= -github.com/aws/aws-sdk-go v1.50.5/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU= +github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= +github.com/aws/aws-sdk-go-v2/config v1.26.6 h1:Z/7w9bUqlRI0FFQpetVuFYEsjzE3h7fpU6HuGmfPL/o= +github.com/aws/aws-sdk-go-v2/config v1.26.6/go.mod h1:uKU6cnDmYCvJ+pxO9S4cWDb2yWWIH5hra+32hVh1MI4= +github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8= +github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw= +github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 h1:n3GDfwqF2tzEkXlv5cuy4iy7LpKDtqDMcNLfZDu9rls= +github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino= +github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 h1:f3hBZWtpn9clZGXJoqahQeec9ZPZnu22g8pg+zNyif0= +github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0/go.mod h1:8qqfpG4mug2JLlEyWPSFhEGvJiaZ9iPmMDDMYc5Xtas= +github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow= +github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8= +github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0= +github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U= +github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM= +github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= diff --git a/pkg/issuer/acme/dns/route53/route53.go b/pkg/issuer/acme/dns/route53/route53.go index dd18fba6f..5e3ee22f3 100644 --- a/pkg/issuer/acme/dns/route53/route53.go +++ b/pkg/issuer/acme/dns/route53/route53.go @@ -11,6 +11,8 @@ this directory. package route53 import ( + "context" + "errors" "fmt" "strings" "time" @@ -19,14 +21,15 @@ import ( "github.com/go-logr/logr" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/awserr" - "github.com/aws/aws-sdk-go/aws/credentials" - "github.com/aws/aws-sdk-go/aws/request" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/route53" - "github.com/aws/aws-sdk-go/service/sts" - "github.com/aws/aws-sdk-go/service/sts/stsiface" + "github.com/aws/aws-sdk-go-v2/aws" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/credentials" + "github.com/aws/aws-sdk-go-v2/service/route53" + route53types "github.com/aws/aws-sdk-go-v2/service/route53/types" + "github.com/aws/aws-sdk-go-v2/service/sts" + "github.com/aws/smithy-go/middleware" "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" ) @@ -37,7 +40,7 @@ const ( // DNSProvider implements the util.ChallengeProvider interface type DNSProvider struct { dns01Nameservers []string - client *route53.Route53 + client *route53.Client hostedZoneID string log logr.Logger @@ -50,27 +53,28 @@ type sessionProvider struct { Ambient bool Region string Role string - StsProvider func(*session.Session) stsiface.STSAPI + StsProvider func(aws.Config) StsClient log logr.Logger userAgent string } -func (d *sessionProvider) GetSession() (*session.Session, error) { +type StsClient interface { + AssumeRole(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) +} + +func (d *sessionProvider) GetSession() (aws.Config, error) { if d.AccessKeyID == "" && d.SecretAccessKey == "" { if !d.Ambient { - return nil, fmt.Errorf("unable to construct route53 provider: empty credentials; perhaps you meant to enable ambient credentials?") + return aws.Config{}, fmt.Errorf("unable to construct route53 provider: empty credentials; perhaps you meant to enable ambient credentials?") } } else if d.AccessKeyID == "" || d.SecretAccessKey == "" { // It's always an error to set one of those but not the other - return nil, fmt.Errorf("unable to construct route53 provider: only one of access and secret key was provided") + return aws.Config{}, fmt.Errorf("unable to construct route53 provider: only one of access and secret key was provided") } useAmbientCredentials := d.Ambient && (d.AccessKeyID == "" && d.SecretAccessKey == "") - config := aws.NewConfig() - sessionOpts := session.Options{ - Config: *config, - } + var optFns []func(*config.LoadOptions) error if useAmbientCredentials { d.log.V(logf.DebugLevel).Info("using ambient credentials") @@ -79,49 +83,44 @@ func (d *sessionProvider) GetSession() (*session.Session, error) { // https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials } else { d.log.V(logf.DebugLevel).Info("not using ambient credentials") - sessionOpts.Config.Credentials = credentials.NewStaticCredentials(d.AccessKeyID, d.SecretAccessKey, "") - // also disable 'ambient' region sources - sessionOpts.SharedConfigState = session.SharedConfigDisable + optFns = append(optFns, config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(d.AccessKeyID, d.SecretAccessKey, ""))) } - sess, err := session.NewSessionWithOptions(sessionOpts) + cfg, err := config.LoadDefaultConfig(context.TODO(), optFns...) if err != nil { - return nil, fmt.Errorf("unable to create aws session: %s", err) + return aws.Config{}, fmt.Errorf("unable to create aws config: %s", err) } if d.Role != "" { d.log.V(logf.DebugLevel).WithValues("role", d.Role).Info("assuming role") - stsSvc := d.StsProvider(sess) - result, err := stsSvc.AssumeRole(&sts.AssumeRoleInput{ + stsSvc := d.StsProvider(cfg) + result, err := stsSvc.AssumeRole(context.TODO(), &sts.AssumeRoleInput{ RoleArn: aws.String(d.Role), RoleSessionName: aws.String("cert-manager"), }) if err != nil { - return nil, fmt.Errorf("unable to assume role: %s", err) + return aws.Config{}, fmt.Errorf("unable to assume role: %s", err) } - creds := credentials.Value{ - AccessKeyID: *result.Credentials.AccessKeyId, - SecretAccessKey: *result.Credentials.SecretAccessKey, - SessionToken: *result.Credentials.SessionToken, - } - sessionOpts.Config.Credentials = credentials.NewStaticCredentialsFromCreds(creds) - - sess, err = session.NewSessionWithOptions(sessionOpts) - if err != nil { - return nil, fmt.Errorf("unable to create aws session: %s", err) - } + cfg.Credentials = credentials.NewStaticCredentialsProvider( + *result.Credentials.AccessKeyId, + *result.Credentials.SecretAccessKey, + *result.Credentials.SessionToken, + ) } // If ambient credentials aren't permitted, always set the region, even if to // empty string, to avoid it falling back on the environment. // this has to be set after session is constructed if d.Region != "" || !useAmbientCredentials { - sess.Config.WithRegion(d.Region) + cfg.Region = d.Region } - sess.Handlers.Build.PushBack(request.WithAppendUserAgent(d.userAgent)) - return sess, nil + cfg.APIOptions = append(cfg.APIOptions, func(stack *middleware.Stack) error { + return awsmiddleware.AddUserAgentKeyValue("cert-manager", d.userAgent)(stack) + }) + + return cfg, nil } func newSessionProvider(accessKeyID, secretAccessKey, region, role string, ambient bool, userAgent string) (*sessionProvider, error) { @@ -137,8 +136,8 @@ func newSessionProvider(accessKeyID, secretAccessKey, region, role string, ambie }, nil } -func defaultSTSProvider(sess *session.Session) stsiface.STSAPI { - return sts.New(sess) +func defaultSTSProvider(cfg aws.Config) StsClient { + return sts.NewFromConfig(cfg) } // NewDNSProvider returns a DNSProvider instance configured for the AWS @@ -154,12 +153,12 @@ func NewDNSProvider(accessKeyID, secretAccessKey, hostedZoneID, region, role str return nil, err } - sess, err := provider.GetSession() + cfg, err := provider.GetSession() if err != nil { return nil, err } - client := route53.New(sess) + client := route53.NewFromConfig(cfg) return &DNSProvider{ client: client, @@ -173,16 +172,16 @@ func NewDNSProvider(accessKeyID, secretAccessKey, hostedZoneID, region, role str // Present creates a TXT record using the specified parameters func (r *DNSProvider) Present(domain, fqdn, value string) error { value = `"` + value + `"` - return r.changeRecord(route53.ChangeActionUpsert, fqdn, value, route53TTL) + return r.changeRecord(route53types.ChangeActionUpsert, fqdn, value, route53TTL) } // CleanUp removes the TXT record matching the specified parameters func (r *DNSProvider) CleanUp(domain, fqdn, value string) error { value = `"` + value + `"` - return r.changeRecord(route53.ChangeActionDelete, fqdn, value, route53TTL) + return r.changeRecord(route53types.ChangeActionDelete, fqdn, value, route53TTL) } -func (r *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error { +func (r *DNSProvider) changeRecord(action route53types.ChangeAction, fqdn, value string, ttl int) error { hostedZoneID, err := r.getHostedZoneID(fqdn) if err != nil { return fmt.Errorf("failed to determine Route 53 hosted zone ID: %v", err) @@ -191,26 +190,25 @@ func (r *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error { recordSet := newTXTRecordSet(fqdn, value, ttl) reqParams := &route53.ChangeResourceRecordSetsInput{ HostedZoneId: aws.String(hostedZoneID), - ChangeBatch: &route53.ChangeBatch{ + ChangeBatch: &route53types.ChangeBatch{ Comment: aws.String("Managed by cert-manager"), - Changes: []*route53.Change{ + Changes: []route53types.Change{ { - Action: &action, + Action: action, ResourceRecordSet: recordSet, }, }, }, } - resp, err := r.client.ChangeResourceRecordSets(reqParams) + resp, err := r.client.ChangeResourceRecordSets(context.TODO(), reqParams) if err != nil { - if awserr, ok := err.(awserr.Error); ok { - if action == route53.ChangeActionDelete && awserr.Code() == route53.ErrCodeInvalidChangeBatch { - r.log.V(logf.DebugLevel).WithValues("error", err).Info("ignoring InvalidChangeBatch error") - // If we try to delete something and get a 'InvalidChangeBatch' that - // means it's already deleted, no need to consider it an error. - return nil - } + invalidChangeBatchErr := &route53types.InvalidChangeBatch{} + if errors.As(err, &invalidChangeBatchErr) && action == route53types.ChangeActionDelete { + r.log.V(logf.DebugLevel).WithValues("error", err).Info("ignoring InvalidChangeBatch error") + // If we try to delete something and get a 'InvalidChangeBatch' that + // means it's already deleted, no need to consider it an error. + return nil } return fmt.Errorf("failed to change Route 53 record set: %v", removeReqID(err)) @@ -222,11 +220,11 @@ func (r *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error { reqParams := &route53.GetChangeInput{ Id: statusID, } - resp, err := r.client.GetChange(reqParams) + resp, err := r.client.GetChange(context.TODO(), reqParams) if err != nil { return false, fmt.Errorf("failed to query Route 53 change status: %v", removeReqID(err)) } - if *resp.ChangeInfo.Status == route53.ChangeStatusInsync { + if resp.ChangeInfo.Status == route53types.ChangeStatusInsync { return true, nil } return false, nil @@ -247,7 +245,7 @@ func (r *DNSProvider) getHostedZoneID(fqdn string) (string, error) { reqParams := &route53.ListHostedZonesByNameInput{ DNSName: aws.String(util.UnFqdn(authZone)), } - resp, err := r.client.ListHostedZonesByName(reqParams) + resp, err := r.client.ListHostedZonesByName(context.TODO(), reqParams) if err != nil { return "", removeReqID(err) } @@ -256,7 +254,7 @@ func (r *DNSProvider) getHostedZoneID(fqdn string) (string, error) { var hostedZones []string for _, hostedZone := range resp.HostedZones { // .Name has a trailing dot - if !*hostedZone.Config.PrivateZone { + if !hostedZone.Config.PrivateZone { zoneToID[*hostedZone.Name] = *hostedZone.Id hostedZones = append(hostedZones, *hostedZone.Name) } @@ -272,21 +270,19 @@ func (r *DNSProvider) getHostedZoneID(fqdn string) (string, error) { return "", fmt.Errorf("zone %s not found in Route 53 for domain %s", authZone, fqdn) } - if strings.HasPrefix(hostedZoneID, "/hostedzone/") { - hostedZoneID = strings.TrimPrefix(hostedZoneID, "/hostedzone/") - } + hostedZoneID = strings.TrimPrefix(hostedZoneID, "/hostedzone/") return hostedZoneID, nil } -func newTXTRecordSet(fqdn, value string, ttl int) *route53.ResourceRecordSet { - return &route53.ResourceRecordSet{ +func newTXTRecordSet(fqdn, value string, ttl int) *route53types.ResourceRecordSet { + return &route53types.ResourceRecordSet{ Name: aws.String(fqdn), - Type: aws.String(route53.RRTypeTxt), + Type: route53types.RRTypeTxt, TTL: aws.Int64(int64(ttl)), MultiValueAnswer: aws.Bool(true), SetIdentifier: aws.String(value), - ResourceRecords: []*route53.ResourceRecord{ + ResourceRecords: []route53types.ResourceRecord{ {Value: aws.String(value)}, }, } @@ -299,16 +295,10 @@ func newTXTRecordSet(fqdn, value string, ttl int) *route53.ResourceRecordSet { // The given error must not be nil. This function must be called everywhere // we have a non-nil error coming from an aws-sdk-go func. func removeReqID(err error) error { - // NOTE(mael): I first tried to unwrap the RequestFailure to get rid of - // this request id. But the concrete type requestFailure is private, so - // I can't unwrap it. Instead, I recreate a new awserr.baseError. It's - // also a awserr.Error except it doesn't have the request id. - // - // Also note that we do not give the origErr to awserr.New. If we did, - // err.Error() would show the origErr, which we don't want since it - // contains a request id. - if e, ok := err.(awserr.RequestFailure); ok { - return awserr.New(e.Code(), e.Message(), nil) + responseError := &awshttp.ResponseError{} + if errors.As(err, &responseError) { + // remove the request id from the error message + responseError.RequestID = "" } return err } diff --git a/pkg/issuer/acme/dns/route53/route53_test.go b/pkg/issuer/acme/dns/route53/route53_test.go index 856013920..fcde37cb1 100644 --- a/pkg/issuer/acme/dns/route53/route53_test.go +++ b/pkg/issuer/acme/dns/route53/route53_test.go @@ -9,25 +9,27 @@ this directory. package route53 import ( + "context" "errors" "fmt" + "net/http" "net/http/httptest" "os" "testing" - logf "github.com/cert-manager/cert-manager/pkg/logs" - - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/awserr" - "github.com/aws/aws-sdk-go/aws/credentials" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/route53" - "github.com/aws/aws-sdk-go/service/sts" - "github.com/aws/aws-sdk-go/service/sts/stsiface" + "github.com/aws/aws-sdk-go-v2/aws" + awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/credentials" + "github.com/aws/aws-sdk-go-v2/service/route53" + "github.com/aws/aws-sdk-go-v2/service/sts" + ststypes "github.com/aws/aws-sdk-go-v2/service/sts/types" + smithyhttp "github.com/aws/smithy-go/transport/http" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" + logf "github.com/cert-manager/cert-manager/pkg/logs" ) var ( @@ -49,18 +51,23 @@ func restoreRoute53Env() { } func makeRoute53Provider(ts *httptest.Server) (*DNSProvider, error) { - config := &aws.Config{ - Credentials: credentials.NewStaticCredentials("abc", "123", " "), - Endpoint: aws.String(ts.URL), - Region: aws.String("mock-region"), - MaxRetries: aws.Int(1), - } - - sess, err := session.NewSession(config) + cfg, err := config.LoadDefaultConfig( + context.TODO(), + config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider("abc", "123", " ")), + config.WithEndpointResolverWithOptions(aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) { + return aws.Endpoint{ + URL: ts.URL, + }, nil + })), + config.WithRegion("mock-region"), + config.WithRetryMaxAttempts(1), + config.WithHTTPClient(ts.Client()), + ) if err != nil { return nil, err } - client := route53.New(sess) + + client := route53.NewFromConfig(cfg) return &DNSProvider{client: client, dns01Nameservers: util.RecursiveNameservers}, nil } @@ -73,9 +80,10 @@ func TestAmbientCredentialsFromEnv(t *testing.T) { provider, err := NewDNSProvider("", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err, "Expected no error constructing DNSProvider") - _, err = provider.client.Config.Credentials.Get() + _, err = provider.client.Options().Credentials.Retrieve(context.TODO()) assert.NoError(t, err, "Expected credentials to be set from environment") - assert.Equal(t, provider.client.Config.Region, aws.String("us-east-1")) + + assert.Equal(t, provider.client.Options().Region, "us-east-1") } func TestNoCredentialsFromEnv(t *testing.T) { @@ -95,7 +103,7 @@ func TestAmbientRegionFromEnv(t *testing.T) { provider, err := NewDNSProvider("", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err, "Expected no error constructing DNSProvider") - assert.Equal(t, "us-east-1", *provider.client.Config.Region, "Expected Region to be set from environment") + assert.Equal(t, "us-east-1", provider.client.Options().Region, "Expected Region to be set from environment") } func TestNoRegionFromEnv(t *testing.T) { @@ -105,16 +113,16 @@ func TestNoRegionFromEnv(t *testing.T) { provider, err := NewDNSProvider("marx", "swordfish", "", "", "", false, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err, "Expected no error constructing DNSProvider") - assert.Equal(t, "", *provider.client.Config.Region, "Expected Region to not be set from environment") + assert.Equal(t, "", provider.client.Options().Region, "Expected Region to not be set from environment") } func TestRoute53Present(t *testing.T) { mockResponses := MockResponseMap{ - "/2013-04-01/hostedzonesbyname": MockResponse{StatusCode: 200, Body: ListHostedZonesByNameResponse}, - "/2013-04-01/hostedzone/ABCDEFG/rrset/": MockResponse{StatusCode: 200, Body: ChangeResourceRecordSetsResponse}, - "/2013-04-01/hostedzone/HIJKLMN/rrset/": MockResponse{StatusCode: 200, Body: ChangeResourceRecordSetsResponse}, - "/2013-04-01/change/123456": MockResponse{StatusCode: 200, Body: GetChangeResponse}, - "/2013-04-01/hostedzone/OPQRSTU/rrset/": MockResponse{StatusCode: 403, Body: ChangeResourceRecordSets403Response}, + "/2013-04-01/hostedzonesbyname": MockResponse{StatusCode: 200, Body: ListHostedZonesByNameResponse}, + "/2013-04-01/hostedzone/ABCDEFG/rrset": MockResponse{StatusCode: 200, Body: ChangeResourceRecordSetsResponse}, + "/2013-04-01/hostedzone/HIJKLMN/rrset": MockResponse{StatusCode: 200, Body: ChangeResourceRecordSetsResponse}, + "/2013-04-01/change/123456": MockResponse{StatusCode: 200, Body: GetChangeResponse}, + "/2013-04-01/hostedzone/OPQRSTU/rrset": MockResponse{StatusCode: 403, Body: ChangeResourceRecordSets403Response}, } ts := newMockServer(t, mockResponses) @@ -146,11 +154,11 @@ func TestRoute53Present(t *testing.T) { // request which causes spurious challenge updates. err = provider.Present("bar.example.com", "bar.example.com.", keyAuth) require.Error(t, err, "Expected Present to return an error") - assert.Equal(t, `failed to change Route 53 record set: AccessDenied: User: arn:aws:iam::0123456789:user/test-cert-manager is not authorized to perform: route53:ChangeResourceRecordSets on resource: arn:aws:route53:::hostedzone/OPQRSTU`, err.Error()) + assert.Equal(t, `failed to change Route 53 record set: operation error Route 53: ChangeResourceRecordSets, https response error StatusCode: 403, RequestID: , api error AccessDenied: User: arn:aws:iam::0123456789:user/test-cert-manager is not authorized to perform: route53:ChangeResourceRecordSets on resource: arn:aws:route53:::hostedzone/OPQRSTU`, err.Error()) } func TestAssumeRole(t *testing.T) { - creds := &sts.Credentials{ + creds := &ststypes.Credentials{ AccessKeyId: aws.String("foo"), SecretAccessKey: aws.String("bar"), SessionToken: aws.String("my-token"), @@ -160,7 +168,7 @@ func TestAssumeRole(t *testing.T) { ambient bool role string expErr bool - expCreds *sts.Credentials + expCreds *ststypes.Credentials expRegion string key string secret string @@ -178,7 +186,7 @@ func TestAssumeRole(t *testing.T) { expCreds: creds, expRegion: "", mockSTS: &mockSTS{ - AssumeRoleFn: func(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) { + AssumeRoleFn: func(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) { return &sts.AssumeRoleOutput{ Credentials: creds, }, nil @@ -195,7 +203,7 @@ func TestAssumeRole(t *testing.T) { expErr: false, expCreds: creds, mockSTS: &mockSTS{ - AssumeRoleFn: func(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) { + AssumeRoleFn: func(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) { return &sts.AssumeRoleOutput{ Credentials: creds, }, nil @@ -210,12 +218,12 @@ func TestAssumeRole(t *testing.T) { secret: "my-explicit-secret", region: "eu-central-1", expErr: false, - expCreds: &sts.Credentials{ + expCreds: &ststypes.Credentials{ AccessKeyId: aws.String("my-explicit-key"), // from above SecretAccessKey: aws.String("my-explicit-secret"), // from above }, mockSTS: &mockSTS{ - AssumeRoleFn: func(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) { + AssumeRoleFn: func(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) { return &sts.AssumeRoleOutput{ Credentials: creds, }, nil @@ -233,7 +241,7 @@ func TestAssumeRole(t *testing.T) { expErr: true, expCreds: nil, mockSTS: &mockSTS{ - AssumeRoleFn: func(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) { + AssumeRoleFn: func(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) { return nil, fmt.Errorf("error assuming mock role") }, }, @@ -242,40 +250,43 @@ func TestAssumeRole(t *testing.T) { for _, c := range cases { t.Run(c.name, func(t *testing.T) { - provider, err := makeMockSessionProvider(func(sess *session.Session) stsiface.STSAPI { + provider, err := makeMockSessionProvider(func(aws.Config) StsClient { return c.mockSTS }, c.key, c.secret, c.region, c.role, c.ambient) assert.NoError(t, err) - sess, err := provider.GetSession() + cfg, err := provider.GetSession() if c.expErr { assert.NotNil(t, err) } else { - sessCreds, _ := sess.Config.Credentials.Get() + sessCreds, _ := cfg.Credentials.Retrieve(context.TODO()) assert.Equal(t, c.mockSTS.assumedRole, c.role) assert.Equal(t, *c.expCreds.SecretAccessKey, sessCreds.SecretAccessKey) assert.Equal(t, *c.expCreds.AccessKeyId, sessCreds.AccessKeyID) - assert.Equal(t, c.region, *sess.Config.Region) + assert.Equal(t, c.region, cfg.Region) } }) } } type mockSTS struct { - *sts.STS - AssumeRoleFn func(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) + AssumeRoleFn func(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) assumedRole string } -func (m *mockSTS) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) { +func (m *mockSTS) AssumeRole(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) { if m.AssumeRoleFn != nil { - m.assumedRole = *input.RoleArn - return m.AssumeRoleFn(input) + m.assumedRole = *params.RoleArn + return m.AssumeRoleFn(ctx, params, optFns...) } return nil, nil } -func makeMockSessionProvider(defaultSTSProvider func(sess *session.Session) stsiface.STSAPI, accessKeyID, secretAccessKey, region, role string, ambient bool) (*sessionProvider, error) { +func makeMockSessionProvider( + defaultSTSProvider func(aws.Config) StsClient, + accessKeyID, secretAccessKey, region, role string, + ambient bool, +) (*sessionProvider, error) { return &sessionProvider{ AccessKeyID: accessKeyID, SecretAccessKey: secretAccessKey, @@ -288,20 +299,29 @@ func makeMockSessionProvider(defaultSTSProvider func(sess *session.Session) stsi } func Test_removeReqID(t *testing.T) { + newResponseError := func() *smithyhttp.ResponseError { + return &smithyhttp.ResponseError{ + Err: errors.New("foo"), + Response: &smithyhttp.Response{ + Response: &http.Response{}, + }, + } + } + tests := []struct { name string err error wantErr error }{ { - name: "should remove the request id and the origin error", - err: awserr.NewRequestFailure(awserr.New("foo", "bar", nil), 400, "SOMEREQUESTID"), - wantErr: awserr.New("foo", "bar", nil), + name: "should replace the request id with a static value to keep the message stable", + err: &awshttp.ResponseError{RequestID: "SOMEREQUESTID", ResponseError: newResponseError()}, + wantErr: &awshttp.ResponseError{RequestID: "", ResponseError: newResponseError()}, }, { name: "should do nothing if no request id is set", - err: awserr.New("foo", "bar", nil), - wantErr: awserr.New("foo", "bar", nil), + err: newResponseError(), + wantErr: newResponseError(), }, { name: "should do nothing if the error is not an aws error",