feat(backend): Add STSAdapter for validating AWS credentials

This commit introduces the module `STSAdapter` that checks the
validity of AWS credentials by performing a `get_caller_identity`
operation via AWS's Secure Token Service (STS). A successful
operation indicates that the credentials are valid.

Refs: #14

docker-compose.yml

@@ -7,7 +7,7 @@ services:
       - '4566:4566' # LocalStack API Gateway
       - '4592:4592' # AWS STS port
     environment:
-      - SERVICES=ssm,secretsmanager,sts
+      - SERVICES=ssm,secretsmanager,iam,sts
       - DEBUG=1
       - DATA_DIR=/tmp/localstack/data
       - LAMBDA_EXECUTOR=docker-reuse

src-tauri/Cargo.toml

@@ -30,6 +30,7 @@ secstr = "0.5.1"
 heck = "0.4.1"
 rust-ini = "0.20.0"
 directories = "5.0.1"
+aws-sdk-sts = "1.15.0"
 
 [features]
 # this feature is used for production builds or when `devPath` points to the filesystem and the built-in dev server is disabled.
@@ -46,6 +47,8 @@ test-context = "0.1.4"
 tokio = { version = "1.15.0", features = ["full"] }
 mockall = "0.11.4"
 serial_test = "2.0.0"
+testcontainers = "0.15.0"
+testcontainers-modules = { version = "0.3.4", features = ["localstack"]}
 
 [dev-dependencies.cargo-husky]
 version = "1"

src-tauri/src/common.rs

@@ -1 +1,2 @@
+pub mod aws;
 pub mod report;

src-tauri/src/common/aws.rs

@@ -0,0 +1,23 @@
+use aws_config::BehaviorVersion;
+
+pub fn localstack_endpoint() -> Option<String> {
+    match std::env::var("LOCALSTACK_ENDPOINT") {
+        Ok(value) => Some(value),
+        Err(_) => None,
+    }
+}
+
+pub fn shared_config_loader(profile_name: &str) -> aws_config::ConfigLoader {
+    aws_config::defaults(BehaviorVersion::latest()).credentials_provider(
+        aws_config::profile::ProfileFileCredentialsProvider::builder()
+            .profile_name(profile_name)
+            .build(),
+    )
+}
+
+pub fn sts_client(config: &aws_config::SdkConfig) -> aws_sdk_sts::Client {
+    // Copy config from aws_config::SdkConfig to aws_sdk_sts::Config
+    let sts_config_builder = aws_sdk_sts::config::Builder::from(config);
+
+    aws_sdk_sts::Client::from_conf(sts_config_builder.build())
+}

src-tauri/src/credentials.rs

@@ -0,0 +1,3 @@
+pub mod application;
+pub mod core;
+pub mod infrastructure;

src-tauri/src/credentials/application.rs

@@ -0,0 +1 @@
+

src-tauri/src/credentials/core.rs

@@ -0,0 +1,2 @@
+pub mod error;
+pub mod spi;

src-tauri/src/credentials/core/error.rs

@@ -0,0 +1,22 @@
+use std::fmt::{Display, Formatter};
+
+use error_stack::Context;
+
+#[derive(Debug, Eq, PartialEq, Clone, serde::Serialize)]
+pub enum CredentialsError {
+    InvalidCredentialsError,
+    UnexpectedError(String),
+}
+
+impl Display for CredentialsError {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        match self {
+            CredentialsError::InvalidCredentialsError => write!(f, "invalid credentials error"),
+            CredentialsError::UnexpectedError(skd_error) => {
+                write!(f, "unexpected error: {}", skd_error)
+            }
+        }
+    }
+}
+
+impl Context for CredentialsError {}

src-tauri/src/credentials/core/spi.rs

@@ -0,0 +1,12 @@
+use async_trait::async_trait;
+use error_stack::Result;
+#[cfg(test)]
+use mockall::automock;
+
+use crate::credentials::core::error::CredentialsError;
+
+#[cfg_attr(test, automock)]
+#[async_trait]
+pub trait CredentialsDataSPI: Send + Sync {
+    async fn validate_credentials(&self, profile_name: &str) -> Result<(), CredentialsError>;
+}

src-tauri/src/credentials/infrastructure.rs

@@ -0,0 +1 @@
+pub mod aws;

src-tauri/src/credentials/infrastructure/aws.rs

@@ -0,0 +1 @@
+pub mod sts;

src-tauri/src/credentials/infrastructure/aws/sts.rs

@@ -0,0 +1 @@
+pub mod sts_adapter;