chore: Deprecate EndpointResolver v1, bump some deps (#365)

andrii-korotkov-verkada · pasha-codefresh · web-flow · commit 87bf0576a872 · 2025-03-09T19:40:02.000+02:00
Helps with: argoproj/argo-cd#22140 Remove deprecated functionality, moving to per-service endpoint and region resolution. Also, bump some dependencies. Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Co-authored-by: Pasha Kostohrys <pavel@codefresh.io>
diff --git a/go.mod b/go.mod
@@ -8,9 +8,9 @@ require (
 	github.com/PagerDuty/go-pagerduty v1.8.0
 	github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20240116134246-a8cbe886bab0
 	github.com/aws/aws-sdk-go-v2 v1.36.3
-	github.com/aws/aws-sdk-go-v2/config v1.29.8
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.61
-	github.com/aws/aws-sdk-go-v2/service/sqs v1.37.4
+	github.com/aws/aws-sdk-go-v2/config v1.29.9
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.62
+	github.com/aws/aws-sdk-go-v2/service/sqs v1.38.1
 	github.com/bradleyfalzon/ghinstallation/v2 v2.14.0
 	github.com/chainguard-dev/git-urls v1.0.2
 	github.com/expr-lang/expr v1.16.9
@@ -51,9 +51,9 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.25.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.33.16 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.25.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 // indirect
 	github.com/aws/smithy-go v1.22.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
@@ -120,3 +120,6 @@ require (
 	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
 )
+
+// Avoid CVE-2022-28948
+replace gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1
diff --git a/go.sum b/go.sum
@@ -23,10 +23,10 @@ github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20240116134246-a8cbe886bab0/go.m
 github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE=
 github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM=
 github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg=
-github.com/aws/aws-sdk-go-v2/config v1.29.8 h1:RpwAfYcV2lr/yRc4lWhUM9JRPQqKgKWmou3LV7UfWP4=
-github.com/aws/aws-sdk-go-v2/config v1.29.8/go.mod h1:t+G7Fq1OcO8cXTPPXzxQSnj/5Xzdc9jAAD3Xrn9/Mgo=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.61 h1:Hd/uX6Wo2iUW1JWII+rmyCD7MMhOe7ALwQXN6sKDd1o=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.61/go.mod h1:L7vaLkwHY1qgW0gG1zG0z/X0sQ5tpIY5iI13+j3qI80=
+github.com/aws/aws-sdk-go-v2/config v1.29.9 h1:Kg+fAYNaJeGXp1vmjtidss8O2uXIsXwaRqsQJKXVr+0=
+github.com/aws/aws-sdk-go-v2/config v1.29.9/go.mod h1:oU3jj2O53kgOU4TXq/yipt6ryiooYjlkqqVaZk7gY/U=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.62 h1:fvtQY3zFzYJ9CfixuAQ96IxDrBajbBWGqjNTCa79ocU=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.62/go.mod h1:ElETBxIQqcxej++Cs8GyPBbgMys5DgQPTwo7cUPDKt8=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30/go.mod h1:Jpne2tDnYiFascUEs2AWHJL9Yp7A5ZVy3TNyxaAjD6M=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 h1:ZK5jHhnrioRkUNOc+hOgQKlUL5JeC3S6JgLxtQ+Rm0Q=
@@ -39,14 +39,14 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY=
-github.com/aws/aws-sdk-go-v2/service/sqs v1.37.4 h1:WpoMCoS4+qOkkuWQommvDRboKYzK91En6eXO/k5dXr0=
-github.com/aws/aws-sdk-go-v2/service/sqs v1.37.4/go.mod h1:171mrsbgz6DahPMnLJzQiH3bXXrdsWhpE9USZiM19Lk=
-github.com/aws/aws-sdk-go-v2/service/sso v1.25.0 h1:2U9sF8nKy7UgyEeLiZTRg6ShBS22z8UnYpV6aRFL0is=
-github.com/aws/aws-sdk-go-v2/service/sso v1.25.0/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.0 h1:wjAdc85cXdQR5uLx5FwWvGIHm4OPJhTyzUHU8craXtE=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.0/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs=
-github.com/aws/aws-sdk-go-v2/service/sts v1.33.16 h1:BHEK2Q/7CMRMCb3nySi/w8UbIcPhKvYP5s1xf8/izn0=
-github.com/aws/aws-sdk-go-v2/service/sts v1.33.16/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4=
+github.com/aws/aws-sdk-go-v2/service/sqs v1.38.1 h1:ZtgZeMPJH8+/vNs9vJFFLI0QEzYbcN0p7x1/FFwyROc=
+github.com/aws/aws-sdk-go-v2/service/sqs v1.38.1/go.mod h1:Bar4MrRxeqdn6XIh8JGfiXuFRmyrrsZNTJotxEJmWW0=
+github.com/aws/aws-sdk-go-v2/service/sso v1.25.1 h1:8JdC7Gr9NROg1Rusk25IcZeTO59zLxsKgE0gkh5O6h0=
+github.com/aws/aws-sdk-go-v2/service/sso v1.25.1/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.1 h1:KwuLovgQPcdjNMfFt9OhUd9a2OwcOKhxfvF4glTzLuA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.1/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 h1:PZV5W8yk4OtH1JAuhV2PXwwO9v5G5Aoj+eMCn4T+1Kc=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.17/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4=
 github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ=
 github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
 github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg=
@@ -420,7 +420,6 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 k8s.io/api v0.32.2 h1:bZrMLEkgizC24G9eViHGOPbW+aRo9duEISRIJKfdJuw=
diff --git a/pkg/services/awssqs.go b/pkg/services/awssqs.go
@@ -41,13 +41,14 @@ type awsSqsService struct {
 }
 
 func (s awsSqsService) Send(notif Notification, dest Destination) error {
-	options := s.setOptions()
-	cfg, err := config.LoadDefaultConfig(context.TODO(), options...)
+	cfgOptions := s.getConfigOptions()
+	cfg, err := config.LoadDefaultConfig(context.TODO(), cfgOptions...)
 	if err != nil {
 		log.Fatalf("failed to load configuration, %v", err)
 	}
 
-	client := sqs.NewFromConfig(cfg)
+	clientOptions := s.getClientOptions()
+	client := sqs.NewFromConfig(cfg, clientOptions...)
 
 	queueUrl, err := GetQueueURL(context.TODO(), client, s.getQueueInput(dest))
 	if err != nil {
@@ -89,7 +90,7 @@ func (s awsSqsService) getQueueInput(dest Destination) *sqs.GetQueueUrlInput {
 	return result
 }
 
-func (s awsSqsService) setOptions() []func(*config.LoadOptions) error {
+func (s awsSqsService) getConfigOptions() []func(*config.LoadOptions) error {
 	// Slice for AWS config options
 	var options []func(*config.LoadOptions) error
 
@@ -103,36 +104,26 @@ func (s awsSqsService) setOptions() []func(*config.LoadOptions) error {
 		options = append(options, config.WithRegion(s.opts.Region))
 	}
 
-	// Useful for testing with localstack
-	if s.opts.EndpointUrl != "" {
-		endpointRegion := os.Getenv("AWS_DEFAULT_REGION")
-		if s.opts.Region != "" {
-			endpointRegion = s.opts.Region
-		}
-		//nolint:staticcheck // SA1019 Migration needed
-		customResolver := aws.EndpointResolverWithOptionsFunc(s.getCustomResolver(endpointRegion))
-		//nolint:staticcheck // SA1019 Migration needed
-		options = append(options, config.WithEndpointResolverWithOptions(customResolver))
-	}
 	return options
 }
 
-//nolint:staticcheck // SA1019 Migration needed
-func (s awsSqsService) getCustomResolver(endpointRegion string) func(service, region string, options ...interface{}) (aws.Endpoint, error) {
-	//nolint:staticcheck // SA1019 Migration needed
-	return func(service, region string, options ...interface{}) (aws.Endpoint, error) {
-		if service == sqs.ServiceID {
-			//nolint:staticcheck // SA1019 Migration needed
-			return aws.Endpoint{
-				PartitionID:   "aws",
-				URL:           s.opts.EndpointUrl,
-				SigningRegion: endpointRegion,
-			}, nil
-		}
-		// returning EndpointNotFoundError will allow the service to fallback to it's default resolution
-		//nolint:staticcheck // SA1019 Migration needed
-		return aws.Endpoint{}, &aws.EndpointNotFoundError{}
+func (s awsSqsService) getClientOptions() []func(*sqs.Options) {
+	clientOptions := []func(o *sqs.Options){}
+	if s.opts.EndpointUrl != "" {
+		clientOptions = append(clientOptions, func(o *sqs.Options) {
+			o.BaseEndpoint = aws.String(s.opts.EndpointUrl)
+		})
+	}
+	endpointRegion := os.Getenv("AWS_DEFAULT_REGION")
+	if s.opts.Region != "" {
+		endpointRegion = s.opts.Region
+	}
+	if endpointRegion != "" {
+		clientOptions = append(clientOptions, func(o *sqs.Options) {
+			o.Region = endpointRegion
+		})
 	}
+	return clientOptions
 }
 
 func (n *AwsSqsNotification) GetTemplater(name string, f texttemplate.FuncMap) (Templater, error) {
diff --git a/pkg/services/awssqs_test.go b/pkg/services/awssqs_test.go
@@ -98,7 +98,7 @@ func TestSendFail_AwsSqs(t *testing.T) {
 	}
 }
 
-func TestSetOptions_AwsSqs(t *testing.T) {
+func TestGetConfigOptions_AwsSqs(t *testing.T) {
 	s := NewTypedAwsSqsService(AwsSqsOptions{
 		Region: "us-east-1",
 		AwsAccess: AwsAccess{
@@ -109,7 +109,7 @@ func TestSetOptions_AwsSqs(t *testing.T) {
 	})
 
 	options := &config.LoadOptions{}
-	optionsF := SetOptions(s)
+	optionsF := GetConfigOptions(s)
 
 	for _, f := range optionsF {
 		assert.NoError(t, f(options))
@@ -120,13 +120,9 @@ func TestSetOptions_AwsSqs(t *testing.T) {
 	creds, _ := options.Credentials.Retrieve(context.TODO())
 	assert.Equal(t, s.opts.AwsAccess.Key, creds.AccessKeyID)
 	assert.Equal(t, s.opts.AwsAccess.Secret, creds.SecretAccessKey)
-	// Verify custom resolver is used
-	//nolint:staticcheck // SA1019 Migration needed
-	var resolverType aws.EndpointResolverWithOptionsFunc
-	assert.IsType(t, resolverType, options.EndpointResolverWithOptions)
 }
 
-func TestSetOptionsFromEnv_AwsSqs(t *testing.T) {
+func TestGetConfigOptionsFromEnv_AwsSqs(t *testing.T) {
 	// Applying override via parameters instead of the ENV Variables
 	finalKey, finalSecret, finalRegion := "key", "secret", "us-east-1"
 
@@ -136,7 +132,7 @@ func TestSetOptionsFromEnv_AwsSqs(t *testing.T) {
 
 	s := NewTypedAwsSqsService(AwsSqsOptions{})
 
-	options := SetOptions(s)
+	options := GetConfigOptions(s)
 	cfg, err := config.LoadDefaultConfig(context.TODO(), options...)
 	assert.NoError(t, err)
 
@@ -147,7 +143,7 @@ func TestSetOptionsFromEnv_AwsSqs(t *testing.T) {
 	assert.Equal(t, finalRegion, cfg.Region)
 }
 
-func TestSetOptionsOverrideCredentials_AwsSqs(t *testing.T) {
+func TestGetConfigOptionsOverrideCredentials_AwsSqs(t *testing.T) {
 	os.Setenv("AWS_ACCESS_KEY_ID", "env_key")
 	os.Setenv("AWS_SECRET_ACCESS_KEY", "env_secret")
 	os.Setenv("AWS_DEFAULT_REGION", "us-east-2")
@@ -163,7 +159,7 @@ func TestSetOptionsOverrideCredentials_AwsSqs(t *testing.T) {
 		},
 	})
 
-	options := SetOptions(s)
+	options := GetConfigOptions(s)
 	cfg, err := config.LoadDefaultConfig(context.TODO(), options...)
 	assert.NoError(t, err)
 
@@ -174,7 +170,7 @@ func TestSetOptionsOverrideCredentials_AwsSqs(t *testing.T) {
 	assert.Equal(t, finalRegion, cfg.Region)
 }
 
-func TestSetOptionsCustomEndpointUrl_AwsSqs(t *testing.T) {
+func TestGetConfigOptionsCustomEndpointUrl_AwsSqs(t *testing.T) {
 	// Will be overridden
 	os.Setenv("AWS_DEFAULT_REGION", "us-east-2")
 
@@ -189,7 +185,7 @@ func TestSetOptionsCustomEndpointUrl_AwsSqs(t *testing.T) {
 		EndpointUrl: finalEndpoint,
 	})
 
-	options := SetOptions(s)
+	options := GetConfigOptions(s)
 	cfg, err := config.LoadDefaultConfig(context.TODO(), options...)
 	assert.NoError(t, err)
 
@@ -199,27 +195,10 @@ func TestSetOptionsCustomEndpointUrl_AwsSqs(t *testing.T) {
 	assert.Equal(t, finalSecret, creds.SecretAccessKey)
 	assert.Equal(t, finalRegion, cfg.Region)
 }
-func TestSetOptionsCustomResolverFunc(t *testing.T) {
 
-	finalKey, finalSecret, finalRegion, finalEndpoint := "key", "secret", "us-east-1", "localhost"
-
-	s := NewTypedAwsSqsService(AwsSqsOptions{
-		Region: finalRegion,
-		AwsAccess: AwsAccess{
-			Key:    finalKey,
-			Secret: finalSecret,
-		},
-		EndpointUrl: finalEndpoint,
-	})
-
-	customResolver := s.getCustomResolver(finalRegion)
-	endpoint, err := customResolver(sqs.ServiceID, finalRegion)
-	assert.NoError(t, err)
-	assert.Equal(t, finalEndpoint, endpoint.URL)
-
-}
-
-func TestSetOptionsCustomResolverFuncReturnErr(t *testing.T) {
+func TestGetClientOptionsCustomEndpointUrl_AwsSqs(t *testing.T) {
+	// Will be overridden
+	os.Setenv("AWS_DEFAULT_REGION", "us-east-2")
 
 	finalKey, finalSecret, finalRegion, finalEndpoint := "key", "secret", "us-east-1", "localhost"
 
@@ -232,16 +211,13 @@ func TestSetOptionsCustomResolverFuncReturnErr(t *testing.T) {
 		EndpointUrl: finalEndpoint,
 	})
 
-	customResolver := s.getCustomResolver(finalRegion)
-	_, err := customResolver("NotSQS", finalRegion)
-	assert.Error(t, err)
-	//assert that err is of type aws.EndpointNotFoundError
-	assert.IsType(t, &aws.EndpointNotFoundError{}, err)
-
+	options := GetClientOptions(s)
+	assert.Equal(t, 2, len(options))
 }
 
 // Helpers
-var SetOptions = (*awsSqsService).setOptions
+var GetConfigOptions = (*awsSqsService).getConfigOptions
+var GetClientOptions = (*awsSqsService).getClientOptions
 var SendMessageInput = (*awsSqsService).sendMessageInput
 
 var NewTypedAwsSqsService = func(opts AwsSqsOptions) *awsSqsService {
