diff --git a/go.mod b/go.mod index 23b9abe67..a4350b89c 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,6 @@ require ( github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 github.com/alecthomas/kingpin/v2 v2.4.0 github.com/aliyun/alibaba-cloud-sdk-go v1.63.0 - github.com/aws/aws-sdk-go v1.55.5 github.com/aws/aws-sdk-go-v2 v1.30.3 github.com/aws/aws-sdk-go-v2/config v1.27.27 github.com/aws/aws-sdk-go-v2/credentials v1.17.27 diff --git a/go.sum b/go.sum index ea9c32dcc..70d598d21 100644 --- a/go.sum +++ b/go.sum @@ -116,8 +116,6 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:W github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= -github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aws/aws-sdk-go-v2 v1.30.3 h1:jUeBtG0Ih+ZIFH0F4UkmL9w3cSpaMv9tYYDbzILP8dY= github.com/aws/aws-sdk-go-v2 v1.30.3/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc= diff --git a/provider/aws/session.go b/provider/aws/config.go similarity index 57% rename from provider/aws/session.go rename to provider/aws/config.go index 038963bb5..bbfca9e97 100644 --- a/provider/aws/session.go +++ b/provider/aws/config.go @@ -27,10 +27,6 @@ import ( "github.com/aws/aws-sdk-go-v2/config" stscredsv2 "github.com/aws/aws-sdk-go-v2/credentials/stscreds" "github.com/aws/aws-sdk-go-v2/service/sts" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/credentials/stscreds" - "github.com/aws/aws-sdk-go/aws/request" - "github.com/aws/aws-sdk-go/aws/session" "github.com/linki/instrumented_http" "github.com/sirupsen/logrus" @@ -83,92 +79,6 @@ func CreateV2Configs(cfg *externaldns.Config) map[string]awsv2.Config { return result } -func CreateDefaultSession(cfg *externaldns.Config) *session.Session { - result, err := newSession( - AWSSessionConfig{ - AssumeRole: cfg.AWSAssumeRole, - AssumeRoleExternalID: cfg.AWSAssumeRoleExternalID, - APIRetries: cfg.AWSAPIRetries, - }, - ) - if err != nil { - logrus.Fatal(err) - } - return result -} - -func CreateSessions(cfg *externaldns.Config) map[string]*session.Session { - result := make(map[string]*session.Session) - - if len(cfg.AWSProfiles) == 0 || (len(cfg.AWSProfiles) == 1 && cfg.AWSProfiles[0] == "") { - session, err := newSession( - AWSSessionConfig{ - AssumeRole: cfg.AWSAssumeRole, - AssumeRoleExternalID: cfg.AWSAssumeRoleExternalID, - APIRetries: cfg.AWSAPIRetries, - }, - ) - if err != nil { - logrus.Fatal(err) - } - result[defaultAWSProfile] = session - } else { - for _, profile := range cfg.AWSProfiles { - session, err := newSession( - AWSSessionConfig{ - AssumeRole: cfg.AWSAssumeRole, - AssumeRoleExternalID: cfg.AWSAssumeRoleExternalID, - APIRetries: cfg.AWSAPIRetries, - Profile: profile, - }, - ) - if err != nil { - logrus.Fatal(err) - } - result[profile] = session - } - } - return result -} - -func newSession(awsConfig AWSSessionConfig) (*session.Session, error) { - config := aws.NewConfig().WithMaxRetries(awsConfig.APIRetries) - - config.WithHTTPClient( - instrumented_http.NewClient(config.HTTPClient, &instrumented_http.Callbacks{ - PathProcessor: func(path string) string { - parts := strings.Split(path, "/") - return parts[len(parts)-1] - }, - }), - ) - - session, err := session.NewSessionWithOptions(session.Options{ - Config: *config, - SharedConfigState: session.SharedConfigEnable, - Profile: awsConfig.Profile, - }) - if err != nil { - return nil, fmt.Errorf("instantiating AWS session: %w", err) - } - - if awsConfig.AssumeRole != "" { - if awsConfig.AssumeRoleExternalID != "" { - logrus.Infof("Assuming role: %s with external id %s", awsConfig.AssumeRole, awsConfig.AssumeRoleExternalID) - session.Config.WithCredentials(stscreds.NewCredentials(session, awsConfig.AssumeRole, func(p *stscreds.AssumeRoleProvider) { - p.ExternalID = &awsConfig.AssumeRoleExternalID - })) - } else { - logrus.Infof("Assuming role: %s", awsConfig.AssumeRole) - session.Config.WithCredentials(stscreds.NewCredentials(session, awsConfig.AssumeRole)) - } - } - - session.Handlers.Build.PushBack(request.MakeAddToUserAgentHandler("ExternalDNS", externaldns.Version)) - - return session, nil -} - func newV2Config(awsConfig AWSSessionConfig) (awsv2.Config, error) { defaultOpts := []func(*config.LoadOptions) error{ config.WithRetryer(func() awsv2.Retryer { diff --git a/provider/aws/session_test.go b/provider/aws/config_test.go similarity index 66% rename from provider/aws/session_test.go rename to provider/aws/config_test.go index b73485c03..00b3b46aa 100644 --- a/provider/aws/session_test.go +++ b/provider/aws/config_test.go @@ -25,45 +25,6 @@ import ( "github.com/stretchr/testify/require" ) -func Test_newSession(t *testing.T) { - t.Run("should use profile from credentials file", func(t *testing.T) { - // setup - credsFile, err := prepareCredentialsFile(t) - defer os.Remove(credsFile.Name()) - require.NoError(t, err) - os.Setenv("AWS_SHARED_CREDENTIALS_FILE", credsFile.Name()) - defer os.Unsetenv("AWS_SHARED_CREDENTIALS_FILE") - - // when - s, err := newSession(AWSSessionConfig{Profile: "profile2"}) - require.NoError(t, err) - creds, err := s.Config.Credentials.Get() - - // then - assert.NoError(t, err) - assert.Equal(t, "AKID2345", creds.AccessKeyID) - assert.Equal(t, "SECRET2", creds.SecretAccessKey) - }) - - t.Run("should respect env variables without profile", func(t *testing.T) { - // setup - os.Setenv("AWS_ACCESS_KEY_ID", "AKIAIOSFODNN7EXAMPLE") - os.Setenv("AWS_SECRET_ACCESS_KEY", "topsecret") - defer os.Unsetenv("AWS_ACCESS_KEY_ID") - defer os.Unsetenv("AWS_SECRET_ACCESS_KEY") - - // when - s, err := newSession(AWSSessionConfig{}) - require.NoError(t, err) - creds, err := s.Config.Credentials.Get() - - // then - assert.NoError(t, err) - assert.Equal(t, "AKIAIOSFODNN7EXAMPLE", creds.AccessKeyID) - assert.Equal(t, "topsecret", creds.SecretAccessKey) - }) -} - func Test_newV2Config(t *testing.T) { t.Run("should use profile from credentials file", func(t *testing.T) { // setup