Cherrypicking into release 1.13 (#3541)

Signed-off-by: Elena Kolevska <elena@kolevska.com>
Signed-off-by: Eileen Yu <eileenylj@gmail.com>
Co-authored-by: Yaron Schneider <schneider.yaron@live.com>
Co-authored-by: Eileen Yu <48944635+Eileen-Yu@users.noreply.github.com>

.build-tools/pkg/metadataschema/builtin-authentication-profiles.go

@@ -15,13 +15,14 @@ package metadataschema
 
 import (
 	"fmt"
+	"strings"
 )
 
 // Built-in authentication profiles
 var BuiltinAuthenticationProfiles map[string][]AuthenticationProfile
 
 // ParseBuiltinAuthenticationProfile returns an AuthenticationProfile(s) from a given BuiltinAuthenticationProfile.
-func ParseBuiltinAuthenticationProfile(bi BuiltinAuthenticationProfile) ([]AuthenticationProfile, error) {
+func ParseBuiltinAuthenticationProfile(bi BuiltinAuthenticationProfile, componentTitle string) ([]AuthenticationProfile, error) {
 	profiles, ok := BuiltinAuthenticationProfiles[bi.Name]
 	if !ok {
 		return nil, fmt.Errorf("built-in authentication profile %s does not exist", bi.Name)
@@ -30,7 +31,14 @@ func ParseBuiltinAuthenticationProfile(bi BuiltinAuthenticationProfile) ([]Authe
 	res := make([]AuthenticationProfile, len(profiles))
 	for i, profile := range profiles {
 		res[i] = profile
+
 		res[i].Metadata = mergedMetadata(bi.Metadata, res[i].Metadata...)
+
+		// If component is PostgreSQL, filter out duplicated aws profile fields
+		if strings.ToLower(componentTitle) == "postgresql" && bi.Name == "aws" {
+			res[i].Metadata = filterOutDuplicateFields(res[i].Metadata)
+		}
+
 	}
 	return res, nil
 }
@@ -45,3 +53,29 @@ func mergedMetadata(base []Metadata, add ...Metadata) []Metadata {
 	res = append(res, add...)
 	return res
 }
+
+// filterOutDuplicateFields removes specific duplicated fields from the metadata
+func filterOutDuplicateFields(metadata []Metadata) []Metadata {
+	duplicateFields := map[string]int{
+		"awsRegion": 0,
+		"accessKey": 0,
+		"secretKey": 0,
+	}
+
+	filteredMetadata := []Metadata{}
+
+	for _, field := range metadata {
+		if _, exists := duplicateFields[field.Name]; !exists {
+			filteredMetadata = append(filteredMetadata, field)
+		} else {
+			if field.Name == "awsRegion" && duplicateFields["awsRegion"] == 0 {
+				filteredMetadata = append(filteredMetadata, field)
+				duplicateFields["awsRegion"]++
+			} else if field.Name != "awsRegion" {
+				continue
+			}
+		}
+	}
+
+	return filteredMetadata
+}

.build-tools/pkg/metadataschema/validators.go

@@ -67,7 +67,7 @@ func (c *ComponentMetadata) IsValid() error {
 
 	// Append built-in authentication profiles
 	for _, profile := range c.BuiltInAuthenticationProfiles {
-		appendProfiles, err := ParseBuiltinAuthenticationProfile(profile)
+		appendProfiles, err := ParseBuiltinAuthenticationProfile(profile, c.Title)
 		if err != nil {
 			return err
 		}

secretstores/aws/parameterstore/parameterstore.go

@@ -15,7 +15,6 @@ package parameterstore
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"reflect"
 
@@ -24,7 +23,6 @@ import (
 	"github.com/aws/aws-sdk-go/service/ssm/ssmiface"
 
 	awsAuth "github.com/dapr/components-contrib/common/authentication/aws"
-	"github.com/dapr/components-contrib/common/utils"
 	"github.com/dapr/components-contrib/metadata"
 	"github.com/dapr/components-contrib/secretstores"
 	"github.com/dapr/kit/logger"
@@ -65,32 +63,15 @@ func (s *ssmSecretStore) Init(ctx context.Context, metadata secretstores.Metadat
 		return err
 	}
 
-	// This check is needed because d.client is set to a mock in tests
-	if s.client == nil {
-		s.client, err = s.getClient(meta)
-		if err != nil {
-			return err
-		}
+	s.client, err = s.getClient(meta)
+	if err != nil {
+		return err
 	}
 	s.prefix = meta.Prefix
 
-	// Validate client connection
-	var notFoundErr *ssm.ParameterNotFound
-	if err := s.validateConnection(ctx); err != nil && !errors.As(err, &notFoundErr) {
-		return fmt.Errorf("error validating access to the aws.parameterstore secret store: %w", err)
-	}
 	return nil
 }
 
-// validateConnection runs a dummy GetParameterWithContext operation
-// to validate the connection credentials
-func (s *ssmSecretStore) validateConnection(ctx context.Context) error {
-	_, err := s.client.GetParameterWithContext(ctx, &ssm.GetParameterInput{
-		Name: ptr.Of(s.prefix + utils.GetRandOrDefaultString("dapr-test-param")),
-	})
-	return err
-}
-
 // GetSecret retrieves a secret using a key and returns a map of decrypted string/string values.
 func (s *ssmSecretStore) GetSecret(ctx context.Context, req secretstores.GetSecretRequest) (secretstores.GetSecretResponse, error) {
 	name := req.Name

secretstores/aws/parameterstore/parameterstore_test.go

@@ -50,12 +50,6 @@ func (m *mockedSSM) DescribeParametersWithContext(ctx context.Context, input *ss
 func TestInit(t *testing.T) {
 	m := secretstores.Metadata{}
 	s := NewParameterStore(logger.NewLogger("test"))
-	s.(*ssmSecretStore).client = &mockedSSM{
-		GetParameterFn: func(ctx context.Context, input *ssm.GetParameterInput, option ...request.Option) (*ssm.GetParameterOutput, error) {
-			// Simulate a non error response from AWS SSM
-			return nil, nil
-		},
-	}
 
 	t.Run("Init with valid metadata", func(t *testing.T) {
 		m.Properties = map[string]string{
@@ -68,19 +62,6 @@ func TestInit(t *testing.T) {
 		err := s.Init(context.Background(), m)
 		require.NoError(t, err)
 	})
-
-	t.Run("Init with invalid connection details", func(t *testing.T) {
-		s.(*ssmSecretStore).client = &mockedSSM{
-			GetParameterFn: func(ctx context.Context, input *ssm.GetParameterInput, option ...request.Option) (*ssm.GetParameterOutput, error) {
-				// Simulate a failure that resembles what AWS SSM would return
-				return nil, fmt.Errorf("wrong-credentials")
-			},
-		}
-
-		err := s.Init(context.Background(), m)
-		require.Error(t, err)
-		require.EqualError(t, err, "error validating access to the aws.parameterstore secret store: wrong-credentials")
-	})
 }
 
 func TestGetSecret(t *testing.T) {