AirHelp · tcharewicz · Aug 29, 2024 · Aug 28, 2024 · Aug 29, 2024 · Aug 29, 2024
@@ -5,7 +5,7 @@ import (
 
 	"github.com/AirHelp/treasury/backend/s3"
 	"github.com/AirHelp/treasury/backend/ssm"
-	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go-v2/aws"
 )
 
 const (
@@ -38,5 +38,5 @@ func New(options Options) (BackendAPI, error) {
 	case ssmName:
 		return ssm.New(options.Region, options.AWSConfig)
 	}
-	return nil, errors.New("Invalid backend")
+	return nil, errors.New("invalid backend")
 }
@@ -1,45 +1,41 @@
 package s3
 
 import (
+	"context"
 	"errors"
 	"fmt"
 
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/s3"
-	"github.com/aws/aws-sdk-go/service/s3/s3iface"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/s3"
 )
 
 // Client with AWS services
+type S3ClientInterface interface {
+	PutObject(context.Context, *s3.PutObjectInput, ...func(*s3.Options)) (*s3.PutObjectOutput, error)
+	GetObject(context.Context, *s3.GetObjectInput, ...func(*s3.Options)) (*s3.GetObjectOutput, error)
+	ListObjects(context.Context, *s3.ListObjectsInput, ...func(*s3.Options)) (*s3.ListObjectsOutput, error)
+	DeleteObject(context.Context, *s3.DeleteObjectInput, ...func(*s3.Options)) (*s3.DeleteObjectOutput, error)
+}
+
 type Client struct {
-	sess   *session.Session
-	S3Svc  s3iface.S3API
+	S3Svc  S3ClientInterface
 	bucket string
 }
 
-// New returns clients for AWS services
 func New(region, bucket string) (*Client, error) {
 	if bucket == "" {
 		return nil, errors.New("S3 bucket name is missing")
 	}
-	sessionOpts := session.Options{
-		SharedConfigState: session.SharedConfigEnable,
-	}
+	cfg, err := config.LoadDefaultConfig(context.Background(), config.WithRegion(region))
 
-	if region != "" {
-		sessionOpts.Config = aws.Config{Region: aws.String(region)}
-	}
-
-	sess, err := session.NewSessionWithOptions(sessionOpts)
 	if err != nil {
-		return nil, fmt.Errorf("Failed to create AWS session. Error: %s", err)
+		return &Client{}, errors.Join(
+			fmt.Errorf("unable to load SDK config with region %s", region),
+			err,
+		)
 	}
 
-	s3Svc := s3.New(sess)
-
 	return &Client{
-		sess:   sess,
-		S3Svc:  s3Svc,
-		bucket: bucket,
-	}, nil
+		S3Svc: s3.NewFromConfig(cfg),
+	}, err
 }
@@ -2,18 +2,16 @@ package s3
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 
 	"github.com/AirHelp/treasury/types"
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/service/s3"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/s3"
+	s3Types "github.com/aws/aws-sdk-go-v2/service/s3/types"
 )
 
 const (
-	// http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
-	s3ACL = "private"
-	// http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
-	s3ServerSideEncryption = "aws:kms"
 	// ApplicatonMetaKey is used as a Key for s3 object's metadata and tag
 	ApplicatonMetaKey = "Application"
 	// EnvironmentMetaKey is used as a Key for s3 object's metadata and tag
@@ -35,18 +33,18 @@ func (c *Client) PutObject(object *types.PutObjectInput) error {
 	params := &s3.PutObjectInput{
 		Bucket: aws.String(c.bucket),
 		Key:    aws.String(object.Key),
-		ACL:    aws.String(s3ACL),
+		ACL:    s3Types.ObjectCannedACLPrivate,
 		Body:   bytes.NewReader([]byte(object.Value)),
-		Metadata: map[string]*string{
-			ApplicatonMetaKey:  aws.String(object.Application),
-			EnvironmentMetaKey: aws.String(object.Environment),
+		Metadata: map[string]string{
+			ApplicatonMetaKey:  object.Application,
+			EnvironmentMetaKey: object.Environment,
 		},
-		ServerSideEncryption: aws.String(s3ServerSideEncryption),
+		ServerSideEncryption: s3Types.ServerSideEncryptionAwsKms,
 		SSEKMSKeyId:          aws.String("alias/" + object.Environment),
 		Tagging:              aws.String(tags),
 	}
 
-	_, err := c.S3Svc.PutObject(params)
+	_, err := c.S3Svc.PutObject(context.Background(), params)
 
 	return err
 }
@@ -61,7 +59,7 @@ func (c *Client) GetObject(object *types.GetObjectInput) (*types.GetObjectOutput
 		Key:    aws.String(object.Key),
 	}
 
-	resp, err := c.S3Svc.GetObject(params)
+	resp, err := c.S3Svc.GetObject(context.Background(), params)
 	if err != nil {
 		return nil, err
 	}
@@ -78,7 +76,7 @@ func (c *Client) GetObjects(object *types.GetObjectsInput) (*types.GetObjectsOup
 		Prefix: aws.String(object.Prefix),
 	}
 
-	resp, err := c.S3Svc.ListObjects(params)
+	resp, err := c.S3Svc.ListObjects(context.Background(), params)
 	if err != nil {
 		return nil, err
 	}
@@ -99,6 +97,6 @@ func (c *Client) DeleteObject(object *types.DeleteObjectInput) error {
 		Bucket: aws.String(c.bucket),
 		Key:    aws.String(object.Key),
 	}
-	_, err := c.S3Svc.DeleteObject(params)
+	_, err := c.S3Svc.DeleteObject(context.Background(), params)
 	return err
 }
@@ -1,36 +1,33 @@
 package ssm
 
 import (
+	"context"
 	"fmt"
 
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/ssm"
-	"github.com/aws/aws-sdk-go/service/ssm/ssmiface"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/ssm"
 )
 
+type SSMClientInterface interface {
+	GetParameter(context.Context, *ssm.GetParameterInput, ...func(*ssm.Options)) (*ssm.GetParameterOutput, error)
+	PutParameter(context.Context, *ssm.PutParameterInput, ...func(*ssm.Options)) (*ssm.PutParameterOutput, error)
+	GetParametersByPath(context.Context, *ssm.GetParametersByPathInput, ...func(*ssm.Options)) (*ssm.GetParametersByPathOutput, error)
+	DeleteParameter(context.Context, *ssm.DeleteParameterInput, ...func(*ssm.Options)) (*ssm.DeleteParameterOutput, error)
+}
+
 // Client with AWS services
 type Client struct {
-	svc ssmiface.SSMAPI
+	svc SSMClientInterface
 }
 
-// New returns clients for AWS services
 func New(region string, awsConfig aws.Config) (*Client, error) {
-	if region != "" {
-		awsConfig = *awsConfig.WithRegion(region)
-	}
-
-	sess, err := session.NewSessionWithOptions(session.Options{
-		Config: awsConfig,
-	})
+	cfg, err := config.LoadDefaultConfig(context.Background(), config.WithRegion(region))
 	if err != nil {
-		return nil, fmt.Errorf("Failed to create AWS session. Error: %s", err)
+		return nil, fmt.Errorf("failed to load AWS configuration. Error: %s", err)
 	}
 
-	// Create a SSM client with additional configuration
-	svc := ssm.New(sess)
-
 	return &Client{
-		svc: svc,
+		svc: ssm.NewFromConfig(cfg),
 	}, nil
 }
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/AirHelp/treasury/backend/ssm"
-	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go-v2/aws"
 )
 
 func TestNew(t *testing.T) {

@@ -1,11 +1,13 @@
 package ssm
 
 import (
+	"context"
 	"errors"
 
 	"github.com/AirHelp/treasury/types"
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/service/ssm"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/ssm"
+	ssmtypes "github.com/aws/aws-sdk-go-v2/service/ssm/types"
 )
 
 const defaultParameterType = "SecureString"
@@ -17,34 +19,34 @@ func (c *Client) PutObject(object *types.PutObjectInput) error {
 	if object.Key == "" {
 		return errors.New("The key name is not valid.")
 	}
-	// https://docs.aws.amazon.com/sdk-for-go/api/service/ssm/#PutParameterInput
+	// https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/ssm#PutParameterInput
 	putParameterInput := &ssm.PutParameterInput{
 		KeyId: aws.String("alias/" + object.Environment),
-		// we decided to use path based keys without `/` at the begining
+		// we decided to use path based keys without `/` at the beginning
 		// so we need to add it here
 		Name:      aws.String("/" + object.Key),
-		Type:      aws.String(defaultParameterType),
+		Type:      ssmtypes.ParameterType(defaultParameterType),
 		Value:     aws.String(object.Value),
 		Overwrite: aws.Bool(true),
 	}
 
 	// PutParameter returns Version of the parameter
 	// shall we validate this version?
-	_, err := c.svc.PutParameter(putParameterInput)
+	_, err := c.svc.PutParameter(context.Background(), putParameterInput)
 	return err
 }
 
 // GetObject returns a secret for given key
 func (c *Client) GetObject(object *types.GetObjectInput) (*types.GetObjectOutput, error) {
 	params := &ssm.GetParameterInput{
-		// we decided to use path based keys without `/` at the begining
+		// we decided to use path based keys without `/` at the beginning
 		// so we need to add it here
 		Name: aws.String("/" + object.Key),
 		// Retrieve all parameters in a hierarchy with their value decrypted.
 		WithDecryption: aws.Bool(true),
 	}
 
-	resp, err := c.svc.GetParameter(params)
+	resp, err := c.svc.GetParameter(context.Background(), params)
 	if err != nil {
 		return nil, err
 	}
@@ -55,21 +57,21 @@ func (c *Client) GetObject(object *types.GetObjectInput) (*types.GetObjectOutput
 // GetObjects returns key value map for given pattern/prefix
 func (c *Client) GetObjects(object *types.GetObjectsInput) (*types.GetObjectsOuput, error) {
 	var nextToken *string
-	var parameters []*ssm.Parameter
+	var parameters []ssmtypes.Parameter
 	for {
-		// https://docs.aws.amazon.com/sdk-for-go/api/service/ssm/#SSM.GetParametersByPath
+		// https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/ssm#GetParametersByPathInput
 		getParametersByPathInput := &ssm.GetParametersByPathInput{
 			Path: aws.String("/" + object.Prefix),
 			// Retrieve all parameters in a hierarchy with their value decrypted.
 			WithDecryption: aws.Bool(true),
-			MaxResults:     aws.Int64(10),
+			MaxResults:     aws.Int32(10),
 			NextToken:      nextToken,
 		}
 
 		// we're only interested with GetParametersByPathOutput.Parameters
-		// Parameters []*Parameter `type:"list"`
+		// Parameters []Parameter `type:"list"`
 		// See also, https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/Parameter
-		resp, err := c.svc.GetParametersByPath(getParametersByPathInput)
+		resp, err := c.svc.GetParametersByPath(context.Background(), getParametersByPathInput)
 		if err != nil {
 			return nil, err
 		}
@@ -90,7 +92,7 @@ func (c *Client) GetObjects(object *types.GetObjectsInput) (*types.GetObjectsOup
 	return &types.GetObjectsOuput{Secrets: keyValuePairs}, nil
 }
 
-// unShash removes 1st char from a string
+// unSlash removes 1st char from a string
 // GetParametersByPath from SSM returns key path with "/" at the beginning
 // but we don't need it :)
 func unSlash(input string) string {
@@ -102,10 +104,10 @@ func unSlash(input string) string {
 
 func (c *Client) DeleteObject(object *types.DeleteObjectInput) error {
 	params := &ssm.DeleteParameterInput{
-		// we decided to use path based keys without `/` at the begining
+		// we decided to use path based keys without `/` at the beginning
 		// so we need to add it here
 		Name: aws.String("/" + object.Key),
 	}
-	_, err := c.svc.DeleteParameter(params)
+	_, err := c.svc.DeleteParameter(context.Background(), params)
 	return err
 }
@@ -2,7 +2,7 @@ package client
 
 import (
 	"github.com/AirHelp/treasury/backend"
-	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go-v2/aws"
 )
 
 const (

@@ -3,7 +3,7 @@ package client
 import (
 	"testing"
 
-	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go-v2/aws"
 )
 
 func TestNew(t *testing.T) {
@@ -24,7 +24,7 @@ func TestNew(t *testing.T) {
 		},
 		{
 			name:    "add aws config",
-			args:    args{options: &Options{AWSConfig: aws.Config{Region: aws.String("eu-west-1")}}},
+			args:    args{options: &Options{AWSConfig: aws.Config{Region: "eu-west-1"}}},
 			want:    &Client{},
 			wantErr: false,
 		},

@@ -3,19 +3,15 @@ package client
 import (
 	"github.com/AirHelp/treasury/types"
 	"github.com/AirHelp/treasury/utils"
-	"github.com/aws/aws-sdk-go/aws/awserr"
+	s3Types "github.com/aws/aws-sdk-go-v2/service/s3/types"
 
 	"bytes"
 	"compress/gzip"
 	b64 "encoding/base64"
+	"errors"
 	"io/ioutil"
 )
 
-const (
-	noSuchKey       = "NoSuchKey"
-	noSuchParameter = "ParameterNotFound"
-)
-
 // Write secret to Treasure
 func (c *Client) Write(key, secret string, force bool) error {
 	environment, application, err := utils.FindEnvironmentApplicationName(key)
@@ -25,14 +21,12 @@ func (c *Client) Write(key, secret string, force bool) error {
 
 	if !force {
 		secretObject, err := c.Read(key)
+
 		if err != nil {
-			if aerr, ok := err.(awserr.Error); ok {
-				// in this case 404 is ok for us
-				// so we'd proceed if 404 occurs
-				if aerr.Code() != noSuchKey && aerr.Code() != noSuchParameter {
-					return err
-				}
-			} else {
+			var nsk *s3Types.NoSuchKey
+			var nf *s3Types.NotFound
+
+			if !errors.As(err, &nsk) && !errors.As(err, &nf) {
 				return err
 			}
 		} else if secret == secretObject.Value {