Go SDK v2 #429
Go SDK v2 #429
Conversation
micahhausler
force-pushed
the
go-sdk-v2
branch
2 times, most recently
from
4cfb60c to
bd7a968
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #429 +/- ##
==========================================
- Coverage 52.62% 51.30% -1.32%
==========================================
Files 11 11
Lines 952 879 -73
==========================================
- Hits 501 451 -50
+ Misses 436 417 -19
+ Partials 15 11 -4 ☔ View full report in Codecov by Sentry. |
micahhausler
force-pushed
the
go-sdk-v2
branch
from
bd7a968 to
ca46755
Compare
| podName: podName, | ||
| preferredAddressType: preferredAddressType, | ||
| usePodIdentity: usePodIdentity, | ||
| k8sClient: k8sClient, | ||
| stsClient: stsClient, | ||
| ctx: ctx, |
There was a problem hiding this comment.
Context is meant to be passed through function calls. To quote from the context package documentation
Do not store Contexts inside a struct type; instead, pass a Context explicitly to each function that needs it. This is discussed further in https://go.dev/blog/context-and-structs.
Rather than putting it in the struct, it can be synchronously passed in GetAWSConfig(context.Context) below.
| // by using a private TokenFetcher helper. | ||
| func (p Auth) GetAWSSession() (awsSession *session.Session, e error) { | ||
| var credProvider credential_provider.CredentialProvider | ||
| func (p Auth) GetAWSConfig(ctx context.Context) (aws.Config, error) { |
There was a problem hiding this comment.
There is no longer a "Session" type in V2 of the SDK, just aws.Config{}, so I've renamed that appropriately
| sess.Handlers.Build.PushFront(func(r *request.Request) { | ||
| request.AddToUserAgent(r, ProviderName) | ||
| // add the user agent to the config | ||
| cfg.APIOptions = append(cfg.APIOptions, func(stack *middleware.Stack) error { |
There was a problem hiding this comment.
Header/UserAgent functionality is different in V2, See the docs on request customization
| // It matches stscreds.TokenFetcher interface. | ||
| type authTokenFetcher interface { | ||
| FetchToken(ctx credentials.Context) ([]byte, error) | ||
| GetAWSConfig(ctx context.Context) (aws.Config, error) |
There was a problem hiding this comment.
Rather than force a unifying method signature for getting a token and creating unnecessary wrappers, we can use the interface types provided in each credential method for retrieving tokens, and just make the ConfigProvider return an aws.Config{} with the correct AWS cred provider
- For IRSA, we can use
stscreds.IdentityTokenRetriever - For Pod Identity, we can use
endpointcreds.AuthTokenProvider
| k8sv1.CoreV1Interface // satisfy the interface | ||
| fake k8sv1.CoreV1Interface // plumb down to the ServiceAccounts method |
There was a problem hiding this comment.
We need both the interface satisfied, and an addressable field so that .ServiceAccounts().CreateToken() and .ServiceAccounts().Get() can be called from the same mock type.
|
|
||
| tokenOut, err := fetcher.FetchToken(nil) | ||
| cfg, _ := provider.GetAWSConfig(context.Background()) |
There was a problem hiding this comment.
The config creation won't ever error: Getting the token is async, and happens on cfg.Credentials.Retrieve()
| @@ -33,11 +31,15 @@ type ParameterStoreProvider struct { | |||
| clients []ParameterStoreClient | |||
| } | |||
|
|
|||
| type ParameterStoreGetter interface { | |||
There was a problem hiding this comment.
Since there is no longer an ssmiface package, we just create an interface for the one call we need to make
| @@ -31,10 +29,15 @@ type SecretsManagerProvider struct { | |||
| clients []SecretsManagerClient | |||
| } | |||
|
|
|||
| type SecretsManagerGetDescriber interface { | |||
There was a problem hiding this comment.
Same story on secretsmanageriface, just a custom interface to satisfy the type for easier testing
| Region: *awsSession.Config.Region, | ||
| Client: secretsmanager.New(awsSession, aws.NewConfig().WithRegion(regions[i])), | ||
| Region: regions[i], | ||
| Client: secretsmanager.NewFromConfig(cfg), |
There was a problem hiding this comment.
I'll have to double check, but I may need to override the cfg.Region = regions[i].
| "github.com/aws/aws-sdk-go-v2/service/secretsmanager" | ||
| secretsmanagertypes "github.com/aws/aws-sdk-go-v2/service/secretsmanager/types" | ||
| "github.com/aws/aws-sdk-go-v2/service/ssm" | ||
| ssmtypes "github.com/aws/aws-sdk-go-v2/service/ssm/types" |
There was a problem hiding this comment.
This file is worth skimming, but I'm really not doing anything other than accounting for how SDK v2's types are slightly different structures, and error messages print differently
micahhausler
force-pushed
the
go-sdk-v2
branch
2 times, most recently
from
6125874 to
9ee7592
Compare
Signed-off-by: Micah Hausler <[email protected]>
Replate by running:
go install golang.org/x/tools/cmd/goimports@latest
goimports -format-only -w ./
Signed-off-by: Micah Hausler <[email protected]>
Go has strong convention around passing context.Contxt as the first call to functions. I intentionally did not fix auth/ and credential_provider/ misuses of context, as that will be fixed in a later PR updating the AWS Go SDK. Signed-off-by: Micah Hausler <[email protected]>
Signed-off-by: Micah Hausler <[email protected]>
micahhausler
force-pushed
the
go-sdk-v2
branch
from
9ee7592 to
330f388
Compare
Issue #, if available:
N/A
Description of changes:
Upgrade project to use AWS SDK Go v2. The AWS SDK Go (v1)'s End of Life is July 31, 2025, this PR upgrades the SKD for this project.
Depends on the following PRs being merged first. I'll rebase after those are done
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.