chore: Upgrade to aws-sdk-go-v2 (#481)

This is a major update to chamber's support for the S3, SSM, and Secrets
Manager store implementations. Every effort was made to preserve
functionality, but there is one gap.

The v2 SDK does not expose a retryer field for a minimum throttle delay,
so that argument is currently ignored when constructing new SSM stores.
Support for the delay will be addressed later.

The v2 SDK does not offer "iface" interfaces for the various clients, so
instead interfaces tailored to what chamber uses are defined. For
testing, these new interfaces are mocked, and mock types are generated
using github.com/matryer/moq. You don't need moq to use chamber or even
to build it, but only if you are developing chamber and make a change to
an API interface.

Also, old code in the SSM store implementation that allowed it to work
without IAM permissions for ssm:GetParametersByPath has been eliminated.
The permissions have been expected for a long time now.

Co-authored-by: Ryan McKern <[email protected]>

.gitattributes

@@ -0,0 +1,2 @@
+/go.sum linguist-generated=true
+/store/awsapi_mock.go linguist-generated=true

Makefile

@@ -18,10 +18,21 @@ VERSION_MAJOR_MINOR := $(shell echo "$(VERSION)" | sed 's/^v\([0-9]*.[0-9]*\).*/
 VERSION_MAJOR := $(shell echo "$(VERSION)" | sed 's/^v\([0-9]*\).*/\1/')
 ANALYTICS_WRITE_KEY ?=
 LDFLAGS := -ldflags='-X "main.Version=$(VERSION)" -X "main.AnalyticsWriteKey=$(ANALYTICS_WRITE_KEY)"'
+MOQ := $(shell command -v moq 2> /dev/null)
+SRC := $(shell find . -name '*.go')
 
-test:
+test: store/awsapi_mock.go
 	go test -v ./...
 
+store/awsapi_mock.go: store/awsapi.go
+ifdef MOQ
+	rm -f $@
+	go generate ./...
+else
+	@echo "Unable to generate mocks"
+	@echo "Please install moq: go install github.com/matryer/moq@latest"
+endif
+
 all: dist/chamber-$(VERSION)-darwin-amd64 dist/chamber-$(VERSION)-linux-amd64 dist/chamber-$(VERSION)-windows-amd64.exe
 
 clean:
@@ -32,7 +43,7 @@ dist/:
 
 build: chamber
 
-chamber:
+chamber: $(SRC)
 	CGO_ENABLED=0 go build -trimpath $(LDFLAGS) -o $@
 
 dist/chamber-$(VERSION)-darwin-amd64: | dist/

go.mod

@@ -4,7 +4,14 @@ go 1.20
 
 require (
 	github.com/alessio/shellescape v1.4.2
-	github.com/aws/aws-sdk-go v1.51.21
+	github.com/aws/aws-sdk-go-v2 v1.26.1
+	github.com/aws/aws-sdk-go-v2/config v1.27.11
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.53.1
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.6
+	github.com/aws/aws-sdk-go-v2/service/ssm v1.49.5
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.6
+	github.com/aws/smithy-go v1.20.2
 	github.com/magiconair/properties v1.8.7
 	github.com/segmentio/analytics-go/v3 v3.3.0
 	github.com/spf13/cobra v1.8.0
@@ -14,6 +21,18 @@ require (
 )
 
 require (
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect
 	github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/google/uuid v1.3.1 // indirect

store/awsapi.go

@@ -0,0 +1,47 @@
+package store
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/service/s3"
+	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
+	"github.com/aws/aws-sdk-go-v2/service/ssm"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
+)
+
+// The interfaces defined here collect together all of the SDK functions used
+// throughout chamber. Code that works with AWS does so through these interfaces.
+// The "real" AWS SDK client objects implement these interfaces, since they
+// contain all of the methods (and more). Mock versions of these interfaces are
+// generated using the moq utility for substitution in unit tests. For more, see
+// https://aws.github.io/aws-sdk-go-v2/docs/unit-testing/ .
+
+//go:generate moq -out awsapi_mock.go . apiS3 apiSSM apiSTS apiSecretsManager
+
+type apiS3 interface {
+	DeleteObject(ctx context.Context, params *s3.DeleteObjectInput, optFns ...func(*s3.Options)) (*s3.DeleteObjectOutput, error)
+	GetObject(ctx context.Context, params *s3.GetObjectInput, optFns ...func(*s3.Options)) (*s3.GetObjectOutput, error)
+	ListObjectsV2(ctx context.Context, params *s3.ListObjectsV2Input, optFns ...func(*s3.Options)) (*s3.ListObjectsV2Output, error)
+	PutObject(ctx context.Context, params *s3.PutObjectInput, optFns ...func(*s3.Options)) (*s3.PutObjectOutput, error)
+}
+
+type apiSSM interface {
+	DeleteParameter(ctx context.Context, params *ssm.DeleteParameterInput, optFns ...func(*ssm.Options)) (*ssm.DeleteParameterOutput, error)
+	DescribeParameters(ctx context.Context, params *ssm.DescribeParametersInput, optFns ...func(*ssm.Options)) (*ssm.DescribeParametersOutput, error)
+	GetParameterHistory(ctx context.Context, params *ssm.GetParameterHistoryInput, optFns ...func(*ssm.Options)) (*ssm.GetParameterHistoryOutput, error)
+	GetParameters(ctx context.Context, params *ssm.GetParametersInput, optFns ...func(*ssm.Options)) (*ssm.GetParametersOutput, error)
+	GetParametersByPath(ctx context.Context, params *ssm.GetParametersByPathInput, optFns ...func(*ssm.Options)) (*ssm.GetParametersByPathOutput, error)
+	PutParameter(ctx context.Context, params *ssm.PutParameterInput, optFns ...func(*ssm.Options)) (*ssm.PutParameterOutput, error)
+}
+
+type apiSTS interface {
+	GetCallerIdentity(ctx context.Context, params *sts.GetCallerIdentityInput, optFns ...func(*sts.Options)) (*sts.GetCallerIdentityOutput, error)
+}
+
+type apiSecretsManager interface {
+	CreateSecret(ctx context.Context, params *secretsmanager.CreateSecretInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.CreateSecretOutput, error)
+	DescribeSecret(ctx context.Context, params *secretsmanager.DescribeSecretInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.DescribeSecretOutput, error)
+	GetSecretValue(ctx context.Context, params *secretsmanager.GetSecretValueInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error)
+	ListSecretVersionIds(ctx context.Context, params *secretsmanager.ListSecretVersionIdsInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.ListSecretVersionIdsOutput, error)
+	PutSecretValue(ctx context.Context, params *secretsmanager.PutSecretValueInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.PutSecretValueOutput, error)
+}