Skip to content

Commit

Permalink
Migrate to AWS SDK v2
Browse files Browse the repository at this point in the history
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
  • Loading branch information
fjogeleit committed Oct 19, 2023
1 parent 21c31b1 commit 3a3f8c1
Show file tree
Hide file tree
Showing 10 changed files with 185 additions and 131 deletions.
21 changes: 20 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,13 @@ go 1.21

require (
cloud.google.com/go/storage v1.33.0
github.com/aws/aws-sdk-go v1.45.28
github.com/aws/aws-sdk-go-v2 v1.21.2
github.com/aws/aws-sdk-go-v2/config v1.19.0
github.com/aws/aws-sdk-go-v2/credentials v1.13.43
github.com/aws/aws-sdk-go-v2/service/kinesis v1.20.0
github.com/aws/aws-sdk-go-v2/service/s3 v1.40.2
github.com/aws/aws-sdk-go-v2/service/securityhub v1.37.2
github.com/aws/aws-sdk-go-v2/service/sts v1.23.2
github.com/go-redis/redis/v8 v8.11.5
github.com/go-sql-driver/mysql v1.7.1
github.com/kyverno/go-wildcard v1.0.5
Expand Down Expand Up @@ -33,6 +39,19 @@ require (
cloud.google.com/go/compute v1.23.1 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/iam v1.1.3 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.14 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.1.6 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.15 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.38 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.6 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
github.com/aws/smithy-go v1.15.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
Expand Down
47 changes: 41 additions & 6 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,46 @@ cloud.google.com/go/storage v1.33.0/go.mod h1:Hhh/dogNRGca7IWv1RC2YqEn0c0G77ctA/
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/aws/aws-sdk-go v1.45.28 h1:p2ATcaK6ffSw4yZ2UAGzgRyRXwKyOJY6ZCiKqj5miJE=
github.com/aws/aws-sdk-go v1.45.28/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.14 h1:Sc82v7tDQ/vdU1WtuSyzZ1I7y/68j//HJ6uozND1IDs=
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.14/go.mod h1:9NCTOURS8OpxvoAVHq79LK81/zC78hfRWFn+aL0SPcY=
github.com/aws/aws-sdk-go-v2/config v1.19.0 h1:AdzDvwH6dWuVARCl3RTLGRc4Ogy+N7yLFxVxXe1ClQ0=
github.com/aws/aws-sdk-go-v2/config v1.19.0/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
github.com/aws/aws-sdk-go-v2/credentials v1.13.43 h1:LU8vo40zBlo3R7bAvBVy/ku4nxGEyZe9N8MqAeFTzF8=
github.com/aws/aws-sdk-go-v2/credentials v1.13.43/go.mod h1:zWJBz1Yf1ZtX5NGax9ZdNjhhI4rgjfgsyk6vTY1yfVg=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 h1:PIktER+hwIG286DqXyvVENjgLTAwGgoeriLDD5C+YlQ=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13/go.mod h1:f/Ib/qYjhV2/qdsf79H3QP/eRE4AkVyEf6sk7XfZ1tg=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 h1:nFBQlGtkbPzp/NjZLuFxRqmT91rLJkgvsEQs68h962Y=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 h1:JRVhO25+r3ar2mKGP7E0LDl8K9/G36gjlqca5iQbaqc=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8=
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 h1:hze8YsjSh8Wl1rYa1CJpRmXP21BvOBuc76YhW0HsuQ4=
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45/go.mod h1:lD5M20o09/LCuQ2mE62Mb/iSdSlCNuj6H5ci7tW7OsE=
github.com/aws/aws-sdk-go-v2/internal/v4a v1.1.6 h1:wmGLw2i8ZTlHLw7a9ULGfQbuccw8uIiNr6sol5bFzc8=
github.com/aws/aws-sdk-go-v2/internal/v4a v1.1.6/go.mod h1:Q0Hq2X/NuL7z8b1Dww8rmOFl+jzusKEcyvkKspwdpyc=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.15 h1:7R8uRYyXzdD71KWVCL78lJZltah6VVznXBazvKjfH58=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.15/go.mod h1:26SQUPcTNgV1Tapwdt4a1rOsYRsnBsJHLMPoxK2b0d8=
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.38 h1:skaFGzv+3kA+v2BPKhuekeb1Hbb105+44r8ASC+q5SE=
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.38/go.mod h1:epIZoRSSbRIwLPJU5F+OldHhwZPBdpDeQkRdCeY3+00=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 h1:WWZA/I2K4ptBS1kg0kV1JbBtG/umed0vwHRrmcr9z7k=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37/go.mod h1:vBmDnwWXWxNPFRMmG2m/3MKOe+xEcMDo1tanpaWCcck=
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.6 h1:9ulSU5ClouoPIYhDQdg9tpl83d5Yb91PXTKK+17q+ow=
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.6/go.mod h1:lnc2taBsR9nTlz9meD+lhFZZ9EWY712QHrRflWpTcOA=
github.com/aws/aws-sdk-go-v2/service/kinesis v1.20.0 h1:OCYjSomi2Q8ttimk0DB4nNSAvoVOXfpSAwB0ZM4g1K0=
github.com/aws/aws-sdk-go-v2/service/kinesis v1.20.0/go.mod h1:IKAdoalibJPPhb+riPJyKh9z/6V8n4J2X1yUto/W90Q=
github.com/aws/aws-sdk-go-v2/service/s3 v1.40.2 h1:Ll5/YVCOzRB+gxPqs2uD0R7/MyATC0w85626glSKmp4=
github.com/aws/aws-sdk-go-v2/service/s3 v1.40.2/go.mod h1:Zjfqt7KhQK+PO1bbOsFNzKgaq7TcxzmEoDWN8lM0qzQ=
github.com/aws/aws-sdk-go-v2/service/securityhub v1.37.2 h1:F/ApqSnIeQl+1oiBxEmnJ4Xza3lzC/58tbtuHN5ZiCs=
github.com/aws/aws-sdk-go-v2/service/securityhub v1.37.2/go.mod h1:T1iphqNYdWF50nRQ++jMxIYe5Gw63/eeP0as72YtzwI=
github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 h1:JuPGc7IkOP4AaqcZSIcyqLpFSqBWK32rM9+a1g6u73k=
github.com/aws/aws-sdk-go-v2/service/sso v1.15.2/go.mod h1:gsL4keucRCgW+xA85ALBpRFfdSLH4kHOVSnLMSuBECo=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 h1:HFiiRkf1SdaAmV3/BHOFZ9DjFynPHj8G/UIO1lQS+fk=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3/go.mod h1:a7bHA82fyUXOm+ZSWKU6PIoBxrjSprdLoM8xPYvzYVg=
github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 h1:0BkLfgeDjfZnZ+MhB3ONb01u9pwFYTCZVhlsSSBvlbU=
github.com/aws/aws-sdk-go-v2/service/sts v1.23.2/go.mod h1:Eows6e1uQEsc4ZaHANmsPRzAKcVDrcmjjWiih2+HUUQ=
github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
Expand Down Expand Up @@ -154,6 +192,7 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
Expand Down Expand Up @@ -427,7 +466,6 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
Expand Down Expand Up @@ -492,12 +530,10 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
Expand All @@ -509,7 +545,6 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
Expand Down
3 changes: 2 additions & 1 deletion pkg/config/database_factory_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,10 @@ package config_test
import (
"testing"

"github.com/uptrace/bun/dialect"

"github.com/kyverno/policy-reporter/pkg/config"
"github.com/kyverno/policy-reporter/pkg/kubernetes/secrets"
"github.com/uptrace/bun/dialect"
)

func Test_ResolveDatabase(t *testing.T) {
Expand Down
3 changes: 2 additions & 1 deletion pkg/config/target_factory.go
Original file line number Diff line number Diff line change
Expand Up @@ -616,6 +616,7 @@ func (f *TargetFactory) createS3Client(config, parent *S3) target.Client {
return nil
}

setFallback(&config.Region, os.Getenv("AWS_REGION"))
setFallback(&config.Prefix, parent.Prefix, "policy-reporter")
setFallback(&config.KmsKeyID, parent.KmsKeyID)
setFallback(&config.ServerSideEncryption, parent.ServerSideEncryption)
Expand All @@ -630,7 +631,7 @@ func (f *TargetFactory) createS3Client(config, parent *S3) target.Client {
config.Endpoint,
config.Bucket,
config.PathStyle,
helper.WithKMS(&config.BucketKeyEnabled, &config.KmsKeyID, &config.ServerSideEncryption),
helper.WithKMS(config.BucketKeyEnabled, &config.KmsKeyID, &config.ServerSideEncryption),
)

sugar.Infof("%s configured", config.Name)
Expand Down
143 changes: 68 additions & 75 deletions pkg/helper/aws.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,20 @@ package helper

import (
"bytes"
"context"
"io"
"os"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/ec2metadata"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/kinesis"
"github.com/aws/aws-sdk-go/service/s3/s3manager"
"github.com/aws/aws-sdk-go/service/securityhub"
"github.com/aws/aws-sdk-go/service/sts"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/credentials"
"github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds"
"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
"github.com/aws/aws-sdk-go-v2/service/kinesis"
"github.com/aws/aws-sdk-go-v2/service/s3"
"github.com/aws/aws-sdk-go-v2/service/s3/types"
"github.com/aws/aws-sdk-go-v2/service/securityhub"
"github.com/aws/aws-sdk-go-v2/service/sts"
"go.uber.org/zap"
)

Expand All @@ -27,29 +28,29 @@ type AWSClient interface {

type s3Client struct {
bucket string
uploader *s3manager.Uploader
bucketKeyEnabled *bool
client *s3.Client
bucketKeyEnabled bool
kmsKeyID *string
serverSideEncryption *string
serverSideEncryption types.ServerSideEncryption
}

type Options func(s *s3Client)

func WithKMS(bucketKeyEnabled *bool, kmsKeyID, serverSideEncryption *string) Options {
func WithKMS(bucketKeyEnabled bool, kmsKeyID, serverSideEncryption *string) Options {
return func(s *s3Client) {
s.bucketKeyEnabled = bucketKeyEnabled
if *kmsKeyID != "" {
s.kmsKeyID = kmsKeyID
}

if *serverSideEncryption != "" {
s.serverSideEncryption = serverSideEncryption
s.serverSideEncryption = types.ServerSideEncryption(s.serverSideEncryption)
}
}
}

func (s *s3Client) Upload(body *bytes.Buffer, key string) error {
_, err := s.uploader.Upload(&s3manager.UploadInput{
_, err := s.client.PutObject(context.TODO(), &s3.PutObjectInput{
Bucket: aws.String(s.bucket),
Key: aws.String(key),
Body: body,
Expand All @@ -62,20 +63,23 @@ func (s *s3Client) Upload(body *bytes.Buffer, key string) error {

// NewS3Client creates a new S3.client to send Results to S3
func NewS3Client(accessKeyID, secretAccessKey, region, endpoint, bucket string, pathStyle bool, opts ...Options) AWSClient {
config := createConfig(accessKeyID, secretAccessKey, region, endpoint)
if pathStyle {
config.S3ForcePathStyle = &pathStyle
}

sess, err := session.NewSession(config)
config, err := createConfig(accessKeyID, secretAccessKey, region)
if err != nil {
zap.L().Error("error while creating S3 session")
zap.L().Error("error while creating config", zap.Error(err))
return nil
}

client := s3.NewFromConfig(config, func(o *s3.Options) {
o.UsePathStyle = pathStyle

if endpoint != "" {
o.BaseEndpoint = &endpoint
}
})

s3Client := &s3Client{
bucket: bucket,
uploader: s3manager.NewUploader(sess),
bucket: bucket,
client: client,
}

for _, opt := range opts {
Expand All @@ -87,7 +91,7 @@ func NewS3Client(accessKeyID, secretAccessKey, region, endpoint, bucket string,

type kinesisClient struct {
streamName string
kinesis *kinesis.Kinesis
kinesis *kinesis.Client
}

func (k *kinesisClient) Upload(body *bytes.Buffer, key string) error {
Expand All @@ -96,7 +100,7 @@ func (k *kinesisClient) Upload(body *bytes.Buffer, key string) error {
return err
}

_, err = k.kinesis.PutRecord(&kinesis.PutRecordInput{
_, err = k.kinesis.PutRecord(context.TODO(), &kinesis.PutRecordInput{
StreamName: aws.String(k.streamName),
PartitionKey: aws.String(key),
Data: data,
Expand All @@ -106,75 +110,64 @@ func (k *kinesisClient) Upload(body *bytes.Buffer, key string) error {

// NewKinesisClient creates a new S3.client to send Results to S3
func NewKinesisClient(accessKeyID, secretAccessKey, region, endpoint, streamName string) AWSClient {
config := createConfig(accessKeyID, secretAccessKey, region, endpoint)

sess, err := session.NewSession(config)
config, err := createConfig(accessKeyID, secretAccessKey, region)
if err != nil {
zap.L().Error("error while creating Kinesis session")
zap.L().Error("error while creating config", zap.Error(err))
return nil
}

return &kinesisClient{
streamName,
kinesis.New(sess),
kinesis.NewFromConfig(config, func(o *kinesis.Options) {
if endpoint != "" {
o.BaseEndpoint = &endpoint
}
}),
}
}

// NewHubClient creates a new SecurityHub client to send finding events
func NewHubClient(accessKeyID, secretAccessKey, region, endpoint string) *securityhub.SecurityHub {
config := createConfig(accessKeyID, secretAccessKey, region, endpoint)

sess, err := session.NewSession(config)
func NewHubClient(accessKeyID, secretAccessKey, region, endpoint string) *securityhub.Client {
config, err := createConfig(accessKeyID, secretAccessKey, region)
if err != nil {
zap.L().Error("error while creating SecurityHub session")
zap.L().Error("error while creating config", zap.Error(err))
return nil
}

optional := make([]*aws.Config, 0)
if endpoint != "" {
optional = append(optional, aws.NewConfig().WithEndpoint(endpoint))
}

return securityhub.New(sess, optional...)
return securityhub.NewFromConfig(config, func(o *securityhub.Options) {
if endpoint != "" {
o.BaseEndpoint = &endpoint
}
})
}

func createConfig(accessKeyID, secretAccessKey, region, endpoint string) *aws.Config {
baseConfig := &aws.Config{}
if endpoint != "" {
baseConfig.Endpoint = aws.String(endpoint)
}
if region != "" {
baseConfig.Region = aws.String(region)
}
func createConfig(accessKeyID, secretAccessKey, region string) (aws.Config, error) {
roleARN := os.Getenv("AWS_ROLE_ARN")
webIdentity := os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

sess := session.Must(session.NewSession(baseConfig))
cfg, err := config.LoadDefaultConfig(context.TODO(), func(o *config.LoadOptions) error {
if region != "" {
o.Region = region
}

var provider credentials.Provider
return nil
})
if err != nil {
return aws.Config{}, err
}

if accessKeyID != "" && secretAccessKey != "" {
provider = &credentials.StaticProvider{
Value: credentials.Value{
AccessKeyID: accessKeyID,
SecretAccessKey: secretAccessKey,
},
}
} else if os.Getenv("AWS_ROLE_ARN") != "" && os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE") != "" {
provider = stscreds.NewWebIdentityRoleProvider(
sts.New(sess),
os.Getenv("AWS_ROLE_ARN"),
"",
os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE"),
)
zap.L().Debug("configure AWS credentals provider", zap.String("provider", "StaticCredentialsProvider"))
cfg.Credentials = credentials.NewStaticCredentialsProvider(accessKeyID, secretAccessKey, "")
} else if webIdentity != "" && roleARN != "" {
zap.L().Debug("configure AWS credentals provider", zap.String("provider", "WebIdentityRoleProvider"))
cfg.Credentials = stscreds.NewWebIdentityRoleProvider(sts.NewFromConfig(cfg), roleARN, stscreds.IdentityTokenFile(webIdentity))
} else if roleARN != "" {
zap.L().Debug("configure AWS credentals provider", zap.String("provider", "AssumeRoleProvider"))
cfg.Credentials = stscreds.NewAssumeRoleProvider(sts.NewFromConfig(cfg), roleARN)
} else {
provider = &ec2rolecreds.EC2RoleProvider{
Client: ec2metadata.New(sess),
}
cfg.Credentials = ec2rolecreds.New()
}

return &aws.Config{
Region: baseConfig.Region,
Endpoint: baseConfig.Endpoint,
CredentialsChainVerboseErrors: aws.Bool(true),
Credentials: credentials.NewCredentials(provider),
}
return cfg, nil
}
3 changes: 2 additions & 1 deletion pkg/listener/new_result_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,13 @@ import (
"testing"
"time"

v1 "k8s.io/apimachinery/pkg/apis/meta/v1"

"github.com/kyverno/policy-reporter/pkg/cache"
"github.com/kyverno/policy-reporter/pkg/crd/api/policyreport/v1alpha2"
"github.com/kyverno/policy-reporter/pkg/fixtures"
"github.com/kyverno/policy-reporter/pkg/listener"
"github.com/kyverno/policy-reporter/pkg/report"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func Test_ResultListener(t *testing.T) {
Expand Down
Loading

0 comments on commit 3a3f8c1

Please sign in to comment.