V2: Linting cleanup

.github/workflows/pull_request.yml

@@ -1,39 +1,95 @@
 name: Pull Request Checks
 on: [pull_request]
 
-env:
-  GO_VERSION: "1.14"
-
 jobs:
   go_mod:
     name: go mod
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
+
+      - id: go-version
+        uses: juliangruber/read-file-action@v1
+        with:
+          path: ./.go-version
+
       - uses: actions/setup-go@v2
         with:
-          go-version: ${{ env.GO_VERSION }}
+          # TODO: Replace with go-version-from-file when it is supported
+          # https://github.com/actions/setup-go/pull/62
+          go-version: ${{ steps.go-version.outputs.content }}
+
       - name: go mod
         run: |
-          echo "==> Checking source code with go mod tidy..."
           go mod tidy
           git diff --exit-code -- go.mod go.sum || \
             (echo; echo "Unexpected difference in go.mod/go.sum files. Run 'go mod tidy' command or revert any go.mod/go.sum changes and commit."; exit 1)
+
   go_test:
     name: go test
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
+
+      - id: go-version
+        uses: juliangruber/read-file-action@v1
+        with:
+          path: ./.go-version
+
       - uses: actions/setup-go@v2
         with:
-          go-version: ${{ env.GO_VERSION }}
+          # TODO: Replace with go-version-from-file when it is supported
+          # https://github.com/actions/setup-go/pull/62
+          go-version: ${{ steps.go-version.outputs.content }}
+
       - run: go test ./...
+
   golangci-lint:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - uses: actions/setup-go@v2
-      with:
-        go-version: ${{ env.GO_VERSION }}
-    - run: go get github.com/golangci/golangci-lint/cmd/golangci-lint@v1.27.0
-    - run: golangci-lint run ./...
+      - uses: actions/checkout@v2
+
+      - id: go-version
+        uses: juliangruber/read-file-action@v1
+        with:
+          path: ./.go-version
+
+      - uses: actions/setup-go@v2
+        with:
+          # TODO: Replace with go-version-from-file when it is supported
+          # https://github.com/actions/setup-go/pull/62
+          go-version: ${{ steps.go-version.outputs.content }}
+
+      - run: cd tools && go install github.com/golangci/golangci-lint/cmd/golangci-lint
+
+      - run: golangci-lint run ./...
+
+  import-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - id: go-version
+        uses: juliangruber/read-file-action@v1
+        with:
+          path: ./.go-version
+
+      - uses: actions/setup-go@v2
+        with:
+          # TODO: Replace with go-version-from-file when it is supported
+          # https://github.com/actions/setup-go/pull/62
+          go-version: ${{ steps.go-version.outputs.content }}
+
+      - run: cd tools && go install github.com/pavius/impi/cmd/impi
+
+      - run: impi --local . --scheme stdThirdPartyLocal ./...
+
+  semgrep:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: semgrep
+        uses: returntocorp/semgrep-action@v1
+        env:
+          REWRITE_RULE_IDS: 0

.golangci.yml

@@ -8,14 +8,14 @@ linters:
     - deadcode
     - dogsled
     - errcheck
+    - errname
+    - exportloopref
     - goconst
     - gofmt
     - gomnd
     - gosimple
     - ineffassign
-    - interfacer
     - misspell
-    - scopelint
     - staticcheck
     - structcheck
     - unconvert
@@ -24,3 +24,10 @@ linters:
     - typecheck
     - varcheck
     - vet
+
+linters-settings:
+  gomnd:
+    settings:
+      mnd:
+        ignored-functions:
+          - strings.SplitN

.semgrep/imports.yml

@@ -0,0 +1,31 @@
+rules:
+  - id: no-sdkv1-imports
+    languages: [go]
+    message: The package `awsbase` should not include any references to the AWS SDK for Go v1
+    paths:
+      exclude:
+        - awsv1shim
+        - tfawserr
+        - awsmocks
+    patterns:
+      - pattern: |
+          import ("$X")
+      - metavariable-regex:
+          metavariable: "$X"
+          regex: '^"github.com/aws/aws-sdk-go/.+"$'
+    severity: ERROR
+
+  - id: no-sdkv2-imports-in-awsv1shim
+    languages: [go]
+    message: The package `awsv1shim` should not include references to the AWS SDK for Go v2
+    paths:
+      include:
+        - awsv1shim
+        - tfawserr
+    patterns:
+      - pattern: |
+          import ("$X")
+      - metavariable-regex:
+          metavariable: "$X"
+          regex: '^"github.com/aws/aws-sdk-go-v2/.+"$'
+    severity: ERROR

GNUmakefile

@@ -1,17 +1,24 @@
 default: test lint
 
 fmt:
-	@echo "==> Fixing source code with gofmt..."
 	gofmt -s -w ./
 
-lint:
-	@echo "==> Checking source code against linters..."
+lint: golangci-lint importlint
+
+golangci-lint:
 	@golangci-lint run ./...
 
+importlint:
+	@impi --local . --scheme stdThirdPartyLocal ./...
+
 test:
 	go test -timeout=30s -parallel=4 ./...
 
 tools:
-	GO111MODULE=off go get -u github.com/golangci/golangci-lint/cmd/golangci-lint
+	cd tools && go install github.com/golangci/golangci-lint/cmd/golangci-lint
+	cd tools && go install github.com/pavius/impi/cmd/impi
+
+semgrep:
+	@docker run --rm --volume "${PWD}:/src" returntocorp/semgrep --config .semgrep --no-rewrite-rule-ids
 
 .PHONY: lint test tools

README.md

@@ -6,7 +6,7 @@ An opinionated [AWS Go SDK](https://github.com/aws/aws-sdk-go) library for consi
 
 ## Requirements
 
-- [Go](https://golang.org/doc/install) 1.13
+- [Go](https://golang.org/doc/install) 1.16
 
 ## Development
 

aws_config.go

@@ -30,10 +30,7 @@ const (
 )
 
 func GetAwsConfig(ctx context.Context, c *Config) (aws.Config, error) {
-	credentialsProvider, err := credentialsProvider(c)
-	if err != nil {
-		return aws.Config{}, err
-	}
+	credentialsProvider := credentialsProvider(c)
 
 	var logMode aws.ClientLogMode
 	var logger logging.Logger

awsmocks/setup.go

@@ -39,7 +39,7 @@ func PopEnv(env []string) {
 // when endpoint doesn't respond as expected
 func InvalidAwsEnv() func() {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(400)
+		w.WriteHeader(http.StatusBadRequest)
 	}))
 
 	os.Setenv("AWS_METADATA_URL", ts.URL+"/latest")

awsv1shim/awsauth_test.go

@@ -2,6 +2,7 @@ package awsv1shim
 
 import (
 	"io/ioutil"
+	"net/http"
 	"os"
 	"testing"
 
@@ -32,8 +33,8 @@ func TestGetAccountIDAndPartition(t *testing.T) {
 
 			IAMEndpoints: []*awsmocks.MockEndpoint{
 				{
-					Request:  &awsmocks.MockRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"},
-					Response: &awsmocks.MockResponse{200, awsmocks.IamResponse_GetUser_valid, "text/xml"},
+					Request:  &awsmocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=GetUser&Version=2010-05-08"},
+					Response: &awsmocks.MockResponse{StatusCode: http.StatusOK, Body: awsmocks.IamResponse_GetUser_valid, ContentType: "text/xml"},
 				},
 			},
 			ExpectedAccountID: awsmocks.Ec2metadata_iamInfoEndpoint_expectedAccountID,
@@ -45,8 +46,8 @@ func TestGetAccountIDAndPartition(t *testing.T) {
 			EC2MetadataEndpoints: awsmocks.Ec2metadata_securityCredentialsEndpoints,
 			IAMEndpoints: []*awsmocks.MockEndpoint{
 				{
-					Request:  &awsmocks.MockRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"},
-					Response: &awsmocks.MockResponse{403, awsmocks.IamResponse_GetUser_unauthorized, "text/xml"},
+					Request:  &awsmocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=GetUser&Version=2010-05-08"},
+					Response: &awsmocks.MockResponse{StatusCode: http.StatusForbidden, Body: awsmocks.IamResponse_GetUser_unauthorized, ContentType: "text/xml"},
 				},
 			},
 			STSEndpoints: []*awsmocks.MockEndpoint{
@@ -59,12 +60,12 @@ func TestGetAccountIDAndPartition(t *testing.T) {
 			Description: "iam:ListRoles if iam:GetUser AccessDenied and sts:GetCallerIdentity fails",
 			IAMEndpoints: []*awsmocks.MockEndpoint{
 				{
-					Request:  &awsmocks.MockRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"},
-					Response: &awsmocks.MockResponse{403, awsmocks.IamResponse_GetUser_unauthorized, "text/xml"},
+					Request:  &awsmocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=GetUser&Version=2010-05-08"},
+					Response: &awsmocks.MockResponse{StatusCode: http.StatusForbidden, Body: awsmocks.IamResponse_GetUser_unauthorized, ContentType: "text/xml"},
 				},
 				{
-					Request:  &awsmocks.MockRequest{"POST", "/", "Action=ListRoles&MaxItems=1&Version=2010-05-08"},
-					Response: &awsmocks.MockResponse{200, awsmocks.IamResponse_ListRoles_valid, "text/xml"},
+					Request:  &awsmocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=ListRoles&MaxItems=1&Version=2010-05-08"},
+					Response: &awsmocks.MockResponse{StatusCode: http.StatusOK, Body: awsmocks.IamResponse_ListRoles_valid, ContentType: "text/xml"},
 				},
 			},
 			STSEndpoints: []*awsmocks.MockEndpoint{
@@ -77,12 +78,12 @@ func TestGetAccountIDAndPartition(t *testing.T) {
 			Description: "iam:ListRoles if iam:GetUser ValidationError and sts:GetCallerIdentity fails",
 			IAMEndpoints: []*awsmocks.MockEndpoint{
 				{
-					Request:  &awsmocks.MockRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"},
-					Response: &awsmocks.MockResponse{400, awsmocks.IamResponse_GetUser_federatedFailure, "text/xml"},
+					Request:  &awsmocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=GetUser&Version=2010-05-08"},
+					Response: &awsmocks.MockResponse{StatusCode: http.StatusBadRequest, Body: awsmocks.IamResponse_GetUser_federatedFailure, ContentType: "text/xml"},
 				},
 				{
-					Request:  &awsmocks.MockRequest{"POST", "/", "Action=ListRoles&MaxItems=1&Version=2010-05-08"},
-					Response: &awsmocks.MockResponse{200, awsmocks.IamResponse_ListRoles_valid, "text/xml"},
+					Request:  &awsmocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=ListRoles&MaxItems=1&Version=2010-05-08"},
+					Response: &awsmocks.MockResponse{StatusCode: http.StatusOK, Body: awsmocks.IamResponse_ListRoles_valid, ContentType: "text/xml"},
 				},
 			},
 			STSEndpoints: []*awsmocks.MockEndpoint{
@@ -95,12 +96,12 @@ func TestGetAccountIDAndPartition(t *testing.T) {
 			Description: "Error when all endpoints fail",
 			IAMEndpoints: []*awsmocks.MockEndpoint{
 				{
-					Request:  &awsmocks.MockRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"},
-					Response: &awsmocks.MockResponse{400, awsmocks.IamResponse_GetUser_federatedFailure, "text/xml"},
+					Request:  &awsmocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=GetUser&Version=2010-05-08"},
+					Response: &awsmocks.MockResponse{StatusCode: http.StatusBadRequest, Body: awsmocks.IamResponse_GetUser_federatedFailure, ContentType: "text/xml"},
 				},
 				{
-					Request:  &awsmocks.MockRequest{"POST", "/", "Action=ListRoles&MaxItems=1&Version=2010-05-08"},
-					Response: &awsmocks.MockResponse{403, awsmocks.IamResponse_ListRoles_unauthorized, "text/xml"},
+					Request:  &awsmocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=ListRoles&MaxItems=1&Version=2010-05-08"},
+					Response: &awsmocks.MockResponse{StatusCode: http.StatusForbidden, Body: awsmocks.IamResponse_ListRoles_unauthorized, ContentType: "text/xml"},
 				},
 			},
 			STSEndpoints: []*awsmocks.MockEndpoint{
@@ -186,8 +187,8 @@ func TestGetAccountIDAndPartitionFromIAMGetUser(t *testing.T) {
 			Description: "Ignore iam:GetUser failure with federated user",
 			MockEndpoints: []*awsmocks.MockEndpoint{
 				{
-					Request:  &awsmocks.MockRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"},
-					Response: &awsmocks.MockResponse{400, awsmocks.IamResponse_GetUser_federatedFailure, "text/xml"},
+					Request:  &awsmocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=GetUser&Version=2010-05-08"},
+					Response: &awsmocks.MockResponse{StatusCode: http.StatusBadRequest, Body: awsmocks.IamResponse_GetUser_federatedFailure, ContentType: "text/xml"},
 				},
 			},
 			ErrCount: 0,
@@ -196,8 +197,8 @@ func TestGetAccountIDAndPartitionFromIAMGetUser(t *testing.T) {
 			Description: "Ignore iam:GetUser failure with unauthorized user",
 			MockEndpoints: []*awsmocks.MockEndpoint{
 				{
-					Request:  &awsmocks.MockRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"},
-					Response: &awsmocks.MockResponse{403, awsmocks.IamResponse_GetUser_unauthorized, "text/xml"},
+					Request:  &awsmocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=GetUser&Version=2010-05-08"},
+					Response: &awsmocks.MockResponse{StatusCode: http.StatusForbidden, Body: awsmocks.IamResponse_GetUser_unauthorized, ContentType: "text/xml"},
 				},
 			},
 			ErrCount: 0,
@@ -206,8 +207,8 @@ func TestGetAccountIDAndPartitionFromIAMGetUser(t *testing.T) {
 			Description: "iam:GetUser success",
 			MockEndpoints: []*awsmocks.MockEndpoint{
 				{
-					Request:  &awsmocks.MockRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"},
-					Response: &awsmocks.MockResponse{200, awsmocks.IamResponse_GetUser_valid, "text/xml"},
+					Request:  &awsmocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=GetUser&Version=2010-05-08"},
+					Response: &awsmocks.MockResponse{StatusCode: http.StatusOK, Body: awsmocks.IamResponse_GetUser_valid, ContentType: "text/xml"},
 				},
 			},
 			ExpectedAccountID: awsmocks.IamResponse_GetUser_valid_expectedAccountID,
@@ -256,8 +257,8 @@ func TestGetAccountIDAndPartitionFromIAMListRoles(t *testing.T) {
 			Description: "iam:ListRoles unauthorized",
 			MockEndpoints: []*awsmocks.MockEndpoint{
 				{
-					Request:  &awsmocks.MockRequest{"POST", "/", "Action=ListRoles&MaxItems=1&Version=2010-05-08"},
-					Response: &awsmocks.MockResponse{403, awsmocks.IamResponse_ListRoles_unauthorized, "text/xml"},
+					Request:  &awsmocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=ListRoles&MaxItems=1&Version=2010-05-08"},
+					Response: &awsmocks.MockResponse{StatusCode: http.StatusForbidden, Body: awsmocks.IamResponse_ListRoles_unauthorized, ContentType: "text/xml"},
 				},
 			},
 			ErrCount: 1,
@@ -266,8 +267,8 @@ func TestGetAccountIDAndPartitionFromIAMListRoles(t *testing.T) {
 			Description: "iam:ListRoles success",
 			MockEndpoints: []*awsmocks.MockEndpoint{
 				{
-					Request:  &awsmocks.MockRequest{"POST", "/", "Action=ListRoles&MaxItems=1&Version=2010-05-08"},
-					Response: &awsmocks.MockResponse{200, awsmocks.IamResponse_ListRoles_valid, "text/xml"},
+					Request:  &awsmocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=ListRoles&MaxItems=1&Version=2010-05-08"},
+					Response: &awsmocks.MockResponse{StatusCode: http.StatusOK, Body: awsmocks.IamResponse_ListRoles_valid, ContentType: "text/xml"},
 				},
 			},
 			ExpectedAccountID: awsmocks.IamResponse_ListRoles_valid_expectedAccountID,

awsv1shim/session.go

@@ -1,6 +1,6 @@
 package awsv1shim
 
-import (
+import ( // nosemgrep: no-sdkv2-imports-in-awsv1shim
 	"context"
 	"fmt"
 	"log"

credentials.go

@@ -9,7 +9,7 @@ import (
 	multierror "github.com/hashicorp/go-multierror"
 )
 
-func credentialsProvider(c *Config) (aws.CredentialsProvider, error) {
+func credentialsProvider(c *Config) aws.CredentialsProvider {
 	var providers []aws.CredentialsProvider
 	if c.AccessKey != "" {
 		providers = append(providers,
@@ -20,7 +20,7 @@ func credentialsProvider(c *Config) (aws.CredentialsProvider, error) {
 			))
 	}
 	if len(providers) == 0 {
-		return nil, nil
+		return nil
 	}
 
 	return aws.CredentialsProviderFunc(func(ctx context.Context) (aws.Credentials, error) {
@@ -34,5 +34,5 @@ func credentialsProvider(c *Config) (aws.CredentialsProvider, error) {
 		}
 
 		return aws.Credentials{}, fmt.Errorf("No valid providers found: %w", errs)
-	}), nil
+	})
 }