From 20b9ec256a41771921a85e429d7cb2c4a789bd01 Mon Sep 17 00:00:00 2001 From: Natsuki Ikeguchi Date: Mon, 3 Jul 2023 23:40:47 +0900 Subject: [PATCH] feat: Migrate S3 backend to AWS SDK for Go v2 Signed-off-by: Natsuki Ikeguchi --- go.mod | 36 ++- go.sum | 73 +++++- internal/backend/remote-state/s3/backend.go | 101 ++++---- .../backend/remote-state/s3/backend_state.go | 27 ++- .../backend/remote-state/s3/backend_test.go | 220 +++++++++--------- internal/backend/remote-state/s3/client.go | 113 ++++----- 6 files changed, 339 insertions(+), 231 deletions(-) diff --git a/go.mod b/go.mod index e1033c0acf2d..ee57e066b37d 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,10 @@ require ( github.com/apparentlymart/go-userdirs v0.0.0-20200915174352-b0c018a67c13 github.com/apparentlymart/go-versions v1.0.1 github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2 - github.com/aws/aws-sdk-go v1.44.122 + github.com/aws/aws-sdk-go-v2 v1.18.1 + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 + github.com/aws/aws-sdk-go-v2/service/dynamodb v1.20.0 + github.com/aws/aws-sdk-go-v2/service/s3 v1.36.0 github.com/bgentry/speakeasy v0.1.0 github.com/bmatcuk/doublestar v1.1.5 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e @@ -28,7 +31,7 @@ require ( github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.5.9 github.com/google/uuid v1.3.0 - github.com/hashicorp/aws-sdk-go-base v0.7.1 + github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.30 github.com/hashicorp/consul/api v1.13.0 github.com/hashicorp/consul/sdk v0.8.0 github.com/hashicorp/copywrite v0.16.3 @@ -37,7 +40,7 @@ require ( github.com/hashicorp/go-checkpoint v0.5.0 github.com/hashicorp/go-cleanhttp v0.5.2 github.com/hashicorp/go-getter v1.7.0 - github.com/hashicorp/go-hclog v1.4.0 + github.com/hashicorp/go-hclog v1.5.0 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-plugin v1.4.3 github.com/hashicorp/go-retryablehttp v0.7.4 @@ -129,6 +132,24 @@ require ( github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da // indirect github.com/armon/go-radix v1.0.0 // indirect github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect + github.com/aws/aws-sdk-go v1.44.122 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect + github.com/aws/aws-sdk-go-v2/config v1.18.25 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.13.24 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26 // indirect + github.com/aws/aws-sdk-go-v2/service/iam v1.20.0 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.28 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.19.0 // indirect + github.com/aws/smithy-go v1.13.5 // indirect github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/bmatcuk/doublestar/v4 v4.6.0 // indirect @@ -141,9 +162,9 @@ require ( github.com/creack/pty v1.1.18 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect github.com/dylanmei/iso8601 v0.1.0 // indirect - github.com/fatih/color v1.13.0 // indirect + github.com/fatih/color v1.14.1 // indirect github.com/fsnotify/fsnotify v1.5.4 // indirect - github.com/go-logr/logr v1.2.0 // indirect + github.com/go-logr/logr v1.2.4 // indirect github.com/go-openapi/errors v0.20.2 // indirect github.com/go-openapi/strfmt v0.21.3 // indirect github.com/gofrs/uuid v4.0.0+incompatible // indirect @@ -164,6 +185,7 @@ require ( github.com/hashicorp/go-slug v0.11.1 // indirect github.com/hashicorp/golang-lru v0.5.1 // indirect github.com/hashicorp/serf v0.9.6 // indirect + github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect github.com/henvic/httpretty v0.0.6 // indirect github.com/huandu/xstrings v1.3.3 // indirect @@ -208,7 +230,9 @@ require ( github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect go.mongodb.org/mongo-driver v1.11.6 // indirect go.opencensus.io v0.23.0 // indirect - golang.org/x/exp v0.0.0-20220303212507-bbda1eaf7a17 // indirect + go.opentelemetry.io/otel v1.15.1 // indirect + go.opentelemetry.io/otel/trace v1.15.1 // indirect + golang.org/x/exp v0.0.0-20230131160201-f062dba9d201 // indirect golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a // indirect golang.org/x/sync v0.3.0 // indirect golang.org/x/time v0.3.0 // indirect diff --git a/go.sum b/go.sum index 85f64ce472c4..cfcd0cf96613 100644 --- a/go.sum +++ b/go.sum @@ -300,19 +300,64 @@ github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgI github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef h1:46PFijGLmAjMPwCCCo7Jf0W6f9slllCkkv7vyc1yOSg= github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/aws/aws-sdk-go v1.31.9/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.44.122 h1:p6mw01WBaNpbdP2xrisz5tIkcNwzj/HysobNoaAHjgo= github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go-v2 v1.9.2/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4= +github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= +github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo= +github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 h1:dK82zF6kkPeCo8J1e+tGx4JdvDIQzj7ygIoLg8WMuGs= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10/go.mod h1:VeTZetY5KRJLuD/7fkQXMU6Mw7H5m/KP2J5Iy9osMno= github.com/aws/aws-sdk-go-v2/config v1.8.3/go.mod h1:4AEiLtAb8kLs7vgw2ZV3p2VZ1+hBavOc84hqxVNpCyw= +github.com/aws/aws-sdk-go-v2/config v1.18.25 h1:JuYyZcnMPBiFqn87L2cRppo+rNwgah6YwD3VuyvaW6Q= +github.com/aws/aws-sdk-go-v2/config v1.18.25/go.mod h1:dZnYpD5wTW/dQF0rRNLVypB396zWCcPiBIvdvSWHEg4= github.com/aws/aws-sdk-go-v2/credentials v1.4.3/go.mod h1:FNNC6nQZQUuyhq5aE5c7ata8o9e4ECGmS4lAXC7o1mQ= +github.com/aws/aws-sdk-go-v2/credentials v1.13.24 h1:PjiYyls3QdCrzqUN35jMWtUK1vqVZ+zLfdOa/UPFDp0= +github.com/aws/aws-sdk-go-v2/credentials v1.13.24/go.mod h1:jYPYi99wUOPIFi0rhiOvXeSEReVOzBqFNOX5bXYoG2o= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.6.0/go.mod h1:gqlclDEZp4aqJOancXK6TN24aKhT0W0Ae9MHk3wzTMM= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 h1:jJPgroehGvjrde3XufFIJUZVK5A2L9a3KwSFgKy9n8w= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3/go.mod h1:4Q0UFP0YJf0NrsEuEYHpM9fTSEVnD16Z3uyEF7J9JGM= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 h1:A5UqQEmPaCFpedKouS4v+dHCTUo2sKqhoKO9U5kxyWo= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 h1:srIVS45eQuewqz6fKKu6ZGXaq6FuFg5NzgQBAM6g8Y4= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw= github.com/aws/aws-sdk-go-v2/internal/ini v1.2.4/go.mod h1:ZcBrrI3zBKlhGFNYWvju0I3TR93I7YIgAfy82Fh4lcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 h1:gGLG7yKaXG02/jBlg210R7VgQIotiQntNhsCFejawx8= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34/go.mod h1:Etz2dj6UHYuw+Xw830KfzCfWGMzqvUTCjUj5b76GVDc= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26 h1:wscW+pnn3J1OYnanMnza5ZVYXLX4cKk5rAvUAl4Qu+c= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26/go.mod h1:MtYiox5gvyB+OyP0Mr0Sm/yzbEAIPL9eijj/ouHAPw0= github.com/aws/aws-sdk-go-v2/service/appconfig v1.4.2/go.mod h1:FZ3HkCe+b10uFZZkFdvf98LHW21k49W8o8J366lqVKY= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.20.0 h1:ov790XKhwAziEXcl6WrjsbyWkGpboK7Cmikpe5gAzMw= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.20.0/go.mod h1:W1oiFegjVosgjIwb2Vv45jiCQT1ee8x85u8EyZRYLes= +github.com/aws/aws-sdk-go-v2/service/iam v1.20.0 h1:ywXSXkssdnuPlJyCZVO5kAUQhFm/RhsbvWRHklJ0uH4= +github.com/aws/aws-sdk-go-v2/service/iam v1.20.0/go.mod h1:kAnokExGCYs7zfvZEZdFHvQ/x4ZKIci0Raps6mZI1Ag= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 h1:y2+VQzC6Zh2ojtV2LoC0MNwHWc6qXv/j2vrQtlftkdA= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11/go.mod h1:iV4q2hsqtNECrfmlXyord9u4zyuFEJX9eLgLpSPzWA8= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29 h1:zZSLP3v3riMOP14H7b4XP0uyfREDQOYv2cqIrvTXDNQ= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29/go.mod h1:z7EjRjVwZ6pWcWdI2H64dKttvzaP99jRIj5hphW0M5U= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.28 h1:/D994rtMQd1jQ2OY+7tvUlMlrv1L1c7Xtma/FhkbVtY= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.28/go.mod h1:3bJI2pLY3ilrqO5EclusI1GbjFJh1iXYrhOItf2sjKw= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.3.2/go.mod h1:72HRZDLMtmVQiLG2tLfQcaWLCssELvGl+Zf2WVxMmR8= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27/go.mod h1:EOwBD4J4S5qYszS5/3DpkejfuK+Z5/1uzICfPaZLtqw= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a929RCnpVSTvLM2j/T4ls015ZhhYApbmYs15s= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3 h1:dBL3StFxHtpBzJJ/mNEsjXVgfO+7jR0dAIEwLqMapEA= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3/go.mod h1:f1QyiAsvIv4B49DmCqrhlXqyaR+0IxMmyX+1P+AnzOM= +github.com/aws/aws-sdk-go-v2/service/s3 v1.36.0 h1:lEmQ1XSD9qLk+NZXbgvLJI/IiTz7OIR2TYUTFH25EI4= +github.com/aws/aws-sdk-go-v2/service/s3 v1.36.0/go.mod h1:aVbf0sko/TsLWHx30c/uVu7c62+0EAJ3vbxaJga0xCw= github.com/aws/aws-sdk-go-v2/service/sso v1.4.2/go.mod h1:NBvT9R1MEF+Ud6ApJKM0G+IkPchKS7p7c2YPKwHmBOk= +github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 h1:UBQjaMTCKwyUYwiVnUt6toEJwGXsLBI6al083tpjJzY= +github.com/aws/aws-sdk-go-v2/service/sso v1.12.10/go.mod h1:ouy2P4z6sJN70fR3ka3wD3Ro3KezSxU6eKGQI2+2fjI= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 h1:PkHIIJs8qvq0e5QybnZoG1K/9QTrLr9OsqCIo59jOBA= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10/go.mod h1:AFvkxc8xfBe8XA+5St5XIHHrQQtkxqrRincx4hmMHOk= github.com/aws/aws-sdk-go-v2/service/sts v1.7.2/go.mod h1:8EzeIqfWt2wWT4rJVu3f21TfrhJ8AEMzVybRNSb/b4g= +github.com/aws/aws-sdk-go-v2/service/sts v1.19.0 h1:2DQLAKDteoEDI8zpCzqBMaZlJuoE9iTYD0gFmXVax9E= +github.com/aws/aws-sdk-go-v2/service/sts v1.19.0/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8= github.com/aws/smithy-go v1.8.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= +github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8= +github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f h1:ZNv7On9kyUzm7fvRZumSyy/IUiSC7AzL0I1jKKtwooA= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -396,8 +441,9 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= -github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= +github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= +github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= @@ -420,8 +466,9 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v1.2.0 h1:QK40JKJyMdUDz+h+xvCsru/bJhvG0UxvePV0ufL/AcE= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-openapi/errors v0.20.2 h1:dxy7PGTqEh94zj2E3h1cUmQQWiM1+aeCROfAr02EmK8= github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= @@ -430,7 +477,6 @@ github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL9 github.com/go-openapi/strfmt v0.21.3 h1:xwhj5X6CjXEZZHMWy1zKJxvW9AfHC9pkyUjLvHtKG7o= github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-test/deep v1.0.1/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= @@ -565,8 +611,8 @@ github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:Fecb github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw= -github.com/hashicorp/aws-sdk-go-base v0.7.1 h1:7s/aR3hFn74tYPVihzDyZe7y/+BorN70rr9ZvpV3j3o= -github.com/hashicorp/aws-sdk-go-base v0.7.1/go.mod h1:2fRjWDv3jJBeN6mVWFHV6hFTNeFBx2gpDLQaZNxUVAY= +github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.30 h1:YHPHkdUeRn56Djgq2t1/MllXh5rOFKKBg87LvG7ZbI0= +github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.30/go.mod h1:eBFMtEbjCseWKRv5/M6SONGS0mSbMjxAeVMjCuDLGYE= github.com/hashicorp/consul/api v1.13.0 h1:2hnLQ0GjQvw7f3O61jMO8gbasZviZTrt9R8WzgiirHc= github.com/hashicorp/consul/api v1.13.0/go.mod h1:ZlVrynguJKcYr54zGaDbaL3fOvKC9m72FhPvA8T35KQ= github.com/hashicorp/consul/sdk v0.8.0 h1:OJtKBtEjboEZvG6AOUdh4Z1Zbyu0WcxQ0qatRrZHTVU= @@ -592,8 +638,8 @@ github.com/hashicorp/go-hclog v0.8.0/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrj github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-hclog v1.4.0 h1:ctuWFGrhFha8BnnzxqeRGidlEcQkDyL5u8J8t5eA11I= -github.com/hashicorp/go-hclog v1.4.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= +github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-immutable-radix v1.0.0 h1:AKDB1HM5PWEA7i4nhcpwOrO2byshxBjXVn/J/3+z5/0= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= @@ -649,6 +695,8 @@ github.com/hashicorp/memberlist v0.3.0 h1:8+567mCcFDnS5ADl7lrpxPMWiFCElyUEeW0gtj github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/serf v0.9.6 h1:uuEX1kLR6aoda1TBttmJQKDLZE1Ob7KN0NPdE7EtCDc= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= +github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0= +github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c h1:D8aRO6+mTqHfLsK/BC3j5OAoogv1WLRWzY1AaTo3rBg= github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c/go.mod h1:Wn3Na71knbXc1G8Lh+yu/dQWWJeFQEpDeJMtWMtlmNI= github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg= @@ -685,7 +733,6 @@ github.com/jedib0t/go-pretty/v6 v6.4.4/go.mod h1:MgmISkTWDSFu0xOqiZ0mKNntMQ2mDgO github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE= github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= @@ -999,6 +1046,10 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= +go.opentelemetry.io/otel v1.15.1 h1:3Iwq3lfRByPaws0f6bU3naAqOR1n5IeDWd9390kWHa8= +go.opentelemetry.io/otel v1.15.1/go.mod h1:mHHGEHVDLal6YrKMmk9LqC4a3sF5g+fHfrttQIB1NTc= +go.opentelemetry.io/otel/trace v1.15.1 h1:uXLo6iHJEzDfrNC0L0mNjItIp06SyaBQxu5t3xMlngY= +go.opentelemetry.io/otel/trace v1.15.1/go.mod h1:IWdQG/5N1x7f6YUlmdLeJvH9yxtuJAfc4VW5Agv9r/8= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= @@ -1035,8 +1086,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20220303212507-bbda1eaf7a17 h1:3MTrJm4PyNL9NBqvYDSj3DHl46qQakyfqfWo4jgfaEM= -golang.org/x/exp v0.0.0-20220303212507-bbda1eaf7a17/go.mod h1:lgLbSvA5ygNOMpwM/9anMpWVlVJ7Z+cHWq/eFuinpGE= +golang.org/x/exp v0.0.0-20230131160201-f062dba9d201 h1:BEABXpNXLEz0WxtA+6CQIz2xkg80e+1zrhWyMcq8VzE= +golang.org/x/exp v0.0.0-20230131160201-f062dba9d201/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a h1:Jw5wfR+h9mnIYH+OtGT2im5wV1YGGDora5vTv/aa5bE= golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= diff --git a/internal/backend/remote-state/s3/backend.go b/internal/backend/remote-state/s3/backend.go index aa64869f7e14..5197d07b9cb5 100644 --- a/internal/backend/remote-state/s3/backend.go +++ b/internal/backend/remote-state/s3/backend.go @@ -9,11 +9,13 @@ import ( "errors" "fmt" "strings" + "time" + + "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" + "github.com/aws/aws-sdk-go-v2/service/dynamodb" + "github.com/aws/aws-sdk-go-v2/service/s3" + awsbase "github.com/hashicorp/aws-sdk-go-base/v2" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/dynamodb" - "github.com/aws/aws-sdk-go/service/s3" - awsbase "github.com/hashicorp/aws-sdk-go-base" "github.com/hashicorp/terraform/internal/backend" "github.com/hashicorp/terraform/internal/legacy/helper/schema" "github.com/hashicorp/terraform/internal/logging" @@ -280,8 +282,8 @@ type Backend struct { *schema.Backend // The fields below are set from configure - s3Client *s3.S3 - dynClient *dynamodb.DynamoDB + s3Client *s3.Client + dynClient *dynamodb.Client bucketName string keyName string @@ -328,34 +330,42 @@ func (b *Backend) configure(ctx context.Context) error { } } + var assumeRole *awsbase.AssumeRole + + roleARN := data.Get("role_arn").(string) + if roleARN != "" { + assumeRole = &awsbase.AssumeRole{ + RoleARN: roleARN, + Duration: time.Duration(data.Get("assume_role_duration_seconds").(int)) * time.Second, + ExternalID: data.Get("external_id").(string), + Policy: data.Get("assume_role_policy").(string), + SessionName: data.Get("session_name").(string), + } + } + cfg := &awsbase.Config{ - AccessKey: data.Get("access_key").(string), - AssumeRoleARN: data.Get("role_arn").(string), - AssumeRoleDurationSeconds: data.Get("assume_role_duration_seconds").(int), - AssumeRoleExternalID: data.Get("external_id").(string), - AssumeRolePolicy: data.Get("assume_role_policy").(string), - AssumeRoleSessionName: data.Get("session_name").(string), - CallerDocumentationURL: "https://www.terraform.io/docs/language/settings/backends/s3.html", - CallerName: "S3 Backend", - CredsFilename: data.Get("shared_credentials_file").(string), - DebugLogging: logging.IsDebugOrHigher(), - IamEndpoint: data.Get("iam_endpoint").(string), - MaxRetries: data.Get("max_retries").(int), - Profile: data.Get("profile").(string), - Region: data.Get("region").(string), - SecretKey: data.Get("secret_key").(string), - SkipCredsValidation: data.Get("skip_credentials_validation").(bool), - SkipMetadataApiCheck: data.Get("skip_metadata_api_check").(bool), - StsEndpoint: data.Get("sts_endpoint").(string), - Token: data.Get("token").(string), - UserAgentProducts: []*awsbase.UserAgentProduct{ + AccessKey: data.Get("access_key").(string), + AssumeRole: assumeRole, + CallerDocumentationURL: "https://www.terraform.io/docs/language/settings/backends/s3.html", + CallerName: "S3 Backend", + IamEndpoint: data.Get("iam_endpoint").(string), + MaxRetries: data.Get("max_retries").(int), + Profile: data.Get("profile").(string), + Region: data.Get("region").(string), + SecretKey: data.Get("secret_key").(string), + SharedCredentialsFiles: []string{data.Get("shared_credentials_file").(string)}, + SkipCredsValidation: data.Get("skip_credentials_validation").(bool), + StsEndpoint: data.Get("sts_endpoint").(string), + SuppressDebugLog: !logging.IsDebugOrHigher(), + Token: data.Get("token").(string), + UserAgent: awsbase.UserAgentProducts{ {Name: "APN", Version: "1.0"}, {Name: "HashiCorp", Version: "1.0"}, {Name: "Terraform", Version: version.String()}, }, } - if policyARNSet := data.Get("assume_role_policy_arns").(*schema.Set); policyARNSet.Len() > 0 { + if policyARNSet := data.Get("assume_role_policy_arns").(*schema.Set); policyARNSet.Len() > 0 && cfg.AssumeRole != nil { for _, policyARNRaw := range policyARNSet.List() { policyARN, ok := policyARNRaw.(string) @@ -363,12 +373,12 @@ func (b *Backend) configure(ctx context.Context) error { continue } - cfg.AssumeRolePolicyARNs = append(cfg.AssumeRolePolicyARNs, policyARN) + cfg.AssumeRole.PolicyARNs = append(cfg.AssumeRole.PolicyARNs, policyARN) } } - if tagMap := data.Get("assume_role_tags").(map[string]interface{}); len(tagMap) > 0 { - cfg.AssumeRoleTags = make(map[string]string) + if tagMap := data.Get("assume_role_tags").(map[string]interface{}); len(tagMap) > 0 && cfg.AssumeRole != nil { + cfg.AssumeRole.Tags = make(map[string]string) for k, vRaw := range tagMap { v, ok := vRaw.(string) @@ -377,11 +387,11 @@ func (b *Backend) configure(ctx context.Context) error { continue } - cfg.AssumeRoleTags[k] = v + cfg.AssumeRole.Tags[k] = v } } - if transitiveTagKeySet := data.Get("assume_role_transitive_tag_keys").(*schema.Set); transitiveTagKeySet.Len() > 0 { + if transitiveTagKeySet := data.Get("assume_role_transitive_tag_keys").(*schema.Set); transitiveTagKeySet.Len() > 0 && cfg.AssumeRole != nil { for _, transitiveTagKeyRaw := range transitiveTagKeySet.List() { transitiveTagKey, ok := transitiveTagKeyRaw.(string) @@ -389,22 +399,31 @@ func (b *Backend) configure(ctx context.Context) error { continue } - cfg.AssumeRoleTransitiveTagKeys = append(cfg.AssumeRoleTransitiveTagKeys, transitiveTagKey) + cfg.AssumeRole.TransitiveTagKeys = append(cfg.AssumeRole.TransitiveTagKeys, transitiveTagKey) } } - sess, err := awsbase.GetSession(cfg) + if data.Get("skip_metadata_api_check").(bool) { + cfg.EC2MetadataServiceEnableState = imds.ClientEnabled + } + + ctx, awsConfig, err := awsbase.GetAwsConfig(ctx, cfg) if err != nil { return fmt.Errorf("error configuring S3 Backend: %w", err) } - b.dynClient = dynamodb.New(sess.Copy(&aws.Config{ - Endpoint: aws.String(data.Get("dynamodb_endpoint").(string)), - })) - b.s3Client = s3.New(sess.Copy(&aws.Config{ - Endpoint: aws.String(data.Get("endpoint").(string)), - S3ForcePathStyle: aws.Bool(data.Get("force_path_style").(bool)), - })) + b.dynClient = dynamodb.NewFromConfig( + awsConfig, + dynamodb.WithEndpointResolver(dynamodb.EndpointResolverFromURL(data.Get("dynamodb_endpoint").(string))), + ) + + b.s3Client = s3.NewFromConfig( + awsConfig, + s3.WithEndpointResolver(s3.EndpointResolverFromURL(data.Get("endpoint").(string))), + func(opts *s3.Options) { + opts.UsePathStyle = data.Get("force_path_style").(bool) + }, + ) return nil } diff --git a/internal/backend/remote-state/s3/backend_state.go b/internal/backend/remote-state/s3/backend_state.go index add7d399d88c..098f37d3fad6 100644 --- a/internal/backend/remote-state/s3/backend_state.go +++ b/internal/backend/remote-state/s3/backend_state.go @@ -4,15 +4,16 @@ package s3 import ( + "context" "errors" "fmt" "path" "sort" "strings" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/awserr" - "github.com/aws/aws-sdk-go/service/s3" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/s3" + "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/hashicorp/terraform/internal/backend" "github.com/hashicorp/terraform/internal/states" @@ -29,25 +30,29 @@ func (b *Backend) Workspaces() ([]string, error) { prefix = b.workspaceKeyPrefix + "/" } - params := &s3.ListObjectsInput{ + params := &s3.ListObjectsV2Input{ Bucket: &b.bucketName, Prefix: aws.String(prefix), - MaxKeys: aws.Int64(maxKeys), + MaxKeys: maxKeys, } wss := []string{backend.DefaultStateName} - err := b.s3Client.ListObjectsPages(params, func(page *s3.ListObjectsOutput, lastPage bool) bool { + paginator := s3.NewListObjectsV2Paginator(b.s3Client, params) + for paginator.HasMorePages() { + page, err := paginator.NextPage(context.TODO()) + if err != nil { + var noSuchBucket *types.NoSuchBucket + if errors.As(err, &noSuchBucket) { + return nil, fmt.Errorf(errS3NoSuchBucket, err) + } + } + for _, obj := range page.Contents { ws := b.keyEnv(*obj.Key) if ws != "" { wss = append(wss, ws) } } - return !lastPage - }) - - if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == s3.ErrCodeNoSuchBucket { - return nil, fmt.Errorf(errS3NoSuchBucket, err) } sort.Strings(wss[1:]) diff --git a/internal/backend/remote-state/s3/backend_test.go b/internal/backend/remote-state/s3/backend_test.go index 92fe40b2c346..43006e622a30 100644 --- a/internal/backend/remote-state/s3/backend_test.go +++ b/internal/backend/remote-state/s3/backend_test.go @@ -4,6 +4,7 @@ package s3 import ( + "context" "fmt" "net/url" "os" @@ -11,10 +12,12 @@ import ( "testing" "time" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/dynamodb" - "github.com/aws/aws-sdk-go/service/s3" - awsbase "github.com/hashicorp/aws-sdk-go-base" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/dynamodb" + dyntypes "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" + "github.com/aws/aws-sdk-go-v2/service/s3" + "github.com/hashicorp/aws-sdk-go-base/v2/mockdata" + "github.com/hashicorp/aws-sdk-go-base/v2/servicemocks" "github.com/hashicorp/terraform/internal/backend" "github.com/hashicorp/terraform/internal/configs/hcl2shim" "github.com/hashicorp/terraform/internal/states" @@ -55,8 +58,9 @@ func TestBackendConfig(t *testing.T) { } b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(config)).(*Backend) + options := reflect.ValueOf(*b.s3Client).Elem().FieldByName("options").Interface().(s3.Options) - if *b.s3Client.Config.Region != "us-west-1" { + if options.Region != "us-west-1" { t.Fatalf("Incorrect region was populated") } if b.bucketName != "tf-test" { @@ -66,7 +70,7 @@ func TestBackendConfig(t *testing.T) { t.Fatalf("Incorrect keyName was populated") } - credentials, err := b.s3Client.Config.Credentials.Get() + credentials, err := options.Credentials.Retrieve(context.TODO()) if err != nil { t.Fatalf("Error when requesting credentials") } @@ -84,31 +88,31 @@ func TestBackendConfig_AssumeRole(t *testing.T) { testCases := []struct { Config map[string]interface{} Description string - MockStsEndpoints []*awsbase.MockEndpoint + MockStsEndpoints []*servicemocks.MockEndpoint }{ { Config: map[string]interface{}{ "bucket": "tf-test", "key": "state", "region": "us-west-1", - "role_arn": awsbase.MockStsAssumeRoleArn, - "session_name": awsbase.MockStsAssumeRoleSessionName, + "role_arn": servicemocks.MockStsAssumeRoleArn, + "session_name": servicemocks.MockStsAssumeRoleSessionName, }, Description: "role_arn", - MockStsEndpoints: []*awsbase.MockEndpoint{ + MockStsEndpoints: []*servicemocks.MockEndpoint{ { - Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ + Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ "Action": []string{"AssumeRole"}, "DurationSeconds": []string{"900"}, - "RoleArn": []string{awsbase.MockStsAssumeRoleArn}, - "RoleSessionName": []string{awsbase.MockStsAssumeRoleSessionName}, + "RoleArn": []string{servicemocks.MockStsAssumeRoleArn}, + "RoleSessionName": []string{servicemocks.MockStsAssumeRoleSessionName}, "Version": []string{"2011-06-15"}, }.Encode()}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, + Response: &servicemocks.MockResponse{StatusCode: 200, Body: servicemocks.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, }, { - Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, + Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, + Response: &servicemocks.MockResponse{StatusCode: 200, Body: servicemocks.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, }, }, }, @@ -118,172 +122,172 @@ func TestBackendConfig_AssumeRole(t *testing.T) { "bucket": "tf-test", "key": "state", "region": "us-west-1", - "role_arn": awsbase.MockStsAssumeRoleArn, - "session_name": awsbase.MockStsAssumeRoleSessionName, + "role_arn": servicemocks.MockStsAssumeRoleArn, + "session_name": servicemocks.MockStsAssumeRoleSessionName, }, Description: "assume_role_duration_seconds", - MockStsEndpoints: []*awsbase.MockEndpoint{ + MockStsEndpoints: []*servicemocks.MockEndpoint{ { - Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ + Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ "Action": []string{"AssumeRole"}, "DurationSeconds": []string{"3600"}, - "RoleArn": []string{awsbase.MockStsAssumeRoleArn}, - "RoleSessionName": []string{awsbase.MockStsAssumeRoleSessionName}, + "RoleArn": []string{servicemocks.MockStsAssumeRoleArn}, + "RoleSessionName": []string{servicemocks.MockStsAssumeRoleSessionName}, "Version": []string{"2011-06-15"}, }.Encode()}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, + Response: &servicemocks.MockResponse{StatusCode: 200, Body: servicemocks.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, }, { - Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, + Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, + Response: &servicemocks.MockResponse{StatusCode: 200, Body: servicemocks.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, }, }, }, { Config: map[string]interface{}{ "bucket": "tf-test", - "external_id": awsbase.MockStsAssumeRoleExternalId, + "external_id": servicemocks.MockStsAssumeRoleExternalId, "key": "state", "region": "us-west-1", - "role_arn": awsbase.MockStsAssumeRoleArn, - "session_name": awsbase.MockStsAssumeRoleSessionName, + "role_arn": servicemocks.MockStsAssumeRoleArn, + "session_name": servicemocks.MockStsAssumeRoleSessionName, }, Description: "external_id", - MockStsEndpoints: []*awsbase.MockEndpoint{ + MockStsEndpoints: []*servicemocks.MockEndpoint{ { - Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ + Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ "Action": []string{"AssumeRole"}, "DurationSeconds": []string{"900"}, - "ExternalId": []string{awsbase.MockStsAssumeRoleExternalId}, - "RoleArn": []string{awsbase.MockStsAssumeRoleArn}, - "RoleSessionName": []string{awsbase.MockStsAssumeRoleSessionName}, + "ExternalId": []string{servicemocks.MockStsAssumeRoleExternalId}, + "RoleArn": []string{servicemocks.MockStsAssumeRoleArn}, + "RoleSessionName": []string{servicemocks.MockStsAssumeRoleSessionName}, "Version": []string{"2011-06-15"}, }.Encode()}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, + Response: &servicemocks.MockResponse{StatusCode: 200, Body: servicemocks.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, }, { - Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, + Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, + Response: &servicemocks.MockResponse{StatusCode: 200, Body: servicemocks.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, }, }, }, { Config: map[string]interface{}{ - "assume_role_policy": awsbase.MockStsAssumeRolePolicy, + "assume_role_policy": servicemocks.MockStsAssumeRolePolicy, "bucket": "tf-test", "key": "state", "region": "us-west-1", - "role_arn": awsbase.MockStsAssumeRoleArn, - "session_name": awsbase.MockStsAssumeRoleSessionName, + "role_arn": servicemocks.MockStsAssumeRoleArn, + "session_name": servicemocks.MockStsAssumeRoleSessionName, }, Description: "assume_role_policy", - MockStsEndpoints: []*awsbase.MockEndpoint{ + MockStsEndpoints: []*servicemocks.MockEndpoint{ { - Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ + Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ "Action": []string{"AssumeRole"}, "DurationSeconds": []string{"900"}, - "Policy": []string{awsbase.MockStsAssumeRolePolicy}, - "RoleArn": []string{awsbase.MockStsAssumeRoleArn}, - "RoleSessionName": []string{awsbase.MockStsAssumeRoleSessionName}, + "Policy": []string{servicemocks.MockStsAssumeRolePolicy}, + "RoleArn": []string{servicemocks.MockStsAssumeRoleArn}, + "RoleSessionName": []string{servicemocks.MockStsAssumeRoleSessionName}, "Version": []string{"2011-06-15"}, }.Encode()}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, + Response: &servicemocks.MockResponse{StatusCode: 200, Body: servicemocks.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, }, { - Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, + Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, + Response: &servicemocks.MockResponse{StatusCode: 200, Body: servicemocks.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, }, }, }, { Config: map[string]interface{}{ - "assume_role_policy_arns": []interface{}{awsbase.MockStsAssumeRolePolicyArn}, + "assume_role_policy_arns": []interface{}{servicemocks.MockStsAssumeRolePolicyArn}, "bucket": "tf-test", "key": "state", "region": "us-west-1", - "role_arn": awsbase.MockStsAssumeRoleArn, - "session_name": awsbase.MockStsAssumeRoleSessionName, + "role_arn": servicemocks.MockStsAssumeRoleArn, + "session_name": servicemocks.MockStsAssumeRoleSessionName, }, Description: "assume_role_policy_arns", - MockStsEndpoints: []*awsbase.MockEndpoint{ + MockStsEndpoints: []*servicemocks.MockEndpoint{ { - Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ + Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ "Action": []string{"AssumeRole"}, "DurationSeconds": []string{"900"}, - "PolicyArns.member.1.arn": []string{awsbase.MockStsAssumeRolePolicyArn}, - "RoleArn": []string{awsbase.MockStsAssumeRoleArn}, - "RoleSessionName": []string{awsbase.MockStsAssumeRoleSessionName}, + "PolicyArns.member.1.arn": []string{servicemocks.MockStsAssumeRolePolicyArn}, + "RoleArn": []string{servicemocks.MockStsAssumeRoleArn}, + "RoleSessionName": []string{servicemocks.MockStsAssumeRoleSessionName}, "Version": []string{"2011-06-15"}, }.Encode()}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, + Response: &servicemocks.MockResponse{StatusCode: 200, Body: servicemocks.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, }, { - Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, + Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, + Response: &servicemocks.MockResponse{StatusCode: 200, Body: servicemocks.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, }, }, }, { Config: map[string]interface{}{ "assume_role_tags": map[string]interface{}{ - awsbase.MockStsAssumeRoleTagKey: awsbase.MockStsAssumeRoleTagValue, + servicemocks.MockStsAssumeRoleTagKey: servicemocks.MockStsAssumeRoleTagValue, }, "bucket": "tf-test", "key": "state", "region": "us-west-1", - "role_arn": awsbase.MockStsAssumeRoleArn, - "session_name": awsbase.MockStsAssumeRoleSessionName, + "role_arn": servicemocks.MockStsAssumeRoleArn, + "session_name": servicemocks.MockStsAssumeRoleSessionName, }, Description: "assume_role_tags", - MockStsEndpoints: []*awsbase.MockEndpoint{ + MockStsEndpoints: []*servicemocks.MockEndpoint{ { - Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ + Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ "Action": []string{"AssumeRole"}, "DurationSeconds": []string{"900"}, - "RoleArn": []string{awsbase.MockStsAssumeRoleArn}, - "RoleSessionName": []string{awsbase.MockStsAssumeRoleSessionName}, - "Tags.member.1.Key": []string{awsbase.MockStsAssumeRoleTagKey}, - "Tags.member.1.Value": []string{awsbase.MockStsAssumeRoleTagValue}, + "RoleArn": []string{servicemocks.MockStsAssumeRoleArn}, + "RoleSessionName": []string{servicemocks.MockStsAssumeRoleSessionName}, + "Tags.member.1.Key": []string{servicemocks.MockStsAssumeRoleTagKey}, + "Tags.member.1.Value": []string{servicemocks.MockStsAssumeRoleTagValue}, "Version": []string{"2011-06-15"}, }.Encode()}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, + Response: &servicemocks.MockResponse{StatusCode: 200, Body: servicemocks.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, }, { - Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, + Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, + Response: &servicemocks.MockResponse{StatusCode: 200, Body: servicemocks.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, }, }, }, { Config: map[string]interface{}{ "assume_role_tags": map[string]interface{}{ - awsbase.MockStsAssumeRoleTagKey: awsbase.MockStsAssumeRoleTagValue, + servicemocks.MockStsAssumeRoleTagKey: servicemocks.MockStsAssumeRoleTagValue, }, - "assume_role_transitive_tag_keys": []interface{}{awsbase.MockStsAssumeRoleTagKey}, + "assume_role_transitive_tag_keys": []interface{}{servicemocks.MockStsAssumeRoleTagKey}, "bucket": "tf-test", "key": "state", "region": "us-west-1", - "role_arn": awsbase.MockStsAssumeRoleArn, - "session_name": awsbase.MockStsAssumeRoleSessionName, + "role_arn": servicemocks.MockStsAssumeRoleArn, + "session_name": servicemocks.MockStsAssumeRoleSessionName, }, Description: "assume_role_transitive_tag_keys", - MockStsEndpoints: []*awsbase.MockEndpoint{ + MockStsEndpoints: []*servicemocks.MockEndpoint{ { - Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ + Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ "Action": []string{"AssumeRole"}, "DurationSeconds": []string{"900"}, - "RoleArn": []string{awsbase.MockStsAssumeRoleArn}, - "RoleSessionName": []string{awsbase.MockStsAssumeRoleSessionName}, - "Tags.member.1.Key": []string{awsbase.MockStsAssumeRoleTagKey}, - "Tags.member.1.Value": []string{awsbase.MockStsAssumeRoleTagValue}, - "TransitiveTagKeys.member.1": []string{awsbase.MockStsAssumeRoleTagKey}, + "RoleArn": []string{servicemocks.MockStsAssumeRoleArn}, + "RoleSessionName": []string{servicemocks.MockStsAssumeRoleSessionName}, + "Tags.member.1.Key": []string{servicemocks.MockStsAssumeRoleTagKey}, + "Tags.member.1.Value": []string{servicemocks.MockStsAssumeRoleTagValue}, + "TransitiveTagKeys.member.1": []string{servicemocks.MockStsAssumeRoleTagKey}, "Version": []string{"2011-06-15"}, }.Encode()}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, + Response: &servicemocks.MockResponse{StatusCode: 200, Body: servicemocks.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, }, { - Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, + Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, + Response: &servicemocks.MockResponse{StatusCode: 200, Body: servicemocks.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, }, }, }, @@ -293,16 +297,10 @@ func TestBackendConfig_AssumeRole(t *testing.T) { testCase := testCase t.Run(testCase.Description, func(t *testing.T) { - closeSts, mockStsSession, err := awsbase.GetMockedAwsApiSession("STS", testCase.MockStsEndpoints) + closeSts, _, stsEndpoint := mockdata.GetMockedAwsApiSession("STS", testCase.MockStsEndpoints) defer closeSts() - if err != nil { - t.Fatalf("unexpected error creating mock STS server: %s", err) - } - - if mockStsSession != nil && mockStsSession.Config != nil { - testCase.Config["sts_endpoint"] = aws.StringValue(mockStsSession.Config.Endpoint) - } + testCase.Config["sts_endpoint"] = aws.String(stsEndpoint) diags := New().Configure(hcl2shim.HCL2ValueFromConfigValue(testCase.Config)) @@ -697,65 +695,67 @@ func checkStateList(b backend.Backend, expected []string) error { return nil } -func createS3Bucket(t *testing.T, s3Client *s3.S3, bucketName string) { +func createS3Bucket(t *testing.T, s3Client *s3.Client, bucketName string) { createBucketReq := &s3.CreateBucketInput{ Bucket: &bucketName, } + options := reflect.ValueOf(*s3Client).Elem().FieldByName("options").Interface().(s3.Options) + // Be clear about what we're doing in case the user needs to clean // this up later. - t.Logf("creating S3 bucket %s in %s", bucketName, *s3Client.Config.Region) - _, err := s3Client.CreateBucket(createBucketReq) + t.Logf("creating S3 bucket %s in %s", bucketName, options.Region) + _, err := s3Client.CreateBucket(context.TODO(), createBucketReq) if err != nil { t.Fatal("failed to create test S3 bucket:", err) } } -func deleteS3Bucket(t *testing.T, s3Client *s3.S3, bucketName string) { +func deleteS3Bucket(t *testing.T, s3Client *s3.Client, bucketName string) { warning := "WARNING: Failed to delete the test S3 bucket. It may have been left in your AWS account and may incur storage charges. (error was %s)" // first we have to get rid of the env objects, or we can't delete the bucket - resp, err := s3Client.ListObjects(&s3.ListObjectsInput{Bucket: &bucketName}) + resp, err := s3Client.ListObjects(context.TODO(), &s3.ListObjectsInput{Bucket: &bucketName}) if err != nil { t.Logf(warning, err) return } for _, obj := range resp.Contents { - if _, err := s3Client.DeleteObject(&s3.DeleteObjectInput{Bucket: &bucketName, Key: obj.Key}); err != nil { + if _, err := s3Client.DeleteObject(context.TODO(), &s3.DeleteObjectInput{Bucket: &bucketName, Key: obj.Key}); err != nil { // this will need cleanup no matter what, so just warn and exit t.Logf(warning, err) return } } - if _, err := s3Client.DeleteBucket(&s3.DeleteBucketInput{Bucket: &bucketName}); err != nil { + if _, err := s3Client.DeleteBucket(context.TODO(), &s3.DeleteBucketInput{Bucket: &bucketName}); err != nil { t.Logf(warning, err) } } // create the dynamoDB table, and wait until we can query it. -func createDynamoDBTable(t *testing.T, dynClient *dynamodb.DynamoDB, tableName string) { +func createDynamoDBTable(t *testing.T, dynClient *dynamodb.Client, tableName string) { createInput := &dynamodb.CreateTableInput{ - AttributeDefinitions: []*dynamodb.AttributeDefinition{ + AttributeDefinitions: []dyntypes.AttributeDefinition{ { AttributeName: aws.String("LockID"), - AttributeType: aws.String("S"), + AttributeType: dyntypes.ScalarAttributeTypeS, }, }, - KeySchema: []*dynamodb.KeySchemaElement{ + KeySchema: []dyntypes.KeySchemaElement{ { AttributeName: aws.String("LockID"), - KeyType: aws.String("HASH"), + KeyType: dyntypes.KeyTypeHash, }, }, - ProvisionedThroughput: &dynamodb.ProvisionedThroughput{ + ProvisionedThroughput: &dyntypes.ProvisionedThroughput{ ReadCapacityUnits: aws.Int64(5), WriteCapacityUnits: aws.Int64(5), }, TableName: aws.String(tableName), } - _, err := dynClient.CreateTable(createInput) + _, err := dynClient.CreateTable(context.TODO(), createInput) if err != nil { t.Fatal(err) } @@ -769,12 +769,12 @@ func createDynamoDBTable(t *testing.T, dynClient *dynamodb.DynamoDB, tableName s } for { - resp, err := dynClient.DescribeTable(describeInput) + resp, err := dynClient.DescribeTable(context.TODO(), describeInput) if err != nil { t.Fatal(err) } - if *resp.Table.TableStatus == "ACTIVE" { + if resp.Table.TableStatus == dyntypes.TableStatusActive { return } @@ -787,11 +787,11 @@ func createDynamoDBTable(t *testing.T, dynClient *dynamodb.DynamoDB, tableName s } -func deleteDynamoDBTable(t *testing.T, dynClient *dynamodb.DynamoDB, tableName string) { +func deleteDynamoDBTable(t *testing.T, dynClient *dynamodb.Client, tableName string) { params := &dynamodb.DeleteTableInput{ TableName: aws.String(tableName), } - _, err := dynClient.DeleteTable(params) + _, err := dynClient.DeleteTable(context.TODO(), params) if err != nil { t.Logf("WARNING: Failed to delete the test DynamoDB table %q. It has been left in your AWS account and may incur charges. (error was %s)", tableName, err) } diff --git a/internal/backend/remote-state/s3/client.go b/internal/backend/remote-state/s3/client.go index 5df548cc1cd7..a84e5dba1f58 100644 --- a/internal/backend/remote-state/s3/client.go +++ b/internal/backend/remote-state/s3/client.go @@ -5,6 +5,7 @@ package s3 import ( "bytes" + "context" "crypto/md5" "encoding/base64" "encoding/hex" @@ -15,12 +16,14 @@ import ( "log" "time" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/awserr" - "github.com/aws/aws-sdk-go/service/dynamodb" - "github.com/aws/aws-sdk-go/service/s3" - multierror "github.com/hashicorp/go-multierror" - uuid "github.com/hashicorp/go-uuid" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/dynamodb" + dyntypes "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" + "github.com/aws/aws-sdk-go-v2/service/s3" + "github.com/aws/aws-sdk-go-v2/service/s3/types" + "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-uuid" + "github.com/hashicorp/terraform/internal/states/remote" "github.com/hashicorp/terraform/internal/states/statemgr" ) @@ -33,8 +36,8 @@ const ( ) type RemoteClient struct { - s3Client *s3.S3 - dynClient *dynamodb.DynamoDB + s3Client *s3.Client + dynClient *dynamodb.Client bucketName string path string serverSideEncryption bool @@ -110,22 +113,24 @@ func (c *RemoteClient) get() (*remote.Payload, error) { } if c.serverSideEncryption && c.customerEncryptionKey != nil { - input.SetSSECustomerKey(string(c.customerEncryptionKey)) - input.SetSSECustomerAlgorithm(s3EncryptionAlgorithm) - input.SetSSECustomerKeyMD5(c.getSSECustomerKeyMD5()) + input.SSECustomerKey = aws.String(string(c.customerEncryptionKey)) + input.SSECustomerAlgorithm = aws.String(s3EncryptionAlgorithm) + input.SSECustomerKeyMD5 = aws.String(c.getSSECustomerKeyMD5()) } - output, err = c.s3Client.GetObject(input) + output, err = c.s3Client.GetObject(context.TODO(), input) if err != nil { - if awserr, ok := err.(awserr.Error); ok { - switch awserr.Code() { - case s3.ErrCodeNoSuchBucket: - return nil, fmt.Errorf(errS3NoSuchBucket, err) - case s3.ErrCodeNoSuchKey: - return nil, nil - } + var noSuchBucket *types.NoSuchBucket + if errors.As(err, &noSuchBucket) { + return nil, fmt.Errorf(errS3NoSuchBucket, err) + } + + var noSuchKey *types.NoSuchKey + if errors.As(err, &noSuchKey) { + return nil, nil } + return nil, err } @@ -156,7 +161,7 @@ func (c *RemoteClient) Put(data []byte) error { i := &s3.PutObjectInput{ ContentType: &contentType, - ContentLength: &contentLength, + ContentLength: contentLength, Body: bytes.NewReader(data), Bucket: &c.bucketName, Key: &c.path, @@ -165,23 +170,23 @@ func (c *RemoteClient) Put(data []byte) error { if c.serverSideEncryption { if c.kmsKeyID != "" { i.SSEKMSKeyId = &c.kmsKeyID - i.ServerSideEncryption = aws.String("aws:kms") + i.ServerSideEncryption = types.ServerSideEncryptionAwsKms } else if c.customerEncryptionKey != nil { - i.SetSSECustomerKey(string(c.customerEncryptionKey)) - i.SetSSECustomerAlgorithm(s3EncryptionAlgorithm) - i.SetSSECustomerKeyMD5(c.getSSECustomerKeyMD5()) + i.SSECustomerKey = aws.String(string(c.customerEncryptionKey)) + i.SSECustomerAlgorithm = aws.String(s3EncryptionAlgorithm) + i.SSECustomerKeyMD5 = aws.String(c.getSSECustomerKeyMD5()) } else { - i.ServerSideEncryption = aws.String(s3EncryptionAlgorithm) + i.ServerSideEncryption = s3EncryptionAlgorithm } } if c.acl != "" { - i.ACL = aws.String(c.acl) + i.ACL = types.ObjectCannedACL(c.acl) } log.Printf("[DEBUG] Uploading remote state to S3: %#v", i) - _, err := c.s3Client.PutObject(i) + _, err := c.s3Client.PutObject(context.TODO(), i) if err != nil { return fmt.Errorf("failed to upload state: %s", err) } @@ -198,7 +203,7 @@ func (c *RemoteClient) Put(data []byte) error { } func (c *RemoteClient) Delete() error { - _, err := c.s3Client.DeleteObject(&s3.DeleteObjectInput{ + _, err := c.s3Client.DeleteObject(context.TODO(), &s3.DeleteObjectInput{ Bucket: &c.bucketName, Key: &c.path, }) @@ -231,14 +236,14 @@ func (c *RemoteClient) Lock(info *statemgr.LockInfo) (string, error) { } putParams := &dynamodb.PutItemInput{ - Item: map[string]*dynamodb.AttributeValue{ - "LockID": {S: aws.String(c.lockPath())}, - "Info": {S: aws.String(string(info.Marshal()))}, + Item: map[string]dyntypes.AttributeValue{ + "LockID": &dyntypes.AttributeValueMemberS{Value: c.lockPath()}, + "Info": &dyntypes.AttributeValueMemberS{Value: string(info.Marshal())}, }, TableName: aws.String(c.ddbTable), ConditionExpression: aws.String("attribute_not_exists(LockID)"), } - _, err := c.dynClient.PutItem(putParams) + _, err := c.dynClient.PutItem(context.TODO(), putParams) if err != nil { lockInfo, infoErr := c.getLockInfo() @@ -262,22 +267,24 @@ func (c *RemoteClient) getMD5() ([]byte, error) { } getParams := &dynamodb.GetItemInput{ - Key: map[string]*dynamodb.AttributeValue{ - "LockID": {S: aws.String(c.lockPath() + stateIDSuffix)}, + Key: map[string]dyntypes.AttributeValue{ + "LockID": &dyntypes.AttributeValueMemberS{Value: c.lockPath() + stateIDSuffix}, }, ProjectionExpression: aws.String("LockID, Digest"), TableName: aws.String(c.ddbTable), ConsistentRead: aws.Bool(true), } - resp, err := c.dynClient.GetItem(getParams) + resp, err := c.dynClient.GetItem(context.TODO(), getParams) if err != nil { return nil, err } var val string - if v, ok := resp.Item["Digest"]; ok && v.S != nil { - val = *v.S + if v, ok := resp.Item["Digest"]; ok { + if s, ok := v.(*dyntypes.AttributeValueMemberS); ok { + val = s.Value + } } sum, err := hex.DecodeString(val) @@ -299,13 +306,13 @@ func (c *RemoteClient) putMD5(sum []byte) error { } putParams := &dynamodb.PutItemInput{ - Item: map[string]*dynamodb.AttributeValue{ - "LockID": {S: aws.String(c.lockPath() + stateIDSuffix)}, - "Digest": {S: aws.String(hex.EncodeToString(sum))}, + Item: map[string]dyntypes.AttributeValue{ + "LockID": &dyntypes.AttributeValueMemberS{Value: c.lockPath() + stateIDSuffix}, + "Digest": &dyntypes.AttributeValueMemberS{Value: hex.EncodeToString(sum)}, }, TableName: aws.String(c.ddbTable), } - _, err := c.dynClient.PutItem(putParams) + _, err := c.dynClient.PutItem(context.TODO(), putParams) if err != nil { log.Printf("[WARN] failed to record state serial in dynamodb: %s", err) } @@ -320,12 +327,12 @@ func (c *RemoteClient) deleteMD5() error { } params := &dynamodb.DeleteItemInput{ - Key: map[string]*dynamodb.AttributeValue{ - "LockID": {S: aws.String(c.lockPath() + stateIDSuffix)}, + Key: map[string]dyntypes.AttributeValue{ + "LockID": &dyntypes.AttributeValueMemberS{Value: c.lockPath() + stateIDSuffix}, }, TableName: aws.String(c.ddbTable), } - if _, err := c.dynClient.DeleteItem(params); err != nil { + if _, err := c.dynClient.DeleteItem(context.TODO(), params); err != nil { return err } return nil @@ -333,22 +340,24 @@ func (c *RemoteClient) deleteMD5() error { func (c *RemoteClient) getLockInfo() (*statemgr.LockInfo, error) { getParams := &dynamodb.GetItemInput{ - Key: map[string]*dynamodb.AttributeValue{ - "LockID": {S: aws.String(c.lockPath())}, + Key: map[string]dyntypes.AttributeValue{ + "LockID": &dyntypes.AttributeValueMemberS{Value: c.lockPath()}, }, ProjectionExpression: aws.String("LockID, Info"), TableName: aws.String(c.ddbTable), ConsistentRead: aws.Bool(true), } - resp, err := c.dynClient.GetItem(getParams) + resp, err := c.dynClient.GetItem(context.TODO(), getParams) if err != nil { return nil, err } var infoData string - if v, ok := resp.Item["Info"]; ok && v.S != nil { - infoData = *v.S + if v, ok := resp.Item["Info"]; ok { + if s, ok := v.(*dyntypes.AttributeValueMemberS); ok { + infoData = s.Value + } } lockInfo := &statemgr.LockInfo{} @@ -383,12 +392,12 @@ func (c *RemoteClient) Unlock(id string) error { } params := &dynamodb.DeleteItemInput{ - Key: map[string]*dynamodb.AttributeValue{ - "LockID": {S: aws.String(c.lockPath())}, + Key: map[string]dyntypes.AttributeValue{ + "LockID": &dyntypes.AttributeValueMemberS{Value: c.lockPath()}, }, TableName: aws.String(c.ddbTable), } - _, err = c.dynClient.DeleteItem(params) + _, err = c.dynClient.DeleteItem(context.TODO(), params) if err != nil { lockErr.Err = err