migrate AWS Redshift services to AWS SDK v2

gravitational · Dec 27, 2024 · 8c0f012 · 8c0f012
1 parent 2bd71db
commit 8c0f012
Show file tree

Hide file tree

Showing 34 changed files with 823 additions and 451 deletions.
diff --git a/integrations/event-handler/go.mod b/integrations/event-handler/go.mod
@@ -87,6 +87,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/kms v1.37.7 // indirect
 	github.com/aws/aws-sdk-go-v2/service/organizations v1.36.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/rds v1.92.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/redshift v1.53.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssm v1.56.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 // indirect

diff --git a/integrations/event-handler/go.sum b/integrations/event-handler/go.sum
@@ -777,6 +777,8 @@ github.com/aws/aws-sdk-go-v2/service/organizations v1.36.0 h1:CVHfN8ZVvWzDkAf/Qj
 github.com/aws/aws-sdk-go-v2/service/organizations v1.36.0/go.mod h1:SVY+doFrL3KTvVMWzFLKvD7KYQ6GQfwNRPSQS7eA3cA=
 github.com/aws/aws-sdk-go-v2/service/rds v1.92.0 h1:W0gUYAjO24u/M6tpR041wMHJWGzleOhxtCnNLImdrZs=
 github.com/aws/aws-sdk-go-v2/service/rds v1.92.0/go.mod h1:ADD2uROOoEIXjbjDPEvDDZWnGmfKFYMddgKwG5RlBGw=
+github.com/aws/aws-sdk-go-v2/service/redshift v1.53.0 h1:4/hmROBioc89sKlMVjHgOaH92zAkrAAMZR3BIvYwyD0=
+github.com/aws/aws-sdk-go-v2/service/redshift v1.53.0/go.mod h1:UydVhUJOB/DaCJWiaBkPlvuzvWVcUlgbS2Bxn33bcKI=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0 h1:nyuzXooUNJexRT0Oy0UQY6AhOzxPxhtt4DcBIHyCnmw=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0/go.mod h1:sT/iQz8JK3u/5gZkT+Hmr7GzVZehUMkRZpOaAwYXeGY=
 github.com/aws/aws-sdk-go-v2/service/ssm v1.56.1 h1:cfVjoEwOMOJOI6VoRQua0nI0KjZV9EAnR8bKaMeSppE=

diff --git a/integrations/terraform/go.mod b/integrations/terraform/go.mod
@@ -100,6 +100,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/kms v1.37.7 // indirect
 	github.com/aws/aws-sdk-go-v2/service/organizations v1.36.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/rds v1.92.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/redshift v1.53.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssm v1.56.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 // indirect

diff --git a/integrations/terraform/go.sum b/integrations/terraform/go.sum
@@ -846,6 +846,8 @@ github.com/aws/aws-sdk-go-v2/service/organizations v1.36.0 h1:CVHfN8ZVvWzDkAf/Qj
 github.com/aws/aws-sdk-go-v2/service/organizations v1.36.0/go.mod h1:SVY+doFrL3KTvVMWzFLKvD7KYQ6GQfwNRPSQS7eA3cA=
 github.com/aws/aws-sdk-go-v2/service/rds v1.92.0 h1:W0gUYAjO24u/M6tpR041wMHJWGzleOhxtCnNLImdrZs=
 github.com/aws/aws-sdk-go-v2/service/rds v1.92.0/go.mod h1:ADD2uROOoEIXjbjDPEvDDZWnGmfKFYMddgKwG5RlBGw=
+github.com/aws/aws-sdk-go-v2/service/redshift v1.53.0 h1:4/hmROBioc89sKlMVjHgOaH92zAkrAAMZR3BIvYwyD0=
+github.com/aws/aws-sdk-go-v2/service/redshift v1.53.0/go.mod h1:UydVhUJOB/DaCJWiaBkPlvuzvWVcUlgbS2Bxn33bcKI=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0 h1:nyuzXooUNJexRT0Oy0UQY6AhOzxPxhtt4DcBIHyCnmw=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0/go.mod h1:sT/iQz8JK3u/5gZkT+Hmr7GzVZehUMkRZpOaAwYXeGY=
 github.com/aws/aws-sdk-go-v2/service/sns v1.33.7 h1:N3o8mXK6/MP24BtD9sb51omEO9J9cgPM3Ughc293dZc=

diff --git a/lib/cloud/aws/aws.go b/lib/cloud/aws/aws.go
@@ -22,12 +22,12 @@ import (
 	"slices"
 	"strings"
 
+	redshifttypes "github.com/aws/aws-sdk-go-v2/service/redshift/types"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/elasticache"
 	"github.com/aws/aws-sdk-go/service/memorydb"
 	"github.com/aws/aws-sdk-go/service/opensearchservice"
 	"github.com/aws/aws-sdk-go/service/rds"
-	"github.com/aws/aws-sdk-go/service/redshift"
 	"github.com/coreos/go-semver/semver"
 
 	"github.com/gravitational/teleport/lib/services"
@@ -244,7 +244,7 @@ func IsDBClusterAvailable(clusterStatus, clusterIndetifier *string) bool {
 }
 
 // IsRedshiftClusterAvailable checks if the Redshift cluster is available.
-func IsRedshiftClusterAvailable(cluster *redshift.Cluster) bool {
+func IsRedshiftClusterAvailable(cluster *redshifttypes.Cluster) bool {
 	// For a full list of status values, see:
 	// https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html#rs-mgmt-cluster-status
 	//

diff --git a/lib/cloud/aws/errors.go b/lib/cloud/aws/errors.go
@@ -31,14 +31,23 @@ import (
 	"github.com/gravitational/trace"
 )
 
-// ConvertRequestFailureError converts `error` into AWS RequestFailure errors
-// to trace errors. If the provided error is not an `RequestFailure` it returns
-// the error without modifying it.
+// ConvertRequestFailureError converts `err` into AWS errors to trace errors.
+// If the provided error is not a [awserr.RequestFailure] it delegates
+// error conversion to [ConvertRequestFailureErrorV2] for SDK v2 compatibility.
+// Prefer using [ConvertRequestFailureErrorV2] directly for AWS SDK v2 client
+// errors.
 func ConvertRequestFailureError(err error) error {
 	var requestErr awserr.RequestFailure
 	if errors.As(err, &requestErr) {
 		return convertRequestFailureErrorFromStatusCode(requestErr.StatusCode(), requestErr)
 	}
+	return ConvertRequestFailureErrorV2(err)
+}
+
+// ConvertRequestFailureErrorV2 converts AWS SDK v2 errors to trace errors.
+// If the provided error is not a [awshttp.ResponseError] it returns the error
+// without modifying it.
+func ConvertRequestFailureErrorV2(err error) error {
 	var re *awshttp.ResponseError
 	if errors.As(err, &re) {
 		return convertRequestFailureErrorFromStatusCode(re.HTTPStatusCode(), re.Err)

diff --git a/lib/cloud/aws/tags_helpers.go b/lib/cloud/aws/tags_helpers.go
@@ -25,13 +25,13 @@ import (
 
 	ec2TypesV2 "github.com/aws/aws-sdk-go-v2/service/ec2/types"
 	rdsTypesV2 "github.com/aws/aws-sdk-go-v2/service/rds/types"
+	redshifttypes "github.com/aws/aws-sdk-go-v2/service/redshift/types"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/aws/aws-sdk-go/service/elasticache"
 	"github.com/aws/aws-sdk-go/service/memorydb"
 	"github.com/aws/aws-sdk-go/service/opensearchservice"
 	"github.com/aws/aws-sdk-go/service/rds"
-	"github.com/aws/aws-sdk-go/service/redshift"
 	"github.com/aws/aws-sdk-go/service/redshiftserverless"
 	"github.com/aws/aws-sdk-go/service/secretsmanager"
 	"golang.org/x/exp/maps"
@@ -45,9 +45,9 @@ type ResourceTag interface {
 	//  here and use a type switch for now.
 	rdsTypesV2.Tag |
 		ec2TypesV2.Tag |
+		redshifttypes.Tag |
 		*ec2.Tag |
 		*rds.Tag |
-		*redshift.Tag |
 		*elasticache.Tag |
 		*memorydb.Tag |
 		*redshiftserverless.Tag |
@@ -80,8 +80,6 @@ func resourceTagToKeyValue[Tag ResourceTag](tag Tag) (string, string) {
 		return aws.StringValue(v.Key), aws.StringValue(v.Value)
 	case *ec2.Tag:
 		return aws.StringValue(v.Key), aws.StringValue(v.Value)
-	case *redshift.Tag:
-		return aws.StringValue(v.Key), aws.StringValue(v.Value)
 	case *elasticache.Tag:
 		return aws.StringValue(v.Key), aws.StringValue(v.Value)
 	case *memorydb.Tag:
@@ -92,6 +90,8 @@ func resourceTagToKeyValue[Tag ResourceTag](tag Tag) (string, string) {
 		return aws.StringValue(v.Key), aws.StringValue(v.Value)
 	case ec2TypesV2.Tag:
 		return aws.StringValue(v.Key), aws.StringValue(v.Value)
+	case redshifttypes.Tag:
+		return aws.StringValue(v.Key), aws.StringValue(v.Value)
 	case *opensearchservice.Tag:
 		return aws.StringValue(v.Key), aws.StringValue(v.Value)
 	case *secretsmanager.Tag:

diff --git a/lib/cloud/awstesthelpers/tags.go b/lib/cloud/awstesthelpers/tags.go
@@ -0,0 +1,45 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package awstesthelpers
+
+import (
+	"maps"
+	"slices"
+
+	redshifttypes "github.com/aws/aws-sdk-go-v2/service/redshift/types"
+)
+
+// LabelsToRedshiftTags converts labels into [redshifttypes.Tag] list.
+func LabelsToRedshiftTags(labels map[string]string) []redshifttypes.Tag {
+	keys := slices.Collect(maps.Keys(labels))
+	slices.Sort(keys)
+
+	ret := make([]redshifttypes.Tag, 0, len(keys))
+	for _, key := range keys {
+		key := key
+		value := labels[key]
+
+		ret = append(ret, redshifttypes.Tag{
+			Key:   &key,
+			Value: &value,
+		})
+	}
+
+	return ret
+}
diff --git a/lib/cloud/clients.go b/lib/cloud/clients.go
@@ -53,8 +53,6 @@ import (
 	"github.com/aws/aws-sdk-go/service/opensearchservice/opensearchserviceiface"
 	"github.com/aws/aws-sdk-go/service/rds"
 	"github.com/aws/aws-sdk-go/service/rds/rdsiface"
-	"github.com/aws/aws-sdk-go/service/redshift"
-	"github.com/aws/aws-sdk-go/service/redshift/redshiftiface"
 	"github.com/aws/aws-sdk-go/service/redshiftserverless"
 	"github.com/aws/aws-sdk-go/service/redshiftserverless/redshiftserverlessiface"
 	"github.com/aws/aws-sdk-go/service/s3"
@@ -115,8 +113,6 @@ type AWSClients interface {
 	GetAWSSession(ctx context.Context, region string, opts ...AWSOptionsFn) (*awssession.Session, error)
 	// GetAWSRDSClient returns AWS RDS client for the specified region.
 	GetAWSRDSClient(ctx context.Context, region string, opts ...AWSOptionsFn) (rdsiface.RDSAPI, error)
-	// GetAWSRedshiftClient returns AWS Redshift client for the specified region.
-	GetAWSRedshiftClient(ctx context.Context, region string, opts ...AWSOptionsFn) (redshiftiface.RedshiftAPI, error)
 	// GetAWSRedshiftServerlessClient returns AWS Redshift Serverless client for the specified region.
 	GetAWSRedshiftServerlessClient(ctx context.Context, region string, opts ...AWSOptionsFn) (redshiftserverlessiface.RedshiftServerlessAPI, error)
 	// GetAWSElastiCacheClient returns AWS ElastiCache client for the specified region.
@@ -517,15 +513,6 @@ func (c *cloudClients) GetAWSRDSClient(ctx context.Context, region string, opts
 	return rds.New(session), nil
 }
 
-// GetAWSRedshiftClient returns AWS Redshift client for the specified region.
-func (c *cloudClients) GetAWSRedshiftClient(ctx context.Context, region string, opts ...AWSOptionsFn) (redshiftiface.RedshiftAPI, error) {
-	session, err := c.GetAWSSession(ctx, region, opts...)
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-	return redshift.New(session), nil
-}
-
 // GetAWSRedshiftServerlessClient returns AWS Redshift Serverless client for the specified region.
 func (c *cloudClients) GetAWSRedshiftServerlessClient(ctx context.Context, region string, opts ...AWSOptionsFn) (redshiftserverlessiface.RedshiftServerlessAPI, error) {
 	session, err := c.GetAWSSession(ctx, region, opts...)
@@ -1033,7 +1020,6 @@ var _ Clients = (*TestCloudClients)(nil)
 type TestCloudClients struct {
 	RDS                     rdsiface.RDSAPI
 	RDSPerRegion            map[string]rdsiface.RDSAPI
-	Redshift                redshiftiface.RedshiftAPI
 	RedshiftServerless      redshiftserverlessiface.RedshiftServerlessAPI
 	ElastiCache             elasticacheiface.ElastiCacheAPI
 	OpenSearch              opensearchserviceiface.OpenSearchServiceAPI
@@ -1115,15 +1101,6 @@ func (c *TestCloudClients) GetAWSRDSClient(ctx context.Context, region string, o
 	return c.RDS, nil
 }
 
-// GetAWSRedshiftClient returns AWS Redshift client for the specified region.
-func (c *TestCloudClients) GetAWSRedshiftClient(ctx context.Context, region string, opts ...AWSOptionsFn) (redshiftiface.RedshiftAPI, error) {
-	_, err := c.GetAWSSession(ctx, region, opts...)
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-	return c.Redshift, nil
-}
-
 // GetAWSRedshiftServerlessClient returns AWS Redshift Serverless client for the specified region.
 func (c *TestCloudClients) GetAWSRedshiftServerlessClient(ctx context.Context, region string, opts ...AWSOptionsFn) (redshiftserverlessiface.RedshiftServerlessAPI, error) {
 	_, err := c.GetAWSSession(ctx, region, opts...)

diff --git a/lib/cloud/mocks/aws_config.go b/lib/cloud/mocks/aws_config.go
@@ -0,0 +1,86 @@
+/*
+ * Teleport
+ * Copyright (C) 2023  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package mocks
+
+import (
+	"context"
+	"slices"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
+	ststypes "github.com/aws/aws-sdk-go-v2/service/sts/types"
+
+	"github.com/gravitational/teleport/lib/cloud/awsconfig"
+)
+
+type FakeAWSConfigProvider struct {
+	stscreds.AssumeRoleAPIClient
+}
+
+func (f *FakeAWSConfigProvider) GetConfig(ctx context.Context, region string, optFns ...awsconfig.OptionsFn) (aws.Config, error) {
+	if f.AssumeRoleAPIClient != nil {
+		optFns = append(optFns, awsconfig.WithAssumeRoleClientProviderFunc(func(_ aws.Config) stscreds.AssumeRoleAPIClient {
+			return f.AssumeRoleAPIClient
+		}))
+	} else {
+		stsClt := &FakeSTS{}
+		optFns = append(optFns, awsconfig.WithAssumeRoleClientProviderFunc(func(_ aws.Config) stscreds.AssumeRoleAPIClient {
+			return stsClt
+		}))
+	}
+	return awsconfig.GetConfig(ctx, region, optFns...)
+}
+
+type stsMock STSMock
+
+// FakeSTS fakes AWS SDK v2 STS API.
+// It also wraps the v1 STS mock client, so callers can use it in tests for both
+// the v1 and v2 interfaces.
+// This is useful when recording assumed roles and some services use v1
+// while others use a v2 STS client.
+// For example:
+//
+// f := &FakeSTS{}
+// a.v1STS = &f.STSMock
+// b.v2STS = f
+// ...
+// gotRoles := f.GetAssumedRoleARNs() // returns roles that were assumed with either v1 or v2 client.
+type FakeSTS struct {
+	STSMock
+}
+
+func (m *FakeSTS) AssumeRole(ctx context.Context, in *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) {
+	m.STSMock.mu.Lock()
+	defer m.STSMock.mu.Unlock()
+	if !slices.Contains(m.assumedRoleARNs, aws.ToString(in.RoleArn)) {
+		m.assumedRoleARNs = append(m.assumedRoleARNs, aws.ToString(in.RoleArn))
+		m.assumedRoleExternalIDs = append(m.assumedRoleExternalIDs, aws.ToString(in.ExternalId))
+	}
+	expiry := time.Now().Add(60 * time.Minute)
+	return &sts.AssumeRoleOutput{
+		Credentials: &ststypes.Credentials{
+			AccessKeyId:     in.RoleArn,
+			SecretAccessKey: aws.String("secret"),
+			SessionToken:    aws.String("token"),
+			Expiration:      &expiry,
+		},
+	}, nil
+}