Skip to content

Commit

Permalink
migrate aws sdk usage from v1 to v2
Browse files Browse the repository at this point in the history
Signed-off-by: Henry Avetisyan <hga@yahooinc.com>
  • Loading branch information
havetisyan committed Aug 18, 2024
1 parent 2331676 commit d38530f
Show file tree
Hide file tree
Showing 6 changed files with 85 additions and 44 deletions.
15 changes: 14 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ module github.com/AthenZ/athenz
require (
cloud.google.com/go/secretmanager v1.13.4
github.com/ardielle/ardielle-go v1.5.2
github.com/aws/aws-sdk-go v1.54.19
github.com/aws/aws-sdk-go-v2 v1.30.4
github.com/cenkalti/backoff v2.2.1+incompatible
github.com/dimfeld/httptreemux v5.0.1+incompatible
github.com/envoyproxy/go-control-plane v0.12.0
Expand Down Expand Up @@ -39,6 +39,19 @@ require (
cloud.google.com/go/compute v1.27.2 // indirect
cloud.google.com/go/compute/metadata v0.4.0 // indirect
cloud.google.com/go/iam v1.1.10 // indirect
github.com/aws/aws-sdk-go-v2/config v1.27.28 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.17.28 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.12 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.16 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.16 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.18 // indirect
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.5 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.22.5 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.5 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.30.4 // indirect
github.com/aws/smithy-go v1.20.4 // indirect
github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect
Expand Down
28 changes: 28 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,34 @@ github.com/ardielle/ardielle-go v1.5.2 h1:TilHTpHIQJ27R1Tl/iITBzMwiUGSlVfiVhwDNG
github.com/ardielle/ardielle-go v1.5.2/go.mod h1:I4hy1n795cUhaVt/ojz83SNVCYIGsAFAONtv2Dr7HUI=
github.com/aws/aws-sdk-go v1.54.19 h1:tyWV+07jagrNiCcGRzRhdtVjQs7Vy41NwsuOcl0IbVI=
github.com/aws/aws-sdk-go v1.54.19/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
github.com/aws/aws-sdk-go-v2 v1.30.4 h1:frhcagrVNrzmT95RJImMHgabt99vkXGslubDaDagTk8=
github.com/aws/aws-sdk-go-v2 v1.30.4/go.mod h1:CT+ZPWXbYrci8chcARI3OmI/qgd+f6WtuLOoaIA8PR0=
github.com/aws/aws-sdk-go-v2/config v1.27.28 h1:OTxWGW/91C61QlneCtnD62NLb4W616/NM1jA8LhJqbg=
github.com/aws/aws-sdk-go-v2/config v1.27.28/go.mod h1:uzVRVtJSU5EFv6Fu82AoVFKozJi2ZCY6WRCXj06rbvs=
github.com/aws/aws-sdk-go-v2/credentials v1.17.28 h1:m8+AHY/ND8CMHJnPoH7PJIRakWGa4gbfbxuY9TGTUXM=
github.com/aws/aws-sdk-go-v2/credentials v1.17.28/go.mod h1:6TF7dSc78ehD1SL6KpRIPKMA1GyyWflIkjqg+qmf4+c=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.12 h1:yjwoSyDZF8Jth+mUk5lSPJCkMC0lMy6FaCD51jm6ayE=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.12/go.mod h1:fuR57fAgMk7ot3WcNQfb6rSEn+SUffl7ri+aa8uKysI=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.16 h1:TNyt/+X43KJ9IJJMjKfa3bNTiZbUP7DeCxfbTROESwY=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.16/go.mod h1:2DwJF39FlNAUiX5pAc0UNeiz16lK2t7IaFcm0LFHEgc=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.16 h1:jYfy8UPmd+6kJW5YhY0L1/KftReOGxI/4NtVSTh9O/I=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.16/go.mod h1:7ZfEPZxkW42Afq4uQB8H2E2e6ebh6mXTueEpYzjCzcs=
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 h1:KypMCbLPPHEmf9DgMGw51jMj77VfGPAN2Kv4cfhlfgI=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4/go.mod h1:Vz1JQXliGcQktFTN/LN6uGppAIRoLBR2bMvIMP0gOjc=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.18 h1:tJ5RnkHCiSH0jyd6gROjlJtNwov0eGYNz8s8nFcR0jQ=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.18/go.mod h1:++NHzT+nAF7ZPrHPsA+ENvsXkOO8wEu+C6RXltAG4/c=
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.5 h1:UDXu9dqpCZYonj7poM4kFISjzTdWI0v3WUusM+w+Gfc=
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.5/go.mod h1:5NPkI3RsTOhwz1CuG7VVSgJCm3CINKkoIaUbUZWQ67w=
github.com/aws/aws-sdk-go-v2/service/sso v1.22.5 h1:zCsFCKvbj25i7p1u94imVoO447I/sFv8qq+lGJhRN0c=
github.com/aws/aws-sdk-go-v2/service/sso v1.22.5/go.mod h1:ZeDX1SnKsVlejeuz41GiajjZpRSWR7/42q/EyA/QEiM=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.5 h1:SKvPgvdvmiTWoi0GAJ7AsJfOz3ngVkD/ERbs5pUnHNI=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.5/go.mod h1:20sz31hv/WsPa3HhU3hfrIet2kxM4Pe0r20eBZ20Tac=
github.com/aws/aws-sdk-go-v2/service/sts v1.30.4 h1:iAckBT2OeEK/kBDyN/jDtpEExhjeeA/Im2q4X0rJZT8=
github.com/aws/aws-sdk-go-v2/service/sts v1.30.4/go.mod h1:vmSqFK+BVIwVpDAGZB3CoCXHzurt4qBE8lf+I/kRTh0=
github.com/aws/smithy-go v1.20.4 h1:2HK1zBdPgRbjFOHlfeQZfpC4r72MOb9bZkiFwggKO+4=
github.com/aws/smithy-go v1.20.4/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
Expand Down
8 changes: 4 additions & 4 deletions libs/go/sia/aws/attestation/attestation.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
package attestation

import (
"context"
"encoding/json"
"fmt"
"log"
Expand All @@ -25,7 +26,7 @@ import (

"github.com/AthenZ/athenz/libs/go/sia/aws/options"
"github.com/AthenZ/athenz/libs/go/sia/aws/stssession"
"github.com/aws/aws-sdk-go/service/sts"
"github.com/aws/aws-sdk-go-v2/service/sts"
)

type AttestationData struct {
Expand Down Expand Up @@ -66,15 +67,14 @@ func New(opts *options.Options, service string) (*AttestationData, error) {

func getSTSToken(useRegionalSTS bool, region, account, role string) (*sts.AssumeRoleOutput, error) {
// Attempt STS AssumeRole
stsSession, err := stssession.New(useRegionalSTS, region)
stsClient, err := stssession.New(useRegionalSTS, region)
if err != nil {
log.Printf("unable to create new session: %v\n", err)
return nil, err
}
stsService := sts.New(stsSession)
roleArn := fmt.Sprintf("arn:aws:iam::%s:role/%s", account, role)
log.Printf("Trying to assume role: %v\n", roleArn)
return stsService.AssumeRole(&sts.AssumeRoleInput{
return stsClient.AssumeRole(context.TODO(), &sts.AssumeRoleInput{
RoleArn: &roleArn,
RoleSessionName: &role,
})
Expand Down
21 changes: 11 additions & 10 deletions libs/go/sia/aws/lambda/lambda.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,30 +17,31 @@
package lambda

import (
"context"
"crypto/tls"
"encoding/json"
"fmt"
"github.com/AthenZ/athenz/libs/go/sia/aws/attestation"
"github.com/AthenZ/athenz/libs/go/sia/aws/meta"
"github.com/AthenZ/athenz/libs/go/sia/aws/stssession"
"github.com/AthenZ/athenz/libs/go/sia/util"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/secretsmanager"
"github.com/aws/aws-sdk-go/service/sts"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
"github.com/aws/aws-sdk-go-v2/service/sts"
"strings"
)

func getLambdaAttestationData(domain, service, account string) ([]byte, error) {
data := &attestation.AttestationData{
Role: fmt.Sprintf("%s.%s", domain, service),
}
clientSession, err := session.NewSession()
stsClient, err := stssession.New(false, "")
if err != nil {
return nil, err
}
stsSession := sts.New(clientSession)
roleArn := fmt.Sprintf("arn:aws:iam::%s:role/%s", account, data.Role)
tok, err := stsSession.AssumeRole(&sts.AssumeRoleInput{
tok, err := stsClient.AssumeRole(context.TODO(), &sts.AssumeRoleInput{
RoleArn: &roleArn,
RoleSessionName: &data.Role,
})
Expand Down Expand Up @@ -109,15 +110,15 @@ func StoreAthenzIdentityInSecretManager(athenzDomain, athenzService, secretName
if err != nil {
return fmt.Errorf("unable to generate secret json data: %v", err)
}
clientSession, err := session.NewSession()
cfg, err := config.LoadDefaultConfig(context.TODO())
if err != nil {
return err
}
svc := secretsmanager.New(clientSession)
svc := secretsmanager.NewFromConfig(cfg)
input := &secretsmanager.PutSecretValueInput{
SecretId: aws.String(secretName),
SecretString: aws.String(string(keyCertJson)),
}
_, err = svc.PutSecretValue(input)
_, err = svc.PutSecretValue(context.TODO(), input)
return err
}
12 changes: 2 additions & 10 deletions libs/go/sia/aws/meta/meta.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,7 @@ package meta
import (
"fmt"
"github.com/AthenZ/athenz/libs/go/sia/aws/doc"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/sts"
"github.com/AthenZ/athenz/libs/go/sia/aws/stssession"
"io"
"log"
"net/http"
Expand Down Expand Up @@ -128,14 +127,7 @@ func getRegionFromInstanceDocument(metaEndPoint string) string {
}

func GetAccountId() string {
clientSession, err := session.NewSession()
if err != nil {
log.Printf("unable to create a new session: %v\n", err)
return ""
}
stsSession := sts.New(clientSession)
input := &sts.GetCallerIdentityInput{}
result, err := stsSession.GetCallerIdentity(input)
result, err := stssession.GetCallerIdentity(false, "")
if err != nil {
log.Printf("unable to extract caller identity: %v\n", err)
return ""
Expand Down
45 changes: 26 additions & 19 deletions libs/go/sia/aws/stssession/stssession.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,39 +17,46 @@
package stssession

import (
"context"
"fmt"
"github.com/AthenZ/athenz/libs/go/sia/util"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/sts"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/sts"
)

func New(useRegionalSTS bool, region string) (*session.Session, error) {
func New(useRegionalSTS bool, region string) (*sts.Client, error) {
if useRegionalSTS {
stsUrl := "sts." + region + ".amazonaws.com"
log.Printf("Creating session to regional STS endpoint: %s\n", stsUrl)
return session.NewSessionWithOptions(session.Options{
Config: aws.Config{
Endpoint: aws.String(stsUrl),
Region: aws.String(region),
},
})
cfg, err := config.LoadDefaultConfig(context.TODO(),
config.WithRegion(region),
)
if err != nil {
return nil, fmt.Errorf("unable to create new session: %v", err)
}
return sts.NewFromConfig(cfg, func(o *sts.Options) {
o.BaseEndpoint = aws.String(stsUrl)
}), nil
} else {
log.Print("Creating session to global STS endpoint\n")
return session.NewSession()
cfg, err := config.LoadDefaultConfig(context.TODO())
if err != nil {
return nil, fmt.Errorf("unable to create new session: %v", err)
}
return sts.NewFromConfig(cfg), nil
}
}

func GetMetaDetailsFromCreds(serviceSuffix, accessProfileSeparator string, useRegionalSTS bool, region string) (string, string, string, string, error) {
stsSession, err := New(useRegionalSTS, region)
func GetCallerIdentity(useRegionalSTS bool, region string) (*sts.GetCallerIdentityOutput, error) {
stsClient, err := New(useRegionalSTS, region)
if err != nil {
return "", "", "", "", fmt.Errorf("unable to create new session: %v", err)
return nil, err
}
stsService := sts.New(stsSession)
input := &sts.GetCallerIdentityInput{}
return stsClient.GetCallerIdentity(context.TODO(), input)
}

result, err := stsService.GetCallerIdentity(input)
func GetMetaDetailsFromCreds(serviceSuffix, accessProfileSeparator string, useRegionalSTS bool, region string) (string, string, string, string, error) {
result, err := GetCallerIdentity(useRegionalSTS, region)
if err != nil {
return "", "", "", "", err
}
Expand Down

0 comments on commit d38530f

Please sign in to comment.