read aws default creds directly via sdk

Author: shubhamvernekar

client/client.go

@@ -107,14 +107,13 @@ func (c *Client) GetSecretList(_ SecretListConfig) ([]SecretObject, error) {
 	return objs, nil
 }
 
-func getStore(ctx context.Context, cfg config.Client) (storeI, error) {
-	var store storeI
+func getStore(ctx context.Context, cfg config.Client) (clouldStore, error) {
+	var store clouldStore
 	var err error
 	switch cfg.Provider {
 	case config.AWS:
 		{
-			acfg := aws.Config{ServiceAccountFile: cfg.Cloud.ApplicationCredentials}
-			store, err = aws.NewStore(ctx, acfg)
+			store, err = aws.NewStore(ctx)
 			if err != nil {
 				return nil, err
 			}

client/cloud_service.go

@@ -10,18 +10,18 @@ import (
 
 	"github.com/rs/zerolog/log"
 	"github.com/scalescape/dolores/config"
-	cloud "github.com/scalescape/dolores/store/cld"
+	"github.com/scalescape/dolores/store/cloud"
 )
 
 var ErrInvalidPublicKeys = errors.New("invalid public keys")
 
 const metadataFile = "dolores.md"
 
 type Service struct {
-	store storeI
+	store clouldStore
 }
 
-type storeI interface {
+type clouldStore interface {
 	WriteToObject(ctx context.Context, bucketName, fileName string, data []byte) error
 	ReadObject(ctx context.Context, bucketName, fileName string) ([]byte, error)
 	ListObject(ctx context.Context, bucketName, path string) ([]cloud.Object, error)
@@ -146,6 +146,6 @@ func (s Service) ListObject(ctx context.Context, bucket, path string) ([]cloud.O
 	return resp, nil
 }
 
-func NewService(st storeI) Service {
+func NewService(st clouldStore) Service {
 	return Service{store: st}
 }

client/service_test.go

@@ -7,7 +7,7 @@ import (
 
 	"github.com/scalescape/dolores/client"
 	"github.com/scalescape/dolores/config"
-	cloud "github.com/scalescape/dolores/store/cld"
+	"github.com/scalescape/dolores/store/cloud"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 	"github.com/stretchr/testify/suite"
@@ -69,7 +69,8 @@ func (s *serviceSuite) TestShouldNotOverwriteMetadata() {
 	cfg := client.Configuration{
 		PublicKey: "public_key",
 		Metadata:  config.Metadata{Location: "secrets"},
-		UserID:    "test_user"}
+		UserID:    "test_user",
+	}
 	s.gcs.On("ExistsObject", mock.AnythingOfType("context.backgroundCtx"), s.bucket, name).Return(true, nil).Once()
 	s.gcs.On("WriteToObject", mock.AnythingOfType("context.backgroundCtx"), s.bucket, "secrets/keys/test_user.key", []byte(cfg.PublicKey)).Return(nil).Once()
 

cmd/dolores/init.go

@@ -87,25 +87,8 @@ func (c *InitCommand) getCred(res *Input) error {
 		}
 	case config.AWS:
 		{
-			credFile := os.Getenv("AWS_APPLICATION_CREDENTIALS")
-			if credFile != "" {
-				qs = append(qs, &survey.Question{
-					Name:     "creds",
-					Validate: survey.Required,
-					Prompt: &survey.Select{
-						Message: "Use AWS_APPLICATION_CREDENTIALS env as credentials file",
-						Options: []string{credFile},
-					},
-				})
-			} else {
-				qs = append(qs, &survey.Question{
-					Name: "creds",
-					Prompt: &survey.Input{
-						Message: "Enter aws service account file path",
-					},
-					Validate: survey.Required,
-				})
-			}
+			res.ApplicationCredentials = "aws_default"
+			return nil
 		}
 	}
 

go.mod

@@ -7,7 +7,6 @@ require (
 	filippo.io/age v1.1.1
 	github.com/AlecAivazis/survey/v2 v2.3.7
 	github.com/aws/aws-sdk-go-v2/config v1.23.0
-	github.com/aws/aws-sdk-go-v2/credentials v1.15.2
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.42.1
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/rs/zerolog v1.29.1
@@ -17,13 +16,14 @@ require (
 	google.golang.org/api v0.129.0
 )
 
+require github.com/aws/aws-sdk-go-v2/credentials v1.15.2 // indirect
+
 require (
 	cloud.google.com/go v0.110.0 // indirect
 	cloud.google.com/go/compute v1.19.3 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	cloud.google.com/go/iam v0.13.0 // indirect
-	github.com/aws/aws-sdk-go v1.47.9
-	github.com/aws/aws-sdk-go-v2 v1.22.2 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.22.2
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.0 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.3 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.2 // indirect

go.sum

@@ -55,8 +55,6 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/aws/aws-sdk-go v1.47.9 h1:rarTsos0mA16q+huicGx0e560aYRtOucV5z2Mw23JRY=
-github.com/aws/aws-sdk-go v1.47.9/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
 github.com/aws/aws-sdk-go-v2 v1.22.2 h1:lV0U8fnhAnPz8YcdmZVV60+tr6CakHzqA6P8T46ExJI=
 github.com/aws/aws-sdk-go-v2 v1.22.2/go.mod h1:Kd0OJtkW3Q0M0lUWGszapWjEvrXDzRW+D21JNsroB+c=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.0 h1:hHgLiIrTRtddC0AKcJr5s7i/hLgcpTt+q/FKxf1Zayk=
@@ -219,7 +217,6 @@ github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec h1:qv2VnGeEQHchGaZ/u
 github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec/go.mod h1:Q48J4R4DvxnHolD5P8pOtXigYlRuPLGl6moFx3ulM68=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
-github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=

store/aws/aws.go

@@ -3,19 +3,16 @@ package aws
 import (
 	"bytes"
 	"context"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
-	"os"
 
+	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/config"
-	"github.com/aws/aws-sdk-go-v2/credentials"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
-	"github.com/aws/aws-sdk-go/aws"
 	"github.com/rs/zerolog/log"
-	cloud "github.com/scalescape/dolores/store/cld"
+	"github.com/scalescape/dolores/store/cloud"
 )
 
 var ErrInvalidServiceAccount = errors.New("invalid service account")
@@ -25,16 +22,6 @@ type StorageClient struct {
 	region string
 }
 
-type Config struct {
-	ServiceAccountFile string
-}
-
-type ServiceAccount struct {
-	AccessKeyID     string `json:"accessKey"`
-	SecretAccessKey string `json:"secretKey"`
-	Region          string `json:"region"`
-}
-
 func (s StorageClient) bucketExists(ctx context.Context, bucketName string) (bool, error) {
 	_, err := s.client.HeadBucket(ctx, &s3.HeadBucketInput{
 		Bucket: aws.String(bucketName),
@@ -51,8 +38,10 @@ func (s StorageClient) bucketExists(ctx context.Context, bucketName string) (boo
 func (s StorageClient) CreateBucket(ctx context.Context, bucketName string) error {
 	lconst := types.BucketLocationConstraint(s.region)
 	cbCfg := &types.CreateBucketConfiguration{LocationConstraint: lconst}
-	bucket := &s3.CreateBucketInput{Bucket: aws.String(bucketName),
-		CreateBucketConfiguration: cbCfg}
+	bucket := &s3.CreateBucketInput{
+		Bucket:                    aws.String(bucketName),
+		CreateBucketConfiguration: cbCfg,
+	}
 	_, err := s.client.CreateBucket(ctx, bucket)
 	var existsErr *types.BucketAlreadyOwnedByYou = new(types.BucketAlreadyOwnedByYou)
 	if errors.As(err, &existsErr) {
@@ -114,7 +103,6 @@ func (s StorageClient) ReadObject(ctx context.Context, bucketName, fileName stri
 		Bucket: aws.String(bucketName),
 		Key:    aws.String(fileName),
 	})
-
 	if err != nil {
 		return nil, fmt.Errorf("failed to read object : %w", err)
 	}
@@ -135,28 +123,19 @@ func (s StorageClient) ExistsObject(ctx context.Context, bucketName, fileName st
 		var notFoundType *types.NoSuchKey
 		if errors.As(err, &notFoundType) {
 			return false, nil
-		} else {
-			return false, err
 		}
+		return false, err
 	}
 
 	return true, nil
 }
 
-func NewStore(ctx context.Context, acfg Config) (StorageClient, error) {
-	data, err := os.ReadFile(acfg.ServiceAccountFile)
-	if err != nil {
-		return StorageClient{}, fmt.Errorf("failed to read service account file with error %v %w", err, ErrInvalidServiceAccount)
-	}
-	sa := new(ServiceAccount)
-	if err := json.Unmarshal(data, sa); err != nil {
-		return StorageClient{}, fmt.Errorf("unable to parse service account file: %w", err)
-	}
-	cp := credentials.NewStaticCredentialsProvider(sa.AccessKeyID, sa.SecretAccessKey, "")
-	cfg, err := config.LoadDefaultConfig(ctx, config.WithRegion(sa.Region), config.WithCredentialsProvider(cp))
+func NewStore(ctx context.Context) (StorageClient, error) {
+	cfg, err := config.LoadDefaultConfig(ctx)
 	if err != nil {
 		return StorageClient{}, err
 	}
+
 	cli := s3.NewFromConfig(cfg)
-	return StorageClient{client: cli, region: sa.Region}, nil
+	return StorageClient{client: cli, region: cfg.Region}, nil
 }

store/cld/object.go store/cloud/object.go

@@ -10,7 +10,7 @@ import (
 
 	"cloud.google.com/go/storage"
 	"github.com/rs/zerolog/log"
-	cloud "github.com/scalescape/dolores/store/cld"
+	"github.com/scalescape/dolores/store/cloud"
 	"google.golang.org/api/iterator"
 	"google.golang.org/api/option"
 )