feat(iam auth): allow iam roles anywhere auth profile

[sicoyle]

Description

The overall logic for this auth profile + it's proper rotation is completed. I just need to update to add a mock for the authprovider clients, update the rest of the existing tests, and wrap up adding new ones.

Summary: Add an auth profile for using AWS IAM Roles Anywhere. This leverages x.509 certificates to establish trust between an AWS account and a trusted certificate authority. Here, we can use the Dapr SVID very nicely.

I had to do an overhaul on the existing AWS IAM setup because now it is the case that there is the existing static IAM auth with things like accesskeys, secretkeys, etc. However, now, I'm adding temporary auth that Dapr is responsible for rotating. Default expiration time with AWS for IAM Roles Anywhere session durations is 1hour, so that is our default with a rotation when we've hit half of that time in a goroutine if that auth profile is picked up. If a user sets a session duration for timeout, then we will not rotate the credentials.

This applies to all existing AWS components.

I plan to add for Postgres + Kafka in a secondary PR since this one is already so beefy.

Issue reference

We strive to have all PR being opened based on an issue, where the problem or feature have been discussed prior to implementation.

Please reference the issue this PR will close: #[issue number]

Checklist

Please make sure you've completed the relevant tasks for this PR, out of the following list:

• Code compiles correctly
• Created/updated tests - TODO
• Extended the documentation / Created issue in the https://github.com/dapr/docs/ repo: dapr/docs#[issue number] TODO

[sicoyle]

I'm trying to inject mocked creds to make conformance tests pass for some of the aws components, but not too familiar with their setup. Clearly I need to adjust this further bc they're all failing... maybe add an IAM role on the terraform for IAM roles anywhere? or inject mock creds somewhere else? I had to do that for the unit tests for some of them... 🫠 I will come back to this tomorrow morning.

=== RUN   TestSecretStoreConformance/aws.secretsmanager.docker/get/get
    secretstores.go:84: 
        	Error Trace:	/home/runner/work/components-contrib/components-contrib/tests/conformance/secretstores/secretstores.go:84
        	Error:      	Received unexpected error:
        	            	couldn't get secret: UnrecognizedClientException: The security token included in the request is invalid.
        	            		status code: 400, request id: fbf08edb-02d5-47d2-b[60](https://github.com/dapr/components-contrib/actions/runs/11807458135/job/32894166961?pr=3591#step:24:61)a-4dcb432b6e8f
        	Test:       	TestSecretStoreConformance/aws.secretsmanager.docker/get/get
        	Messages:   	expected no error on getting secret {conftestsecret map[]}
--- FAIL: TestSecretStoreConformance/aws.secretsmanager.docker/get/get (0.06s)
--- FAIL: TestSecretStoreConformance/aws.secretsmanager.docker/get (0.06s)
=== RUN   TestSecretStoreConformance/aws.secretsmanager.docker/bulkGet
=== RUN   TestSecretStoreConformance/aws.secretsmanager.docker/bulkGet/bulkget
    secretstores.go:105: 
        	Error Trace:	/home/runner/work/components-contrib/components-contrib/tests/conformance/secretstores/secretstores.go:105
        	Error:      	Received unexpected error:
        	            	couldn't list secrets: UnrecognizedClientException: The security token included in the request is invalid.
        	            		status code: 400, request id: 4[70](https://github.com/dapr/components-contrib/actions/runs/11807458135/job/32894166961?pr=3591#step:24:71)14dae-011e-41ee-8420-d71d91fcb48d
        	Test:       	TestSecretStoreConformance/aws.secretsmanager.docker/bulkGet/bulkget
        	Messages:   	expected no error on getting secret {map[]}
--- FAIL: TestSecretStoreConformance/aws.secretsmanager.docker/bulkGet/bulkget (0.02s)
--- FAIL: TestSecretStoreConformance/aws.secretsmanager.docker/bulkGet (0.02s)
--- FAIL: TestSecretStoreConformance/aws.secretsmanager.docker (0.08s)
--- FAIL: TestSecretStoreConformance (0.08s)

[dapr-bot]

Complete Build Matrix

The build status is currently not updated here. Please visit the action run below directly.

🔗 Link to Action run

Commit ref: d8af3c0

[dapr-bot]

Components certification test

🔗 Link to Action run

Commit ref: d8af3c0

❌ Some certification tests failed

These tests failed:

• pubsub.aws.snssqs
• pubsub.gcp.pubsub
• state.azure.cosmosdb
• state.sqlserver

[dapr-bot]

Components conformance test

🔗 Link to Action run

Commit ref: d8af3c0

❌ Some conformance tests failed

These tests failed:

• bindings.azure.eventgrid
• state.postgresql.v1.azure
• state.sqlserver

[sicoyle]

/ok-to-test

[dapr-bot]

Components conformance test

🔗 Link to Action run

Commit ref: 37021c5

❌ Some conformance tests failed

These tests failed:

• bindings.azure.eventgrid
• state.sqlserver

[dapr-bot]

Components certification test

🔗 Link to Action run

Commit ref: 37021c5

❌ Some certification tests failed

These tests failed:

• bindings.azure.servicebusqueues
• pubsub.gcp.pubsub
• state.azure.cosmosdb
• state.sqlserver

[dapr-bot]

Complete Build Matrix

The build status is currently not updated here. Please visit the action run below directly.

🔗 Link to Action run

Commit ref: 37021c5

[sicoyle]

this is ready for review please. All certification/conformance tests that are failing are unrelated, and flaky / failing in other PRs.

[sicoyle]

/ok-to-test

[dapr-bot]

Complete Build Matrix

The build status is currently not updated here. Please visit the action run below directly.

🔗 Link to Action run

Commit ref: 3d4da39

[dapr-bot]

Components certification test

🔗 Link to Action run

Commit ref: 3d4da39

❌ Some certification tests failed

These tests failed:

• pubsub.aws.snssqs
• pubsub.gcp.pubsub
• pubsub.mqtt3
• state.azure.cosmosdb
• state.sqlserver

[dapr-bot]

Components conformance test

🔗 Link to Action run

Commit ref: 3d4da39

❌ Some conformance tests failed

These tests failed:

• bindings.azure.eventgrid
• state.sqlserver

[sicoyle]

/ok-to-test

[dapr-bot]

Complete Build Matrix

The build status is currently not updated here. Please visit the action run below directly.

🔗 Link to Action run

Commit ref: cde5a10

[dapr-bot]

Components certification test

🔗 Link to Action run

Commit ref: cde5a10

❌ Some certification tests failed

These tests failed:

• pubsub.gcp.pubsub
• pubsub.azure.servicebus.topics
• pubsub.mqtt3
• state.azure.cosmosdb
• state.sqlserver

[dapr-bot]

Components conformance test

🔗 Link to Action run

Commit ref: cde5a10

❌ Some conformance tests failed

These tests failed:

• bindings.azure.eventgrid