Merge pull request #90 from silinternational/develop

Production release - update AWS SDK to v2

Author: briskt

actions-services.yml

@@ -2,12 +2,11 @@ services:
   test:
     build: .
     environment:
-      AWS_ENDPOINT: dynamo:8000
-      AWS_DISABLE_SSL: "true"
+      AWS_ENDPOINT: http://dynamo:8000
       API_KEY_TABLE: ApiKey
       WEBAUTHN_TABLE: WebAuthn
       LAMBDA_ROLE: placeholder
-      AWS_REGION: $AWS_REGION
+      AWS_REGION: localhost
       GITHUB_REF_NAME: $GITHUB_REF_NAME
       STG_AWS_ACCESS_KEY_ID: $STG_AWS_ACCESS_KEY_ID
       STG_AWS_SECRET_ACCESS_KEY: $STG_AWS_SECRET_ACCESS_KEY

apikey.go

@@ -17,13 +17,13 @@ import (
 const ApiKeyTablePK = "value"
 
 type ApiKey struct {
-	Key          string   `json:"value"`
-	Secret       string   `json:"-"`
-	HashedSecret string   `json:"hashedApiSecret"`
-	Email        string   `json:"email"`
-	CreatedAt    int      `json:"createdAt"`
-	ActivatedAt  int      `json:"activatedAt"`
-	Store        *Storage `json:"-"`
+	Key          string   `dynamodbav:"value" json:"value"`
+	Secret       string   `dynamodbav:"-" json:"-"`
+	HashedSecret string   `dynamodbav:"hashedApiSecret" json:"hashedApiSecret"`
+	Email        string   `dynamodbav:"email" json:"email"`
+	CreatedAt    int      `dynamodbav:"createdAt" json:"createdAt"`
+	ActivatedAt  int      `dynamodbav:"activatedAt" json:"activatedAt"`
+	Store        *Storage `dynamodbav:"-" json:"-"`
 }
 
 func (k *ApiKey) Load() error {

config.go

@@ -1,17 +1,16 @@
 package mfa
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"log"
 
-	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
 )
 
-var (
-	storage   *Storage
-	envConfig EnvConfig
-)
+var envConfig EnvConfig
 
 // EnvConfig holds environment specific configurations and is populated on init
 type EnvConfig struct {
@@ -20,23 +19,20 @@ type EnvConfig struct {
 
 	AwsEndpoint      string `default:"" split_words:"true"`
 	AwsDefaultRegion string `default:"" split_words:"true"`
-	AwsDisableSSL    bool   `default:"false" split_words:"true"`
 
-	AWSConfig *aws.Config `json:"-"`
+	AWSConfig aws.Config `json:"-"`
 }
 
 func (e *EnvConfig) InitAWS() {
-	e.AWSConfig = &aws.Config{
-		DisableSSL: aws.Bool(e.AwsDisableSSL),
-	}
-
-	if e.AwsEndpoint != "" {
-		e.AWSConfig.Endpoint = aws.String(e.AwsEndpoint)
-	}
-
-	if e.AwsDefaultRegion != "" {
-		e.AWSConfig.Region = aws.String(e.AwsDefaultRegion)
+	cfg, err := config.LoadDefaultConfig(
+		context.Background(),
+		config.WithRegion(e.AwsDefaultRegion),
+		config.WithBaseEndpoint(e.AwsEndpoint),
+	)
+	if err != nil {
+		panic("InitAWS failed at LoadDefaultConfig: " + err.Error())
 	}
+	e.AWSConfig = cfg
 }
 
 func (e *EnvConfig) String() string {

docker-compose.yml

@@ -26,11 +26,10 @@ services:
     ports:
       - 8080
     environment:
-      AWS_ENDPOINT: dynamo:8000
-      AWS_DEFAULT_REGION: us-east-1
+      AWS_ENDPOINT: http://dynamo:8000
+      AWS_DEFAULT_REGION: localhost
       AWS_ACCESS_KEY_ID: abc123
       AWS_SECRET_ACCESS_KEY: abc123
-      AWS_DISABLE_SSL: "true"
       API_KEY_TABLE: ApiKey
       WEBAUTHN_TABLE: WebAuthn
     depends_on:

fixtures_test.go

@@ -1,8 +1,10 @@
 package mfa
 
 import (
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/service/dynamodb"
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/dynamodb"
 	"github.com/go-webauthn/webauthn/webauthn"
 )
 
@@ -16,7 +18,7 @@ type baseTestConfig struct {
 func getDBConfig(ms *MfaSuite) baseTestConfig {
 	awsConfig := testAwsConfig()
 	envCfg := testEnvConfig(awsConfig)
-	localStorage, err := NewStorage(&awsConfig)
+	localStorage, err := NewStorage(awsConfig)
 	ms.NoError(err, "failed creating local storage for test")
 
 	web, err := webauthn.New(&webauthn.Config{
@@ -100,11 +102,10 @@ func getTestWebauthnUsers(ms *MfaSuite, config baseTestConfig) []DynamoUser {
 		TableName: aws.String(config.EnvConfig.WebauthnTable),
 	}
 
-	results, err := config.Storage.client.Scan(params)
+	ctx := context.Background()
+	results, err := config.Storage.client.Scan(ctx, params)
 	ms.NoError(err, "failed to scan storage for new user entries")
-
-	resultsStr := formatDynamoResults(results)
-	ms.Contains(resultsStr, "Count: 3", "initial data wasn't saved properly")
+	ms.Equal(int32(3), results.Count, "Count:3", "initial data wasn't saved properly")
 
 	return []DynamoUser{testUser0, testUser1, testUser2}
 }

go.mod

@@ -4,7 +4,10 @@ go 1.23
 
 require (
 	github.com/aws/aws-lambda-go v1.47.0
-	github.com/aws/aws-sdk-go v1.55.6
+	github.com/aws/aws-sdk-go-v2 v1.33.0
+	github.com/aws/aws-sdk-go-v2/config v1.29.1
+	github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.15.28
+	github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.5
 	github.com/fxamacker/cbor/v2 v2.7.0
 	github.com/go-webauthn/webauthn v0.11.2
 	github.com/gorilla/mux v1.8.1
@@ -16,6 +19,19 @@ require (
 )
 
 require (
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.54 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.24.15 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.9 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.11 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.9 // indirect
+	github.com/aws/smithy-go v1.22.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/go-webauthn/x v0.1.16 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect

go.sum

@@ -1,7 +1,39 @@
 github.com/aws/aws-lambda-go v1.47.0 h1:0H8s0vumYx/YKs4sE7YM0ktwL2eWse+kfopsRI1sXVI=
 github.com/aws/aws-lambda-go v1.47.0/go.mod h1:dpMpZgvWx5vuQJfBt0zqBha60q7Dd7RfgJv23DymV8A=
-github.com/aws/aws-sdk-go v1.55.6 h1:cSg4pvZ3m8dgYcgqB97MrcdjUmZ1BeMYKUxMMB89IPk=
-github.com/aws/aws-sdk-go v1.55.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
+github.com/aws/aws-sdk-go-v2 v1.33.0 h1:Evgm4DI9imD81V0WwD+TN4DCwjUMdc94TrduMLbgZJs=
+github.com/aws/aws-sdk-go-v2 v1.33.0/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U=
+github.com/aws/aws-sdk-go-v2/config v1.29.1 h1:JZhGawAyZ/EuJeBtbQYnaoftczcb2drR2Iq36Wgz4sQ=
+github.com/aws/aws-sdk-go-v2/config v1.29.1/go.mod h1:7bR2YD5euaxBhzt2y/oDkt3uNRb6tjFp98GlTFueRwk=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.54 h1:4UmqeOqJPvdvASZWrKlhzpRahAulBfyTJQUaYy4+hEI=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.54/go.mod h1:RTdfo0P0hbbTxIhmQrOsC/PquBZGabEPnCaxxKRPSnI=
+github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.15.28 h1:Q5xJGlNgUJ7nnL4klwoaEimWJo3N6B6S8y/fMGG165I=
+github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.15.28/go.mod h1:wIjOAtUwNtKiZXq7wD1aZvrjcr2AJwE7pmUUWXyz5Es=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 h1:5grmdTdMsovn9kPZPI23Hhvp0ZyNm5cRO+IZFIYiAfw=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24/go.mod h1:zqi7TVKTswH3Ozq28PkmBmgzG1tona7mo9G2IJg4Cis=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28 h1:igORFSiH3bfq4lxKFkTSYDhJEUCYo6C8VKiWJjYwQuQ=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28/go.mod h1:3So8EA/aAYm36L7XIvCVwLa0s5N0P7o2b1oqnx/2R4g=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28 h1:1mOW9zAUMhTSrMDssEHS/ajx8JcAj/IcftzcmNlmVLI=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28/go.mod h1:kGlXVIWDfvt2Ox5zEaNglmq0hXPHgQFNMix33Tw22jA=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
+github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.5 h1:RLbuYls/4gmY3AIHVyCLZgRjclRlSbUEUXLeva6C81Y=
+github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.5/go.mod h1:2xlKGs8OTgN92fRVfP4EgFgQGhYwVI7LQ2PLQ0tIFAQ=
+github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.24.15 h1:c6fGxhbI9ffZquEkJQATpam3vchGuEEQXgWwxQAy3o4=
+github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.24.15/go.mod h1:SnMeleniez26QKaqTeco4TSxBU3WzRpGu6HELM6OyQ8=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE=
+github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.9 h1:ramlTFqWSsOt4Y/skpd30D8oI0kfKf5wd1Yu9C5HhPw=
+github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.9/go.mod h1:+B//vxKaB6Z/HfJfRV4ikLz0M7nIcKheHKm96FuaRrs=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 h1:TQmKDyETFGiXVhZfQ/I0cCFziqqX58pi4tKJGYGFSz0=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9/go.mod h1:HVLPK2iHQBUx7HfZeOQSEu3v2ubZaAY2YPbAm5/WUyY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.11 h1:kuIyu4fTT38Kj7YCC7ouNbVZSSpqkZ+LzIfhCr6Dg+I=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.11/go.mod h1:Ro744S4fKiCCuZECXgOi760TiYylUM8ZBf6OGiZzJtY=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10 h1:l+dgv/64iVlQ3WsBbnn+JSbkj01jIi+SM0wYsj3y/hY=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10/go.mod h1:Fzsj6lZEb8AkTE5S68OhcbBqeWPsR8RnGuKPr8Todl8=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.9 h1:BRVDbewN6VZcwr+FBOszDKvYeXY1kJ+GGMCcpghlw0U=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.9/go.mod h1:f6vjfZER1M17Fokn0IzssOTMT2N8ZSq+7jnNF0tArvw=
+github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro=
+github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=

storage.go

@@ -1,31 +1,27 @@
 package mfa
 
 import (
+	"context"
 	"errors"
 	"fmt"
 
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/dynamodb"
-	"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
+	"github.com/aws/aws-sdk-go-v2/service/dynamodb"
+	"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
 )
 
 // Storage provides wrapper methods for interacting with DynamoDB
 type Storage struct {
-	awsSession *session.Session
-	client     *dynamodb.DynamoDB
+	client *dynamodb.Client
 }
 
-func NewStorage(config *aws.Config) (*Storage, error) {
+// NewStorage creates a new Storage service, which includes a new DynamoDB Client
+func NewStorage(config aws.Config) (*Storage, error) {
 	s := Storage{}
-
-	var err error
-	s.awsSession, err = session.NewSession(config)
-	if err != nil {
-		return &Storage{}, err
-	}
-
-	s.client = dynamodb.New(s.awsSession)
+	s.client = dynamodb.NewFromConfig(config, func(o *dynamodb.Options) {
+		o.EndpointOptions.DisableHTTPS = config.BaseEndpoint != nil
+	})
 	if s.client == nil {
 		return nil, fmt.Errorf("failed to create new dynamo client")
 	}
@@ -35,7 +31,7 @@ func NewStorage(config *aws.Config) (*Storage, error) {
 
 // Store puts item at key.
 func (s *Storage) Store(table string, item interface{}) error {
-	av, err := dynamodbattribute.MarshalMap(item)
+	av, err := attributevalue.MarshalMap(item)
 	if err != nil {
 		return err
 	}
@@ -45,7 +41,8 @@ func (s *Storage) Store(table string, item interface{}) error {
 		TableName: aws.String(table),
 	}
 
-	_, err = s.client.PutItem(input)
+	ctx := context.Background()
+	_, err = s.client.PutItem(ctx, input)
 	return err
 }
 
@@ -62,21 +59,20 @@ func (s *Storage) Load(table, attrName, attrVal string, item interface{}) error
 	}
 
 	input := &dynamodb.GetItemInput{
-		Key: map[string]*dynamodb.AttributeValue{
-			attrName: {
-				S: aws.String(attrVal),
-			},
+		Key: map[string]types.AttributeValue{
+			attrName: &types.AttributeValueMemberS{Value: attrVal},
 		},
 		TableName:      aws.String(table),
 		ConsistentRead: aws.Bool(false),
 	}
 
-	result, err := s.client.GetItem(input)
+	ctx := context.Background()
+	result, err := s.client.GetItem(ctx, input)
 	if err != nil {
 		return err
 	}
 
-	return dynamodbattribute.UnmarshalMap(result.Item, item)
+	return attributevalue.UnmarshalMap(result.Item, item)
 }
 
 // Delete deletes key.
@@ -89,14 +85,13 @@ func (s *Storage) Delete(table, attrName, attrVal string) error {
 	}
 
 	input := &dynamodb.DeleteItemInput{
-		Key: map[string]*dynamodb.AttributeValue{
-			attrName: {
-				S: aws.String(attrVal),
-			},
+		Key: map[string]types.AttributeValue{
+			attrName: &types.AttributeValueMemberS{Value: attrVal},
 		},
 		TableName: aws.String(table),
 	}
 
-	_, err := s.client.DeleteItem(input)
+	ctx := context.Background()
+	_, err := s.client.DeleteItem(ctx, input)
 	return err
 }

storage_test.go

@@ -1,23 +1,20 @@
 package mfa
 
 import (
+	"context"
 	"os"
 	"testing"
 
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go-v2/config"
 )
 
 const TestTableName = "WebAuthn"
-const DisableSSL = true
 
 func (ms *MfaSuite) TestStorage_StoreLoad() {
 	type fields struct {
 		Table               string
-		AwsSession          *session.Session
 		AwsEndpoint         string
 		AwsRegion           string
-		AwsDisableSSL       bool
 		PrimaryKeyAttribute string
 	}
 	type args struct {
@@ -36,7 +33,6 @@ func (ms *MfaSuite) TestStorage_StoreLoad() {
 				Table:               TestTableName,
 				AwsEndpoint:         os.Getenv("AWS_ENDPOINT"),
 				AwsRegion:           os.Getenv("AWS_DEFAULT_REGION"),
-				AwsDisableSSL:       DisableSSL,
 				PrimaryKeyAttribute: "uuid",
 			},
 			args: args{
@@ -52,19 +48,22 @@ func (ms *MfaSuite) TestStorage_StoreLoad() {
 	}
 	for _, tt := range tests {
 		ms.T().Run(tt.name, func(t *testing.T) {
-			s, err := NewStorage(&aws.Config{
-				Endpoint:   aws.String(tt.fields.AwsEndpoint),
-				Region:     aws.String(tt.fields.AwsRegion),
-				DisableSSL: aws.Bool(tt.fields.AwsDisableSSL),
-			})
+			cfg, err := config.LoadDefaultConfig(
+				context.Background(),
+				config.WithRegion(tt.fields.AwsRegion),
+				config.WithBaseEndpoint(tt.fields.AwsEndpoint),
+			)
+			ms.NoError(err)
+
+			s, err := NewStorage(cfg)
 			ms.NoError(err)
 			err = s.Store(tt.fields.Table, tt.args.item)
 			if tt.wantErr {
 				ms.Error(err, "didn't get an expected error Store()")
 				return
 			}
-
 			ms.NoError(err, "unexpected error with Store()")
+
 			var user DynamoUser
 			ms.NoError(s.Load(tt.fields.Table, "uuid", tt.args.key, &user), "error with s.Load()")