chore: migrate to aws-sdk-go-v2 (lightsail, route53) (#1973)

docs/content/dns/zz_gen_lightsail.md

@@ -95,7 +95,7 @@ Alternatively, you can also set the `Resource` to `*` (wildcard), which allow to
 ## More information
 
 
-- [Go client](https://github.com/aws/aws-sdk-go/)
+- [Go client](https://github.com/aws/aws-sdk-go-v2)
 
 <!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
 <!-- providers/dns/lightsail/lightsail.toml -->

docs/content/dns/zz_gen_route53.md

@@ -178,7 +178,7 @@ Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with
 ## More information
 
 - [API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_Operations_Amazon_Route_53.html)
-- [Go client](https://github.com/aws/aws-sdk-go/aws)
+- [Go client](https://github.com/aws/aws-sdk-go-v2)
 
 <!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
 <!-- providers/dns/route53/route53.toml -->

go.mod

@@ -3,6 +3,7 @@ module github.com/go-acme/lego/v4
 go 1.19
 
 // github.com/exoscale/egoscale v1.19.0 => It is an error, please don't use it.
+
 require (
 	cloud.google.com/go/compute/metadata v0.2.3
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
@@ -17,7 +18,12 @@ require (
 	github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755
-	github.com/aws/aws-sdk-go v1.39.0
+	github.com/aws/aws-sdk-go-v2 v1.19.0
+	github.com/aws/aws-sdk-go-v2/config v1.18.28
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.27
+	github.com/aws/aws-sdk-go-v2/service/lightsail v1.27.2
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.28.4
+	github.com/aws/aws-sdk-go-v2/service/sts v1.19.3
 	github.com/cenkalti/backoff/v4 v4.2.1
 	github.com/civo/civogo v0.3.11
 	github.com/cloudflare/cloudflare-go v0.70.0
@@ -89,6 +95,14 @@ require (
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
 	github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 // indirect
+	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect

go.sum

@@ -74,8 +74,34 @@ github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kd
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go v1.39.0 h1:74BBwkEmiqBbi2CGflEh34l0YNtIibTjZsibGarkNjo=
-github.com/aws/aws-sdk-go v1.39.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
+github.com/aws/aws-sdk-go-v2 v1.19.0 h1:klAT+y3pGFBU/qVf1uzwttpBbiuozJYWzNLHioyDJ+k=
+github.com/aws/aws-sdk-go-v2 v1.19.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
+github.com/aws/aws-sdk-go-v2/config v1.18.28 h1:TINEaKyh1Td64tqFvn09iYpKiWjmHYrG1fa91q2gnqw=
+github.com/aws/aws-sdk-go-v2/config v1.18.28/go.mod h1:nIL+4/8JdAuNHEjn/gPEXqtnS02Q3NXB/9Z7o5xE4+A=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.27 h1:dz0yr/yR1jweAnsCx+BmjerUILVPQ6FS5AwF/OyG1kA=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.27/go.mod h1:syOqAek45ZXZp29HlnRS/BNgMIW6uiRmeuQsz4Qh2UE=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 h1:kP3Me6Fy3vdi+9uHd7YLr6ewPxRL+PU6y15urfTaamU=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5/go.mod h1:Gj7tm95r+QsDoN2Fhuz/3npQvcZbkEf5mL70n3Xfluc=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35 h1:hMUCiE3Zi5AHrRNGf5j985u0WyqI6r2NULhUfo0N/No=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35/go.mod h1:ipR5PvpSPqIqL5Mi82BxLnfMkHVbmco8kUwO2xrCi0M=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29 h1:yOpYx+FTBdpk/g+sBU6Cb1H0U/TLEcYYp66mYqsPpcc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29/go.mod h1:M/eUABlDbw2uVrdAn+UsI6M727qp2fxkp8K0ejcBDUY=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 h1:8r5m1BoAWkn0TDC34lUculryf7nUF25EgIMdjvGCkgo=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36/go.mod h1:Rmw2M1hMVTwiUhjwMoIBFWFJMhvJbct06sSidxInkhY=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29 h1:IiDolu/eLmuB18DRZibj77n1hHQT7z12jnGO7Ze3pLc=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29/go.mod h1:fDbkK4o7fpPXWn8YAPmTieAMuB9mk/VgvW64uaUqxd4=
+github.com/aws/aws-sdk-go-v2/service/lightsail v1.27.2 h1:PwNeYoonBzmTdCztKiiutws3U24KrnDBuabzRfIlZY4=
+github.com/aws/aws-sdk-go-v2/service/lightsail v1.27.2/go.mod h1:gQhLZrTEath4zik5ixIe6axvgY5jJrgSBDJ360Fxnco=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.28.4 h1:p4mTxJfCAyiTT4Wp6p/mOPa6j5MqCSRGot8qZwFs+Z0=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.28.4/go.mod h1:VBLWpaHvhQNeu7N9rMEf00SWeOONb/HvaDUxe/7b44k=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 h1:sWDv7cMITPcZ21QdreULwxOOAmE05JjEsT6fCDtDA9k=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.13/go.mod h1:DfX0sWuT46KpcqbMhJ9QWtxAIP1VozkDWf8VAkByjYY=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 h1:BFubHS/xN5bjl818QaroN6mQdjneYQ+AOx44KNXlyH4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13/go.mod h1:BzqsVVFduubEmzrVtUFQQIQdFqvUItF8XUq2EnS8Wog=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.3 h1:e5mnydVdCVWxP+5rPAGi2PYxC7u2OZgH1ypC114H04U=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.3/go.mod h1:yVGZA1CPkmUhBdA039jXNJJG7/6t+G+EBWmFq23xqnY=
+github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
+github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
@@ -220,6 +246,7 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-github/v32 v32.1.0/go.mod h1:rIEpZD9CTDQwDK9GDrtMTycQNA4JU3qBsCizh3q2WCI=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=

platform/tester/env.go

@@ -51,6 +51,11 @@ func (e *EnvTest) WithLiveTestRequirements(keys ...string) *EnvTest {
 			panic(fmt.Sprintf("Unauthorized action, the env var %s is not managed or it's not the key of the domain.", key))
 		}
 
+		if e.domainKey == key {
+			countValuedVars++
+			continue
+		}
+
 		if _, ok := e.values[key]; ok {
 			countValuedVars++
 		}

platform/tester/env_test.go

@@ -148,6 +148,22 @@ func TestEnvTest(t *testing.T) {
 				assert.Equal(t, "", envTest.GetDomain())
 			},
 		},
+		{
+			desc: "WithLiveTestRequirements with domain as requirement",
+			envVars: map[string]string{
+				envVar01: "A",
+				envVar02: "B",
+			},
+			envTestSetup: func() *tester.EnvTest {
+				return tester.NewEnvTest(envVar01, envVar02).WithDomain(envVarDomain).WithLiveTestRequirements(envVar02, envVarDomain)
+			},
+			expected: func(t *testing.T, envTest *tester.EnvTest) {
+				assert.True(t, envTest.IsLiveTest())
+				assert.Equal(t, "A", envTest.GetValue(envVar01))
+				assert.Equal(t, "B", envTest.GetValue(envVar02))
+				assert.Equal(t, "", envTest.GetDomain())
+			},
+		},
 		{
 			desc: "WithLiveTestRequirements non required var missing",
 			envVars: map[string]string{

providers/dns/lightsail/lightsail.go

@@ -2,17 +2,18 @@
 package lightsail
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"math/rand"
 	"strconv"
 	"time"
 
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/client"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/lightsail"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/aws/retry"
+	awsconfig "github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/lightsail"
+	awstypes "github.com/aws/aws-sdk-go-v2/service/lightsail/types"
 	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/platform/config/env"
 )
@@ -32,27 +33,6 @@ const (
 	EnvPollingInterval    = envNamespace + "POLLING_INTERVAL"
 )
 
-// customRetryer implements the client.Retryer interface by composing the DefaultRetryer.
-// It controls the logic for retrying recoverable request errors (e.g. when rate limits are exceeded).
-type customRetryer struct {
-	client.DefaultRetryer
-}
-
-// RetryRules overwrites the DefaultRetryer's method.
-// It uses a basic exponential backoff algorithm that returns an initial
-// delay of ~400ms with an upper limit of ~30 seconds which should prevent
-// causing a high number of consecutive throttling errors.
-// For reference: Route 53 enforces an account-wide(!) 5req/s query limit.
-func (c customRetryer) RetryRules(r *request.Request) time.Duration {
-	retryCount := r.RetryCount
-	if retryCount > 7 {
-		retryCount = 7
-	}
-
-	delay := (1 << uint(retryCount)) * (rand.Intn(50) + 200)
-	return time.Duration(delay) * time.Millisecond
-}
-
 // Config is used to configure the creation of the DNSProvider.
 type Config struct {
 	DNSZone            string
@@ -71,7 +51,7 @@ func NewDefaultConfig() *Config {
 
 // DNSProvider implements the challenge.Provider interface.
 type DNSProvider struct {
-	client *lightsail.Lightsail
+	client *lightsail.Client
 	config *Config
 }
 
@@ -102,35 +82,55 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		return nil, errors.New("lightsail: the configuration of the DNS provider is nil")
 	}
 
-	retryer := customRetryer{}
-	retryer.NumMaxRetries = maxRetries
-
-	conf := aws.NewConfig().WithRegion(config.Region)
-	sess, err := session.NewSession(request.WithRetryer(conf, retryer))
+	ctx := context.Background()
+
+	cfg, err := awsconfig.LoadDefaultConfig(ctx,
+		awsconfig.WithRegion(config.Region),
+		awsconfig.WithRetryer(func() aws.Retryer {
+			return retry.NewStandard(func(options *retry.StandardOptions) {
+				options.MaxAttempts = maxRetries
+
+				// It uses a basic exponential backoff algorithm that returns an initial
+				// delay of ~400ms with an upper limit of ~30 seconds which should prevent
+				// causing a high number of consecutive throttling errors.
+				// For reference: Route 53 enforces an account-wide(!) 5req/s query limit.
+				options.Backoff = retry.BackoffDelayerFunc(func(attempt int, err error) (time.Duration, error) {
+					retryCount := attempt
+					if retryCount > 7 {
+						retryCount = 7
+					}
+
+					delay := (1 << uint(retryCount)) * (rand.Intn(50) + 200)
+					return time.Duration(delay) * time.Millisecond, nil
+				})
+			})
+		}),
+	)
 	if err != nil {
 		return nil, err
 	}
 
 	return &DNSProvider{
 		config: config,
-		client: lightsail.New(sess),
+		client: lightsail.NewFromConfig(cfg),
 	}, nil
 }
 
 // Present creates a TXT record using the specified parameters.
-func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+func (d *DNSProvider) Present(domain, _, keyAuth string) error {
+	ctx := context.Background()
 	info := dns01.GetChallengeInfo(domain, keyAuth)
 
 	params := &lightsail.CreateDomainEntryInput{
 		DomainName: aws.String(d.config.DNSZone),
-		DomainEntry: &lightsail.DomainEntry{
+		DomainEntry: &awstypes.DomainEntry{
 			Name:   aws.String(info.EffectiveFQDN),
 			Target: aws.String(strconv.Quote(info.Value)),
 			Type:   aws.String("TXT"),
 		},
 	}
 
-	_, err := d.client.CreateDomainEntry(params)
+	_, err := d.client.CreateDomainEntry(ctx, params)
 	if err != nil {
 		return fmt.Errorf("lightsail: %w", err)
 	}
@@ -139,19 +139,20 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 }
 
 // CleanUp removes the TXT record matching the specified parameters.
-func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+func (d *DNSProvider) CleanUp(domain, _, keyAuth string) error {
+	ctx := context.Background()
 	info := dns01.GetChallengeInfo(domain, keyAuth)
 
 	params := &lightsail.DeleteDomainEntryInput{
 		DomainName: aws.String(d.config.DNSZone),
-		DomainEntry: &lightsail.DomainEntry{
+		DomainEntry: &awstypes.DomainEntry{
 			Name:   aws.String(info.EffectiveFQDN),
 			Type:   aws.String("TXT"),
 			Target: aws.String(strconv.Quote(info.Value)),
 		},
 	}
 
-	_, err := d.client.DeleteDomainEntry(params)
+	_, err := d.client.DeleteDomainEntry(ctx, params)
 	if err != nil {
 		return fmt.Errorf("lightsail: %w", err)
 	}

providers/dns/lightsail/lightsail.toml

@@ -56,4 +56,4 @@ Alternatively, you can also set the `Resource` to `*` (wildcard), which allow to
     LIGHTSAIL_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
 
 [Links]
-  GoClient = "https://github.com/aws/aws-sdk-go/"
+  GoClient = "https://github.com/aws/aws-sdk-go-v2"

providers/dns/lightsail/lightsail_integration_test.go

@@ -1,11 +1,12 @@
 package lightsail
 
 import (
+	"context"
 	"testing"
 
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/lightsail"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	awsconfig "github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/lightsail"
 	"github.com/stretchr/testify/require"
 )
 
@@ -24,13 +25,15 @@ func TestLiveTTL(t *testing.T) {
 	err = provider.Present(domain, "foo", "bar")
 	require.NoError(t, err)
 
-	// we need a separate Lightsail client here as the one in the DNS provider is
-	// unexported.
+	// we need a separate Lightsail client here as the one in the DNS provider is unexported.
 	fqdn := "_acme-challenge." + domain
-	sess, err := session.NewSession()
+
+	ctx := context.Background()
+
+	cfg, err := awsconfig.LoadDefaultConfig(ctx)
 	require.NoError(t, err)
 
-	svc := lightsail.New(sess)
+	svc := lightsail.NewFromConfig(cfg)
 	require.NoError(t, err)
 
 	defer func() {
@@ -44,15 +47,24 @@ func TestLiveTTL(t *testing.T) {
 		DomainName: aws.String(domain),
 	}
 
-	resp, err := svc.GetDomain(params)
+	resp, err := svc.GetDomain(ctx, params)
 	require.NoError(t, err)
 
 	entries := resp.Domain.DomainEntries
 	for _, entry := range entries {
-		if aws.StringValue(entry.Type) == "TXT" && aws.StringValue(entry.Name) == fqdn {
+		if deref(entry.Type) == "TXT" && deref(entry.Name) == fqdn {
 			return
 		}
 	}
 
 	t.Fatalf("Could not find a TXT record for _acme-challenge.%s", domain)
 }
+
+func deref[T string | int | int32 | int64 | bool](v *T) T {
+	if v == nil {
+		var zero T
+		return zero
+	}
+
+	return *v
+}