Merge pull request #48 from stackql/feature/upgrade-to-aws-sdk-go-v2

general-kroll-4-life · web-flow · commit faca0c13abc8 · 2025-08-24T15:37:49.000+10:00
aws-sdk-v2
diff --git a/anysdk/loader.go b/anysdk/loader.go
@@ -885,8 +885,8 @@ func resolveSQLVerbFromResource(rsc Resource, component *OpenAPIOperationStoreRe
 	}
 	rv := resolved
 	rv.setSQLVerb(sqlVerb)
-	jsonpointer.SetForToken(rsc, component.Ref, *rv)
-	return rv, nil
+	_, err = jsonpointer.SetForToken(rsc, component.Ref, *rv)
+	return rv, err
 }
 
 func (l *standardLoader) latePassResolveInverse(svc Service, component *OpenAPIOperationStoreRef) error {
diff --git a/go.mod b/go.mod
@@ -9,7 +9,8 @@ require (
 	github.com/PaesslerAG/gval v1.0.0
 	github.com/PaesslerAG/jsonpath v0.1.1
 	github.com/antchfx/xmlquery v1.3.10
-	github.com/aws/aws-sdk-go v1.55.6
+	github.com/aws/aws-sdk-go-v2 v1.26.1
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.11
 	github.com/clbanning/mxj/v2 v2.7.0
 	github.com/getkin/kin-openapi v0.88.0
 	github.com/ghodss/yaml v1.0.0
@@ -45,10 +46,8 @@ require (
 	github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c // indirect
 	github.com/antchfx/xpath v1.2.0 // indirect
 	github.com/apache/arrow-go/v18 v18.0.0 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.27.11 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.16.15 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect
diff --git a/go.sum b/go.sum
@@ -88,8 +88,6 @@ github.com/apache/arrow-go/v18 v18.0.0 h1:1dBDaSbH3LtulTyOVYaBCHO3yVRwjV+TZaqn3g
 github.com/apache/arrow-go/v18 v18.0.0/go.mod h1:t6+cWRSmKgdQ6HsxisQjok+jBpKGhRDiqcf3p0p/F+A=
 github.com/apache/thrift v0.21.0 h1:tdPmh/ptjE1IJnhbhrcl2++TauVjy242rkV/UzJChnE=
 github.com/apache/thrift v0.21.0/go.mod h1:W1H8aR/QRtYNvrPeFXBtobyRkd0/YVhTc6i07XIAgDw=
-github.com/aws/aws-sdk-go v1.55.6 h1:cSg4pvZ3m8dgYcgqB97MrcdjUmZ1BeMYKUxMMB89IPk=
-github.com/aws/aws-sdk-go v1.55.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
 github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA=
 github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 h1:x6xsQXGSmW6frevwDA+vi/wqhp1ct18mVXYN08/93to=
diff --git a/pkg/awssign/aws_sign.go b/pkg/awssign/aws_sign.go
@@ -2,52 +2,57 @@ package awssign
 
 import (
 	"bytes"
+	"context"
+	"crypto/sha256"
+	"encoding/base64"
 	"fmt"
 	"io"
 	"net/http"
 	"os"
 	"time"
 
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	v4 "github.com/aws/aws-sdk-go/aws/signer/v4"
-	"github.com/stackql/any-sdk/pkg/logging"
+	v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	"github.com/aws/aws-sdk-go-v2/credentials"
 )
 
 var (
-	_ Transport = &standardAwsSignTransport{}
+	_                Transport = &standardAwsSignTransport{}
+	emptyPayloadHash string    = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
 )
 
 type Transport interface {
 	RoundTrip(req *http.Request) (*http.Response, error)
 }
 
 type standardAwsSignTransport struct {
-	underlyingTransport http.RoundTripper
-	signer              *v4.Signer
+	underlyingTransport       http.RoundTripper
+	signer                    *v4.Signer
+	staticCredentialsProvider credentials.StaticCredentialsProvider
 }
 
 func NewAwsSignTransport(
 	underlyingTransport http.RoundTripper,
 	id, secret, token string,
-	options ...func(*v4.Signer),
+	options ...func(*v4.SignerOptions),
 ) (Transport, error) {
-	var creds *credentials.Credentials
+	var creds credentials.StaticCredentialsProvider
 
 	if token == "" {
-		creds = credentials.NewStaticCredentials(id, secret, token)
+		creds = credentials.NewStaticCredentialsProvider(id, secret, token)
 	} else {
 		defaultAccessKeyID := os.Getenv("AWS_ACCESS_KEY_ID")
 		defaultSecretAccessKey := os.Getenv("AWS_SECRET_ACCESS_KEY")
 		if defaultAccessKeyID == "" || defaultSecretAccessKey == "" {
 			return nil, fmt.Errorf("AWS_SESSION_TOKEN is set, but AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY must also be set")
 		}
-		creds = credentials.NewEnvCredentials()
+		creds = credentials.NewStaticCredentialsProvider(defaultAccessKeyID, defaultSecretAccessKey, token)
 	}
 
-	signer := v4.NewSigner(creds, options...)
+	signer := v4.NewSigner(options...)
 	return &standardAwsSignTransport{
-		underlyingTransport: underlyingTransport,
-		signer:              signer,
+		underlyingTransport:       underlyingTransport,
+		signer:                    signer,
+		staticCredentialsProvider: creds,
 	}, nil
 }
 
@@ -68,23 +73,34 @@ func (t *standardAwsSignTransport) RoundTrip(req *http.Request) (*http.Response,
 	if !ok {
 		return nil, fmt.Errorf("unsupported type for AWS region: '%T'", rgn)
 	}
-	var rs io.ReadSeeker
+	creds, credsErr := t.staticCredentialsProvider.Retrieve(context.TODO())
+	if credsErr != nil {
+		return nil, credsErr
+	}
+
+	var payloadHash string
 	if req.Body != nil {
 		body, err := io.ReadAll(req.Body)
 		if err != nil {
 			return nil, err
 		}
-		rs = bytes.NewReader(body)
-		req.Body = nil
+		hashBytes := sha256.Sum256(body)
+		// Base64 encode the hash
+		payloadHash = base64.StdEncoding.EncodeToString(hashBytes[:])
+		rs := io.NopCloser(bytes.NewReader(body))
+		req.Body = rs
+	} else {
+		payloadHash = emptyPayloadHash
 	}
-	header, err := t.signer.Sign(
+	err := t.signer.SignHTTP(
+		context.TODO(),
+		creds,
 		req,
-		rs,
+		payloadHash,
 		svcStr,
 		rgnStr,
 		time.Now(),
 	)
-	logging.GetLogger().Infof("header = %v\n", header)
 	if err != nil {
 		return nil, err
 	}

Original file line number	Diff line number	Diff line change
`@@ -885,8 +885,8 @@ func resolveSQLVerbFromResource(rsc Resource, component *OpenAPIOperationStoreRe`
`885`	`885`	`}`
`886`	`886`	`rv := resolved`
`887`	`887`	`rv.setSQLVerb(sqlVerb)`
`888`		`- jsonpointer.SetForToken(rsc, component.Ref, *rv)`
`889`		`- return rv, nil`
	`888`	`+ _, err = jsonpointer.SetForToken(rsc, component.Ref, *rv)`
	`889`	`+ return rv, err`
`890`	`890`	`}`
`891`	`891`
`892`	`892`	`func (l standardLoader) latePassResolveInverse(svc Service, component OpenAPIOperationStoreRef) error {`
-Original file line number
+Diff line change
 	github.com/PaesslerAG/gval v1.0.0
 	github.com/PaesslerAG/jsonpath v0.1.1
 	github.com/antchfx/xmlquery v1.3.10
 -	github.com/aws/aws-sdk-go v1.55.6
 +	github.com/aws/aws-sdk-go-v2 v1.26.1
 +	github.com/aws/aws-sdk-go-v2/credentials v1.17.11
 	github.com/clbanning/mxj/v2 v2.7.0
 	github.com/getkin/kin-openapi v0.88.0
 	github.com/ghodss/yaml v1.0.0
 	github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c // indirect
 	github.com/antchfx/xpath v1.2.0 // indirect
 	github.com/apache/arrow-go/v18 v18.0.0 // indirect
 -	github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.27.11 // indirect
 -	github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.16.15 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect