fix: address final feedback

Signed-off-by: Samantha Coyle <[email protected]>

.build-tools/builtin-authentication-profiles.yaml

@@ -47,15 +47,7 @@ aws:
           ARN of the AWS IAM role to assume in the trusting AWS account.
         example: arn:aws:iam:012345678910:role/exampleIAMRoleName
         required: true
-      - name: sessionDuration
-        type: duration
-        description: |
-          Duration of the session using AWS IAM Roles Anywhere. 
-          If set to 0m, temporary credentials will be created and automatically rotated.
-        default: '1h'
-        example: '0m'
-        required: false
-
+
 azuread:
   - title: "Azure AD: Managed identity"
     description: Authenticate using Azure AD and a managed identity.

common/authentication/aws/aws_test.go

@@ -1,3 +1,16 @@
+/*
+Copyright 2024 The Dapr Authors
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package aws
 
 import (

common/authentication/aws/client_test.go

@@ -1,3 +1,16 @@
+/*
+Copyright 2024 The Dapr Authors
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package aws
 
 import (

common/authentication/aws/static.go

@@ -31,28 +31,28 @@ import (
 
 type StaticAuth struct {
 	mu     sync.RWMutex
-	Logger logger.Logger
+	logger logger.Logger
 
-	Region       string
-	Endpoint     *string
-	AccessKey    *string
-	SecretKey    *string
-	SessionToken *string
+	region       *string
+	endpoint     *string
+	accessKey    *string
+	secretKey    *string
+	sessionToken *string
 
-	Clients *Clients
-	Session *session.Session
-	Cfg     *aws.Config
+	session *session.Session
+	cfg     *aws.Config
+	Clients *Clients // exported to mock clients in unit tests
 }
 
 func newStaticIAM(_ context.Context, opts Options, cfg *aws.Config) (*StaticAuth, error) {
 	auth := &StaticAuth{
-		Logger:       opts.Logger,
-		Region:       opts.Region,
-		Endpoint:     &opts.Endpoint,
-		AccessKey:    &opts.AccessKey,
-		SecretKey:    &opts.SecretKey,
-		SessionToken: &opts.SessionToken,
-		Cfg: func() *aws.Config {
+		logger:       opts.Logger,
+		region:       &opts.Region,
+		endpoint:     &opts.Endpoint,
+		accessKey:    &opts.AccessKey,
+		secretKey:    &opts.SecretKey,
+		sessionToken: &opts.SessionToken,
+		cfg: func() *aws.Config {
 			// if nil is passed or it's just a default cfg,
 			// then we use the options to build the aws cfg.
 			if cfg != nil && cfg != aws.NewConfig() {
@@ -68,7 +68,7 @@ func newStaticIAM(_ context.Context, opts Options, cfg *aws.Config) (*StaticAuth
 		return nil, fmt.Errorf("failed to get token client: %v", err)
 	}
 
-	auth.Session = initialSession
+	auth.session = initialSession
 
 	return auth, nil
 }
@@ -83,7 +83,7 @@ func (a *StaticAuth) S3() *S3Clients {
 
 	s3Clients := S3Clients{}
 	a.Clients.s3 = &s3Clients
-	a.Clients.s3.New(a.Session)
+	a.Clients.s3.New(a.session)
 	return a.Clients.s3
 }
 
@@ -97,7 +97,7 @@ func (a *StaticAuth) DynamoDB() *DynamoDBClients {
 
 	clients := DynamoDBClients{}
 	a.Clients.Dynamo = &clients
-	a.Clients.Dynamo.New(a.Session)
+	a.Clients.Dynamo.New(a.session)
 
 	return a.Clients.Dynamo
 }
@@ -112,7 +112,7 @@ func (a *StaticAuth) Sqs() *SqsClients {
 
 	clients := SqsClients{}
 	a.Clients.sqs = &clients
-	a.Clients.sqs.New(a.Session)
+	a.Clients.sqs.New(a.session)
 
 	return a.Clients.sqs
 }
@@ -127,7 +127,7 @@ func (a *StaticAuth) Sns() *SnsClients {
 
 	clients := SnsClients{}
 	a.Clients.sns = &clients
-	a.Clients.sns.New(a.Session)
+	a.Clients.sns.New(a.session)
 	return a.Clients.sns
 }
 
@@ -141,7 +141,7 @@ func (a *StaticAuth) SnsSqs() *SnsSqsClients {
 
 	clients := SnsSqsClients{}
 	a.Clients.snssqs = &clients
-	a.Clients.snssqs.New(a.Session)
+	a.Clients.snssqs.New(a.session)
 	return a.Clients.snssqs
 }
 
@@ -155,7 +155,7 @@ func (a *StaticAuth) SecretManager() *SecretManagerClients {
 
 	clients := SecretManagerClients{}
 	a.Clients.Secret = &clients
-	a.Clients.Secret.New(a.Session)
+	a.Clients.Secret.New(a.session)
 	return a.Clients.Secret
 }
 
@@ -169,7 +169,7 @@ func (a *StaticAuth) ParameterStore() *ParameterStoreClients {
 
 	clients := ParameterStoreClients{}
 	a.Clients.ParameterStore = &clients
-	a.Clients.ParameterStore.New(a.Session)
+	a.Clients.ParameterStore.New(a.session)
 	return a.Clients.ParameterStore
 }
 
@@ -183,7 +183,7 @@ func (a *StaticAuth) Kinesis() *KinesisClients {
 
 	clients := KinesisClients{}
 	a.Clients.kinesis = &clients
-	a.Clients.kinesis.New(a.Session)
+	a.Clients.kinesis.New(a.session)
 	return a.Clients.kinesis
 }
 
@@ -197,29 +197,29 @@ func (a *StaticAuth) Ses() *SesClients {
 
 	clients := SesClients{}
 	a.Clients.ses = &clients
-	a.Clients.ses.New(a.Session)
+	a.Clients.ses.New(a.session)
 	return a.Clients.ses
 }
 
 func (a *StaticAuth) getTokenClient() (*session.Session, error) {
 	var awsConfig *aws.Config
-	if a.Cfg == nil {
+	if a.cfg == nil {
 		awsConfig = aws.NewConfig()
 	} else {
-		awsConfig = a.Cfg
+		awsConfig = a.cfg
 	}
 
-	if a.Region != "" {
-		awsConfig = awsConfig.WithRegion(a.Region)
+	if a.region != nil {
+		awsConfig = awsConfig.WithRegion(*a.region)
 	}
 
-	if a.AccessKey != nil && a.SecretKey != nil {
+	if a.accessKey != nil && a.secretKey != nil {
 		// session token is an option field
-		awsConfig = awsConfig.WithCredentials(credentials.NewStaticCredentials(*a.AccessKey, *a.SecretKey, *a.SessionToken))
+		awsConfig = awsConfig.WithCredentials(credentials.NewStaticCredentials(*a.accessKey, *a.secretKey, *a.sessionToken))
 	}
 
-	if a.Endpoint != nil {
-		awsConfig = awsConfig.WithEndpoint(*a.Endpoint)
+	if a.endpoint != nil {
+		awsConfig = awsConfig.WithEndpoint(*a.endpoint)
 	}
 
 	awsSession, err := session.NewSessionWithOptions(session.Options{

common/authentication/aws/static_test.go

@@ -3,7 +3,6 @@ package aws
 import (
 	"testing"
 
-	"github.com/aws/aws-sdk-go/aws"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -46,11 +45,11 @@ func TestGetTokenClient(t *testing.T) {
 		{
 			name: "valid token client",
 			awsInstance: &StaticAuth{
-				AccessKey:    aws.String("testAccessKey"),
-				SecretKey:    aws.String("testSecretKey"),
-				SessionToken: aws.String("testSessionToken"),
-				Region:       "us-west-2",
-				Endpoint:     aws.String("https://test.endpoint.com"),
+				accessKey:    "testAccessKey",
+				secretKey:    "testSecretKey",
+				sessionToken: "testSessionToken",
+				region:       "us-west-2",
+				endpoint:     "https://test.endpoint.com",
 			},
 		},
 	}
@@ -60,7 +59,7 @@ func TestGetTokenClient(t *testing.T) {
 			session, err := tt.awsInstance.getTokenClient()
 			require.NotNil(t, session)
 			require.NoError(t, err)
-			assert.Equal(t, tt.awsInstance.Region, *session.Config.Region)
+			assert.Equal(t, tt.awsInstance.region, *session.Config.Region)
 		})
 	}
 }