From 582fb73a7c6a4a566fb991c2f541d8b47b9ea2c4 Mon Sep 17 00:00:00 2001 From: Angie Pinilla Date: Tue, 18 Aug 2020 12:49:31 -0400 Subject: [PATCH] deps: Update aws-sdk-go-based to 0.6.0 --- backend/remote-state/s3/backend_test.go | 156 +++----- go.mod | 2 +- go.sum | 6 +- .../hashicorp/aws-sdk-go-base/CHANGELOG.md | 10 + .../hashicorp/aws-sdk-go-base/README.md | 15 +- .../hashicorp/aws-sdk-go-base/awsauth.go | 5 +- .../hashicorp/aws-sdk-go-base/awserr.go | 44 --- .../hashicorp/aws-sdk-go-base/mock.go | 356 ++++++++++++++---- .../hashicorp/aws-sdk-go-base/session.go | 19 +- .../aws-sdk-go-base/tfawserr/awserr.go | 77 ++++ vendor/modules.txt | 3 +- website/docs/backends/types/s3.html.md | 10 + 12 files changed, 471 insertions(+), 232 deletions(-) delete mode 100644 vendor/github.com/hashicorp/aws-sdk-go-base/awserr.go create mode 100644 vendor/github.com/hashicorp/aws-sdk-go-base/tfawserr/awserr.go diff --git a/backend/remote-state/s3/backend_test.go b/backend/remote-state/s3/backend_test.go index 70d6d57fef80..13f08fea4de9 100644 --- a/backend/remote-state/s3/backend_test.go +++ b/backend/remote-state/s3/backend_test.go @@ -18,50 +18,6 @@ import ( "github.com/hashicorp/terraform/states/remote" ) -const ( - mockStsAssumeRoleArn = `arn:aws:iam::555555555555:role/AssumeRole` - mockStsAssumeRolePolicy = `{ - "Version": "2012-10-17", - "Statement": { - "Effect": "Allow", - "Action": "*", - "Resource": "*", - } -}` - mockStsAssumeRolePolicyArn = `arn:aws:iam::555555555555:policy/AssumeRolePolicy1` - mockStsAssumeRoleSessionName = `AssumeRoleSessionName` - mockStsAssumeRoleTagKey = `AssumeRoleTagKey` - mockStsAssumeRoleTagValue = `AssumeRoleTagValue` - mockStsAssumeRoleTransitiveTagKey = `AssumeRoleTagKey` - mockStsAssumeRoleValidResponse = ` - - - arn:aws:sts::555555555555:assumed-role/role/AssumeRoleSessionName - ARO123EXAMPLE123:AssumeRoleSessionName - - - AssumeRoleAccessKey - AssumeRoleSecretKey - AssumeRoleSessionToken - 2099-12-31T23:59:59Z - - - - 01234567-89ab-cdef-0123-456789abcdef - -` - mockStsGetCallerIdentityValidResponseBody = ` - - arn:aws:iam::222222222222:user/Alice - AKIAI44QH8DHBEXAMPLE - 222222222222 - - - 01234567-89ab-cdef-0123-456789abcdef - -` -) - var ( mockStsGetCallerIdentityRequestBody = url.Values{ "Action": []string{"GetCallerIdentity"}, @@ -132,8 +88,8 @@ func TestBackendConfig_AssumeRole(t *testing.T) { "bucket": "tf-test", "key": "state", "region": "us-west-1", - "role_arn": mockStsAssumeRoleArn, - "session_name": mockStsAssumeRoleSessionName, + "role_arn": awsbase.MockStsAssumeRoleArn, + "session_name": awsbase.MockStsAssumeRoleSessionName, }, Description: "role_arn", MockStsEndpoints: []*awsbase.MockEndpoint{ @@ -141,15 +97,15 @@ func TestBackendConfig_AssumeRole(t *testing.T) { Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ "Action": []string{"AssumeRole"}, "DurationSeconds": []string{"900"}, - "RoleArn": []string{mockStsAssumeRoleArn}, - "RoleSessionName": []string{mockStsAssumeRoleSessionName}, + "RoleArn": []string{awsbase.MockStsAssumeRoleArn}, + "RoleSessionName": []string{awsbase.MockStsAssumeRoleSessionName}, "Version": []string{"2011-06-15"}, }.Encode()}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: mockStsAssumeRoleValidResponse, ContentType: "text/xml"}, + Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, }, { Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: mockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, + Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, }, }, }, @@ -159,8 +115,8 @@ func TestBackendConfig_AssumeRole(t *testing.T) { "bucket": "tf-test", "key": "state", "region": "us-west-1", - "role_arn": mockStsAssumeRoleArn, - "session_name": mockStsAssumeRoleSessionName, + "role_arn": awsbase.MockStsAssumeRoleArn, + "session_name": awsbase.MockStsAssumeRoleSessionName, }, Description: "assume_role_duration_seconds", MockStsEndpoints: []*awsbase.MockEndpoint{ @@ -168,26 +124,26 @@ func TestBackendConfig_AssumeRole(t *testing.T) { Request: &awsbase.MockRequest{"POST", "/", url.Values{ "Action": []string{"AssumeRole"}, "DurationSeconds": []string{"3600"}, - "RoleArn": []string{mockStsAssumeRoleArn}, - "RoleSessionName": []string{mockStsAssumeRoleSessionName}, + "RoleArn": []string{awsbase.MockStsAssumeRoleArn}, + "RoleSessionName": []string{awsbase.MockStsAssumeRoleSessionName}, "Version": []string{"2011-06-15"}, }.Encode()}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: mockStsAssumeRoleValidResponse, ContentType: "text/xml"}, + Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, }, { Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: mockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, + Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, }, }, }, { Config: map[string]interface{}{ "bucket": "tf-test", - "external_id": "AssumeRoleExternalId", + "external_id": awsbase.MockStsAssumeRoleExternalId, "key": "state", "region": "us-west-1", - "role_arn": mockStsAssumeRoleArn, - "session_name": mockStsAssumeRoleSessionName, + "role_arn": awsbase.MockStsAssumeRoleArn, + "session_name": awsbase.MockStsAssumeRoleSessionName, }, Description: "external_id", MockStsEndpoints: []*awsbase.MockEndpoint{ @@ -195,27 +151,27 @@ func TestBackendConfig_AssumeRole(t *testing.T) { Request: &awsbase.MockRequest{"POST", "/", url.Values{ "Action": []string{"AssumeRole"}, "DurationSeconds": []string{"900"}, - "ExternalId": []string{"AssumeRoleExternalId"}, - "RoleArn": []string{mockStsAssumeRoleArn}, - "RoleSessionName": []string{mockStsAssumeRoleSessionName}, + "ExternalId": []string{awsbase.MockStsAssumeRoleExternalId}, + "RoleArn": []string{awsbase.MockStsAssumeRoleArn}, + "RoleSessionName": []string{awsbase.MockStsAssumeRoleSessionName}, "Version": []string{"2011-06-15"}, }.Encode()}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: mockStsAssumeRoleValidResponse, ContentType: "text/xml"}, + Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, }, { Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: mockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, + Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, }, }, }, { Config: map[string]interface{}{ - "assume_role_policy": mockStsAssumeRolePolicy, + "assume_role_policy": awsbase.MockStsAssumeRolePolicy, "bucket": "tf-test", "key": "state", "region": "us-west-1", - "role_arn": mockStsAssumeRoleArn, - "session_name": mockStsAssumeRoleSessionName, + "role_arn": awsbase.MockStsAssumeRoleArn, + "session_name": awsbase.MockStsAssumeRoleSessionName, }, Description: "assume_role_policy", MockStsEndpoints: []*awsbase.MockEndpoint{ @@ -223,27 +179,27 @@ func TestBackendConfig_AssumeRole(t *testing.T) { Request: &awsbase.MockRequest{"POST", "/", url.Values{ "Action": []string{"AssumeRole"}, "DurationSeconds": []string{"900"}, - "Policy": []string{mockStsAssumeRolePolicy}, - "RoleArn": []string{mockStsAssumeRoleArn}, - "RoleSessionName": []string{mockStsAssumeRoleSessionName}, + "Policy": []string{awsbase.MockStsAssumeRolePolicy}, + "RoleArn": []string{awsbase.MockStsAssumeRoleArn}, + "RoleSessionName": []string{awsbase.MockStsAssumeRoleSessionName}, "Version": []string{"2011-06-15"}, }.Encode()}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: mockStsAssumeRoleValidResponse, ContentType: "text/xml"}, + Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, }, { Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: mockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, + Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, }, }, }, { Config: map[string]interface{}{ - "assume_role_policy_arns": []interface{}{mockStsAssumeRolePolicyArn}, + "assume_role_policy_arns": []interface{}{awsbase.MockStsAssumeRolePolicyArn}, "bucket": "tf-test", "key": "state", "region": "us-west-1", - "role_arn": mockStsAssumeRoleArn, - "session_name": mockStsAssumeRoleSessionName, + "role_arn": awsbase.MockStsAssumeRoleArn, + "session_name": awsbase.MockStsAssumeRoleSessionName, }, Description: "assume_role_policy_arns", MockStsEndpoints: []*awsbase.MockEndpoint{ @@ -251,29 +207,29 @@ func TestBackendConfig_AssumeRole(t *testing.T) { Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ "Action": []string{"AssumeRole"}, "DurationSeconds": []string{"900"}, - "PolicyArns.member.1.arn": []string{mockStsAssumeRolePolicyArn}, - "RoleArn": []string{mockStsAssumeRoleArn}, - "RoleSessionName": []string{mockStsAssumeRoleSessionName}, + "PolicyArns.member.1.arn": []string{awsbase.MockStsAssumeRolePolicyArn}, + "RoleArn": []string{awsbase.MockStsAssumeRoleArn}, + "RoleSessionName": []string{awsbase.MockStsAssumeRoleSessionName}, "Version": []string{"2011-06-15"}, }.Encode()}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: mockStsAssumeRoleValidResponse, ContentType: "text/xml"}, + Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, }, { Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: mockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, + Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, }, }, }, { Config: map[string]interface{}{ "assume_role_tags": map[string]interface{}{ - mockStsAssumeRoleTagKey: mockStsAssumeRoleTagValue, + awsbase.MockStsAssumeRoleTagKey: awsbase.MockStsAssumeRoleTagValue, }, "bucket": "tf-test", "key": "state", "region": "us-west-1", - "role_arn": mockStsAssumeRoleArn, - "session_name": mockStsAssumeRoleSessionName, + "role_arn": awsbase.MockStsAssumeRoleArn, + "session_name": awsbase.MockStsAssumeRoleSessionName, }, Description: "assume_role_tags", MockStsEndpoints: []*awsbase.MockEndpoint{ @@ -281,31 +237,31 @@ func TestBackendConfig_AssumeRole(t *testing.T) { Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ "Action": []string{"AssumeRole"}, "DurationSeconds": []string{"900"}, - "RoleArn": []string{mockStsAssumeRoleArn}, - "RoleSessionName": []string{mockStsAssumeRoleSessionName}, - "Tags.member.1.Key": []string{mockStsAssumeRoleTagKey}, - "Tags.member.1.Value": []string{mockStsAssumeRoleTagValue}, + "RoleArn": []string{awsbase.MockStsAssumeRoleArn}, + "RoleSessionName": []string{awsbase.MockStsAssumeRoleSessionName}, + "Tags.member.1.Key": []string{awsbase.MockStsAssumeRoleTagKey}, + "Tags.member.1.Value": []string{awsbase.MockStsAssumeRoleTagValue}, "Version": []string{"2011-06-15"}, }.Encode()}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: mockStsAssumeRoleValidResponse, ContentType: "text/xml"}, + Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, }, { Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: mockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, + Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, }, }, }, { Config: map[string]interface{}{ "assume_role_tags": map[string]interface{}{ - mockStsAssumeRoleTagKey: mockStsAssumeRoleTagValue, + awsbase.MockStsAssumeRoleTagKey: awsbase.MockStsAssumeRoleTagValue, }, - "assume_role_transitive_tag_keys": []interface{}{mockStsAssumeRoleTagKey}, + "assume_role_transitive_tag_keys": []interface{}{awsbase.MockStsAssumeRoleTagKey}, "bucket": "tf-test", "key": "state", "region": "us-west-1", - "role_arn": mockStsAssumeRoleArn, - "session_name": mockStsAssumeRoleSessionName, + "role_arn": awsbase.MockStsAssumeRoleArn, + "session_name": awsbase.MockStsAssumeRoleSessionName, }, Description: "assume_role_transitive_tag_keys", MockStsEndpoints: []*awsbase.MockEndpoint{ @@ -313,18 +269,18 @@ func TestBackendConfig_AssumeRole(t *testing.T) { Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: url.Values{ "Action": []string{"AssumeRole"}, "DurationSeconds": []string{"900"}, - "RoleArn": []string{mockStsAssumeRoleArn}, - "RoleSessionName": []string{mockStsAssumeRoleSessionName}, - "Tags.member.1.Key": []string{mockStsAssumeRoleTagKey}, - "Tags.member.1.Value": []string{mockStsAssumeRoleTagValue}, - "TransitiveTagKeys.member.1": []string{mockStsAssumeRoleTagKey}, + "RoleArn": []string{awsbase.MockStsAssumeRoleArn}, + "RoleSessionName": []string{awsbase.MockStsAssumeRoleSessionName}, + "Tags.member.1.Key": []string{awsbase.MockStsAssumeRoleTagKey}, + "Tags.member.1.Value": []string{awsbase.MockStsAssumeRoleTagValue}, + "TransitiveTagKeys.member.1": []string{awsbase.MockStsAssumeRoleTagKey}, "Version": []string{"2011-06-15"}, }.Encode()}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: mockStsAssumeRoleValidResponse, ContentType: "text/xml"}, + Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsAssumeRoleValidResponseBody, ContentType: "text/xml"}, }, { Request: &awsbase.MockRequest{Method: "POST", Uri: "/", Body: mockStsGetCallerIdentityRequestBody}, - Response: &awsbase.MockResponse{StatusCode: 200, Body: mockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, + Response: &awsbase.MockResponse{StatusCode: 200, Body: awsbase.MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml"}, }, }, }, diff --git a/go.mod b/go.mod index ef3591083ed4..589d477f6aa9 100644 --- a/go.mod +++ b/go.mod @@ -51,7 +51,7 @@ require ( github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway v1.8.5 // indirect - github.com/hashicorp/aws-sdk-go-base v0.5.0 + github.com/hashicorp/aws-sdk-go-base v0.6.0 github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089 github.com/hashicorp/errwrap v1.0.0 github.com/hashicorp/go-azure-helpers v0.10.0 diff --git a/go.sum b/go.sum index 17ce1fa1801e..f298b999996f 100644 --- a/go.sum +++ b/go.sum @@ -74,8 +74,6 @@ github.com/antchfx/xpath v0.0.0-20190129040759-c8489ed3251e h1:ptBAamGVd6CfRsUty github.com/antchfx/xpath v0.0.0-20190129040759-c8489ed3251e/go.mod h1:Yee4kTMuNiPYJ7nSNorELQMr1J33uOpXDMByNYhvtNk= github.com/antchfx/xquery v0.0.0-20180515051857-ad5b8c7a47b0 h1:JaCC8jz0zdMLk2m+qCCVLLLM/PL93p84w4pK3aJWj60= github.com/antchfx/xquery v0.0.0-20180515051857-ad5b8c7a47b0/go.mod h1:LzD22aAzDP8/dyiCKFp31He4m2GPjl0AFyzDtZzUu9M= -github.com/apparentlymart/go-cidr v1.0.1 h1:NmIwLZ/KdsjIUlhf+/Np40atNXm/+lZ5txfTJ/SpF+U= -github.com/apparentlymart/go-cidr v1.0.1/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc= github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4tdgBZjnU= github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc= github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM= @@ -240,8 +238,8 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92Bcuy github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.8.5 h1:2+KSC78XiO6Qy0hIjfc1OD9H+hsaJdJlb8Kqsd41CTE= github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/hashicorp/aws-sdk-go-base v0.5.0 h1:fk7ID0v3PWL/KNL8FvkBPu8Sm93EPUCCmtZCiTXLySE= -github.com/hashicorp/aws-sdk-go-base v0.5.0/go.mod h1:2fRjWDv3jJBeN6mVWFHV6hFTNeFBx2gpDLQaZNxUVAY= +github.com/hashicorp/aws-sdk-go-base v0.6.0 h1:qmUbzM36msbBF59YctwuO5w0M2oNXjlilgKpnEhx1uw= +github.com/hashicorp/aws-sdk-go-base v0.6.0/go.mod h1:2fRjWDv3jJBeN6mVWFHV6hFTNeFBx2gpDLQaZNxUVAY= github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089 h1:1eDpXAxTh0iPv+1kc9/gfSI2pxRERDsTk/lNGolwHn8= github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089/go.mod h1:mFrjN1mfidgJfYP1xrJCF+AfRhr6Eaqhb2+sfyn/OOI= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= diff --git a/vendor/github.com/hashicorp/aws-sdk-go-base/CHANGELOG.md b/vendor/github.com/hashicorp/aws-sdk-go-base/CHANGELOG.md index fd1b523fa7b2..f6ff4cc3205e 100644 --- a/vendor/github.com/hashicorp/aws-sdk-go-base/CHANGELOG.md +++ b/vendor/github.com/hashicorp/aws-sdk-go-base/CHANGELOG.md @@ -1,3 +1,13 @@ +# v0.6.0 (unreleased) + +BREAKING CHANGES + +* AWS error checking function have been moved to `tfawserr` package. `IsAWSErr` has been renamed to `ErrMessageContains` and `IsAWSErrExtended` has been renamed to `ErrMessageAndOrigErrContain`. #37 + +ENHANCEMENTS + +* Additional AWS error checking function have been added to the `tfawserr` package - `ErrCodeEquals`, `ErrCodeContains` and `ErrStatusCodeEquals`. + # v0.5.0 (June 4, 2020) BREAKING CHANGES diff --git a/vendor/github.com/hashicorp/aws-sdk-go-base/README.md b/vendor/github.com/hashicorp/aws-sdk-go-base/README.md index a5be53987abe..ad824ce1e4db 100644 --- a/vendor/github.com/hashicorp/aws-sdk-go-base/README.md +++ b/vendor/github.com/hashicorp/aws-sdk-go-base/README.md @@ -6,7 +6,7 @@ An opinionated [AWS Go SDK](https://github.com/aws/aws-sdk-go) library for consi ## Requirements -- [Go](https://golang.org/doc/install) 1.12 +- [Go](https://golang.org/doc/install) 1.13 ## Development @@ -25,3 +25,16 @@ $ golangci-lint run ./... # Optionally if Make is available; both run the same linting $ make lint ``` + +## Release Process + +- Push a new `vX.Y.Z` tag to the repository +- Close associated `vX.Y.Z` milestone +- For Terraform AWS Provider: Renovate will automatically detect the update and submit a dependency pull request (usually within an hour) +- For Terraform S3 Backend: Submit a new dependency pull request by running: + +```sh +go get github.com/hashicorp/aws-sdk-go-base@vX.Y.Z +go mod tidy +go mod vendor +``` diff --git a/vendor/github.com/hashicorp/aws-sdk-go-base/awsauth.go b/vendor/github.com/hashicorp/aws-sdk-go-base/awsauth.go index 3363b1d5be00..3b1763ecd131 100644 --- a/vendor/github.com/hashicorp/aws-sdk-go-base/awsauth.go +++ b/vendor/github.com/hashicorp/aws-sdk-go-base/awsauth.go @@ -17,6 +17,7 @@ import ( "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/iam" "github.com/aws/aws-sdk-go/service/sts" + "github.com/hashicorp/aws-sdk-go-base/tfawserr" "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/go-multierror" homedir "github.com/mitchellh/go-homedir" @@ -183,7 +184,7 @@ func GetCredentialsFromSession(c *Config) (*awsCredentials.Credentials, error) { sess, err := session.NewSessionWithOptions(*options) if err != nil { - if IsAWSErr(err, "NoCredentialProviders", "") { + if tfawserr.ErrCodeEquals(err, "NoCredentialProviders") { return nil, c.NewNoValidCredentialSourcesError(err) } return nil, fmt.Errorf("Error creating AWS session: %w", err) @@ -229,7 +230,7 @@ func GetCredentials(c *Config) (*awsCredentials.Credentials, error) { creds := awsCredentials.NewChainCredentials(providers) cp, err := creds.Get() if err != nil { - if IsAWSErr(err, "NoCredentialProviders", "") { + if tfawserr.ErrCodeEquals(err, "NoCredentialProviders") { creds, err = GetCredentialsFromSession(c) if err != nil { return nil, err diff --git a/vendor/github.com/hashicorp/aws-sdk-go-base/awserr.go b/vendor/github.com/hashicorp/aws-sdk-go-base/awserr.go deleted file mode 100644 index ce657679ae57..000000000000 --- a/vendor/github.com/hashicorp/aws-sdk-go-base/awserr.go +++ /dev/null @@ -1,44 +0,0 @@ -package awsbase - -import ( - "errors" - "strings" - - "github.com/aws/aws-sdk-go/aws/awserr" -) - -// IsAWSErr returns true if the error matches all these conditions: -// * err is of type awserr.Error -// * Error.Code() matches code -// * Error.Message() contains message -func IsAWSErr(err error, code string, message string) bool { - var awsErr awserr.Error - - if errors.As(err, &awsErr) { - return awsErr.Code() == code && strings.Contains(awsErr.Message(), message) - } - - return false -} - -// IsAWSErrExtended returns true if the error matches all these conditions: -// * err is of type awserr.Error -// * Error.Code() matches code -// * Error.Message() contains message -// * Error.OrigErr() contains origErrMessage -func IsAWSErrExtended(err error, code string, message string, origErrMessage string) bool { - if !IsAWSErr(err, code, message) { - return false - } - - if origErrMessage == "" { - return true - } - - // Ensure OrigErr() is non-nil, to prevent panics - if origErr := err.(awserr.Error).OrigErr(); origErr != nil { - return strings.Contains(origErr.Error(), origErrMessage) - } - - return false -} diff --git a/vendor/github.com/hashicorp/aws-sdk-go-base/mock.go b/vendor/github.com/hashicorp/aws-sdk-go-base/mock.go index 06ecd082bc45..253140188d46 100644 --- a/vendor/github.com/hashicorp/aws-sdk-go-base/mock.go +++ b/vendor/github.com/hashicorp/aws-sdk-go-base/mock.go @@ -7,14 +7,263 @@ import ( "log" "net/http" "net/http/httptest" + "net/url" "os" "time" "github.com/aws/aws-sdk-go/aws" awsCredentials "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds" + "github.com/aws/aws-sdk-go/aws/credentials/endpointcreds" + "github.com/aws/aws-sdk-go/aws/credentials/stscreds" "github.com/aws/aws-sdk-go/aws/session" ) +const ( + MockEc2MetadataAccessKey = `Ec2MetadataAccessKey` + MockEc2MetadataSecretKey = `Ec2MetadataSecretKey` + MockEc2MetadataSessionToken = `Ec2MetadataSessionToken` + + MockEcsCredentialsAccessKey = `EcsCredentialsAccessKey` + MockEcsCredentialsSecretKey = `EcsCredentialsSecretKey` + MockEcsCredentialsSessionToken = `EcsCredentialsSessionToken` + + MockEnvAccessKey = `EnvAccessKey` + MockEnvSecretKey = `EnvSecretKey` + MockEnvSessionToken = `EnvSessionToken` + + MockStaticAccessKey = `StaticAccessKey` + MockStaticSecretKey = `StaticSecretKey` + + MockStsAssumeRoleAccessKey = `AssumeRoleAccessKey` + MockStsAssumeRoleArn = `arn:aws:iam::555555555555:role/AssumeRole` + MockStsAssumeRoleExternalId = `AssumeRoleExternalId` + MockStsAssumeRoleInvalidResponseBodyInvalidClientTokenId = ` + + Sender + InvalidClientTokenId + The security token included in the request is invalid. + +4d0cf5ec-892a-4d3f-84e4-30e9987d9bdd +` + MockStsAssumeRolePolicy = `{ + "Version": "2012-10-17", + "Statement": { + "Effect": "Allow", + "Action": "*", + "Resource": "*", + } +}` + MockStsAssumeRolePolicyArn = `arn:aws:iam::555555555555:policy/AssumeRolePolicy1` + MockStsAssumeRoleSecretKey = `AssumeRoleSecretKey` + MockStsAssumeRoleSessionName = `AssumeRoleSessionName` + MockStsAssumeRoleSessionToken = `AssumeRoleSessionToken` + MockStsAssumeRoleTagKey = `AssumeRoleTagKey` + MockStsAssumeRoleTagValue = `AssumeRoleTagValue` + MockStsAssumeRoleTransitiveTagKey = `AssumeRoleTagKey` + MockStsAssumeRoleValidResponseBody = ` + + + arn:aws:sts::555555555555:assumed-role/role/AssumeRoleSessionName + ARO123EXAMPLE123:AssumeRoleSessionName + + + AssumeRoleAccessKey + AssumeRoleSecretKey + AssumeRoleSessionToken + 2099-12-31T23:59:59Z + + + + 01234567-89ab-cdef-0123-456789abcdef + +` + + MockStsAssumeRoleWithWebIdentityAccessKey = `AssumeRoleWithWebIdentityAccessKey` + MockStsAssumeRoleWithWebIdentityArn = `arn:aws:iam::666666666666:role/WebIdentityToken` + MockStsAssumeRoleWithWebIdentitySecretKey = `AssumeRoleWithWebIdentitySecretKey` + MockStsAssumeRoleWithWebIdentitySessionName = `AssumeRoleWithWebIdentitySessionName` + MockStsAssumeRoleWithWebIdentitySessionToken = `AssumeRoleWithWebIdentitySessionToken` + MockStsAssumeRoleWithWebIdentityValidResponseBody = ` + + amzn1.account.AF6RHO7KZU5XRVQJGXK6HB56KR2A + client.6666666666666666666.6666@apps.example.com + + arn:aws:sts::666666666666:assumed-role/FederatedWebIdentityRole/AssumeRoleWithWebIdentitySessionName + ARO123EXAMPLE123:AssumeRoleWithWebIdentitySessionName + + + AssumeRoleWithWebIdentitySessionToken + AssumeRoleWithWebIdentitySecretKey + 2099-12-31T23:59:59Z + AssumeRoleWithWebIdentityAccessKey + + www.amazon.com + + + 01234567-89ab-cdef-0123-456789abcdef + +` + + MockStsGetCallerIdentityAccountID = `222222222222` + MockStsGetCallerIdentityInvalidResponseBodyAccessDenied = ` + + Sender + AccessDenied + User: arn:aws:iam::123456789012:user/Bob is not authorized to perform: sts:GetCallerIdentity + +01234567-89ab-cdef-0123-456789abcdef +` + MockStsGetCallerIdentityPartition = `aws` + MockStsGetCallerIdentityValidResponseBody = ` + + arn:aws:iam::222222222222:user/Alice + AKIAI44QH8DHBEXAMPLE + 222222222222 + + + 01234567-89ab-cdef-0123-456789abcdef + +` + + MockWebIdentityToken = `WebIdentityToken` +) + +var ( + MockEc2MetadataCredentials = awsCredentials.Value{ + AccessKeyID: MockEc2MetadataAccessKey, + ProviderName: ec2rolecreds.ProviderName, + SecretAccessKey: MockEc2MetadataSecretKey, + SessionToken: MockEc2MetadataSessionToken, + } + + MockEcsCredentialsCredentials = awsCredentials.Value{ + AccessKeyID: MockEcsCredentialsAccessKey, + ProviderName: endpointcreds.ProviderName, + SecretAccessKey: MockEcsCredentialsSecretKey, + SessionToken: MockEcsCredentialsSessionToken, + } + + MockEnvCredentials = awsCredentials.Value{ + AccessKeyID: MockEnvAccessKey, + ProviderName: awsCredentials.EnvProviderName, + SecretAccessKey: MockEnvSecretKey, + } + + MockEnvCredentialsWithSessionToken = awsCredentials.Value{ + AccessKeyID: MockEnvAccessKey, + ProviderName: awsCredentials.EnvProviderName, + SecretAccessKey: MockEnvSecretKey, + SessionToken: MockEnvSessionToken, + } + + MockStaticCredentials = awsCredentials.Value{ + AccessKeyID: MockStaticAccessKey, + ProviderName: awsCredentials.StaticProviderName, + SecretAccessKey: MockStaticSecretKey, + } + + MockStsAssumeRoleCredentials = awsCredentials.Value{ + AccessKeyID: MockStsAssumeRoleAccessKey, + ProviderName: stscreds.ProviderName, + SecretAccessKey: MockStsAssumeRoleSecretKey, + SessionToken: MockStsAssumeRoleSessionToken, + } + MockStsAssumeRoleInvalidEndpointInvalidClientTokenId = &MockEndpoint{ + Request: &MockRequest{ + Body: url.Values{ + "Action": []string{"AssumeRole"}, + "DurationSeconds": []string{"900"}, + "RoleArn": []string{MockStsAssumeRoleArn}, + "RoleSessionName": []string{MockStsAssumeRoleSessionName}, + "Version": []string{"2011-06-15"}, + }.Encode(), + Method: http.MethodPost, + Uri: "/", + }, + Response: &MockResponse{ + Body: MockStsAssumeRoleInvalidResponseBodyInvalidClientTokenId, + ContentType: "text/xml", + StatusCode: http.StatusForbidden, + }, + } + MockStsAssumeRoleValidEndpoint = &MockEndpoint{ + Request: &MockRequest{ + Body: url.Values{ + "Action": []string{"AssumeRole"}, + "DurationSeconds": []string{"900"}, + "RoleArn": []string{MockStsAssumeRoleArn}, + "RoleSessionName": []string{MockStsAssumeRoleSessionName}, + "Version": []string{"2011-06-15"}, + }.Encode(), + Method: http.MethodPost, + Uri: "/", + }, + Response: &MockResponse{ + Body: MockStsAssumeRoleValidResponseBody, + ContentType: "text/xml", + StatusCode: http.StatusOK, + }, + } + + MockStsAssumeRoleWithWebIdentityValidEndpoint = &MockEndpoint{ + Request: &MockRequest{ + Body: url.Values{ + "Action": []string{"AssumeRoleWithWebIdentity"}, + "RoleArn": []string{MockStsAssumeRoleWithWebIdentityArn}, + "RoleSessionName": []string{MockStsAssumeRoleWithWebIdentitySessionName}, + "Version": []string{"2011-06-15"}, + "WebIdentityToken": []string{MockWebIdentityToken}, + }.Encode(), + Method: http.MethodPost, + Uri: "/", + }, + Response: &MockResponse{ + Body: MockStsAssumeRoleWithWebIdentityValidResponseBody, + ContentType: "text/xml", + StatusCode: http.StatusOK, + }, + } + + MockStsAssumeRoleWithWebIdentityCredentials = awsCredentials.Value{ + AccessKeyID: MockStsAssumeRoleWithWebIdentityAccessKey, + ProviderName: stscreds.WebIdentityProviderName, + SecretAccessKey: MockStsAssumeRoleWithWebIdentitySecretKey, + SessionToken: MockStsAssumeRoleWithWebIdentitySessionToken, + } + + MockStsGetCallerIdentityInvalidEndpointAccessDenied = &MockEndpoint{ + Request: &MockRequest{ + Body: url.Values{ + "Action": []string{"GetCallerIdentity"}, + "Version": []string{"2011-06-15"}, + }.Encode(), + Method: http.MethodPost, + Uri: "/", + }, + Response: &MockResponse{ + Body: MockStsGetCallerIdentityInvalidResponseBodyAccessDenied, + ContentType: "text/xml", + StatusCode: http.StatusForbidden, + }, + } + MockStsGetCallerIdentityValidEndpoint = &MockEndpoint{ + Request: &MockRequest{ + Body: url.Values{ + "Action": []string{"GetCallerIdentity"}, + "Version": []string{"2011-06-15"}, + }.Encode(), + Method: http.MethodPost, + Uri: "/", + }, + Response: &MockResponse{ + Body: MockStsGetCallerIdentityValidResponseBody, + ContentType: "text/xml", + StatusCode: http.StatusOK, + }, + } +) + // MockAwsApiServer establishes a httptest server to simulate behaviour of a real AWS API server func MockAwsApiServer(svcName string, endpoints []*MockEndpoint) *httptest.Server { ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -96,11 +345,11 @@ func ecsCredentialsApiMock() func() { log.Printf("[DEBUG] Mock ECS credentials server received request: %s", r.RequestURI) if r.RequestURI == "/creds" { _ = json.NewEncoder(w).Encode(map[string]string{ - "AccessKeyId": "EcsCredentialsAccessKey", + "AccessKeyId": MockEcsCredentialsAccessKey, "Expiration": time.Now().UTC().Format(time.RFC3339), "RoleArn": "arn:aws:iam::000000000000:role/EcsCredentials", - "SecretAccessKey": "EcsCredentialsSecretKey", - "Token": "EcsCredentialsSessionToken", + "SecretAccessKey": MockEcsCredentialsSecretKey, + "Token": MockEcsCredentialsSessionToken, }) return } @@ -111,6 +360,34 @@ func ecsCredentialsApiMock() func() { return ts.Close } +// MockStsAssumeRoleValidEndpointWithOptions returns a valid STS AssumeRole response with configurable request options. +func MockStsAssumeRoleValidEndpointWithOptions(options map[string]string) *MockEndpoint { + urlValues := url.Values{ + "Action": []string{"AssumeRole"}, + "DurationSeconds": []string{"900"}, + "RoleArn": []string{MockStsAssumeRoleArn}, + "RoleSessionName": []string{MockStsAssumeRoleSessionName}, + "Version": []string{"2011-06-15"}, + } + + for k, v := range options { + urlValues.Set(k, v) + } + + return &MockEndpoint{ + Request: &MockRequest{ + Body: urlValues.Encode(), + Method: http.MethodPost, + Uri: "/", + }, + Response: &MockResponse{ + Body: MockStsAssumeRoleValidResponseBody, + ContentType: "text/xml", + StatusCode: http.StatusOK, + }, + } +} + // MockEndpoint represents a basic request and response that can be used for creating simple httptest server routes. type MockEndpoint struct { Request *MockRequest @@ -193,77 +470,6 @@ const iamResponse_GetUser_unauthorized = ` - - - arn:aws:sts::555555555555:assumed-role/role/AssumeRoleSessionName - ARO123EXAMPLE123:AssumeRoleSessionName - - - AssumeRoleAccessKey - AssumeRoleSecretKey - AssumeRoleSessionToken - %s - - - - 01234567-89ab-cdef-0123-456789abcdef - -`, time.Now().UTC().Format(time.RFC3339)) - -const stsResponse_AssumeRole_InvalidClientTokenId = ` - - Sender - InvalidClientTokenId - The security token included in the request is invalid. - -4d0cf5ec-892a-4d3f-84e4-30e9987d9bdd -` - -var stsResponse_AssumeRoleWithWebIdentity_valid = fmt.Sprintf(` - - amzn1.account.AF6RHO7KZU5XRVQJGXK6HB56KR2A - client.6666666666666666666.6666@apps.example.com - - arn:aws:sts::666666666666:assumed-role/FederatedWebIdentityRole/AssumeRoleWithWebIdentitySessionName - ARO123EXAMPLE123:AssumeRoleWithWebIdentitySessionName - - - AssumeRoleWithWebIdentitySessionToken - AssumeRoleWithWebIdentitySecretKey - %s - AssumeRoleWithWebIdentityAccessKey - - www.amazon.com - - - 01234567-89ab-cdef-0123-456789abcdef - -`, time.Now().UTC().Format(time.RFC3339)) - -const stsResponse_GetCallerIdentity_valid = ` - - arn:aws:iam::222222222222:user/Alice - AKIAI44QH8DHBEXAMPLE - 222222222222 - - - 01234567-89ab-cdef-0123-456789abcdef - -` - -const stsResponse_GetCallerIdentity_valid_expectedAccountID = `222222222222` -const stsResponse_GetCallerIdentity_valid_expectedPartition = `aws` - -const stsResponse_GetCallerIdentity_unauthorized = ` - - Sender - AccessDenied - User: arn:aws:iam::123456789012:user/Bob is not authorized to perform: sts:GetCallerIdentity - - 01234567-89ab-cdef-0123-456789abcdef -` - const iamResponse_GetUser_federatedFailure = ` Sender @@ -304,5 +510,3 @@ const iamResponse_ListRoles_unauthorized = `