Merge pull request #28 from realestate-com-au/pr/27

Update to AWS SDK v2

.gitignore

@@ -1,3 +1,4 @@
 shush
 shush_*
 target
+vendor

Dockerfile

@@ -1,10 +1,10 @@
-FROM golang:1.13-alpine@sha256:7d45a6fc9cde63c3bf41651736996fe94a8347e726fe581926fd8c26e244e3b2 as build
+FROM golang:1.16-alpine@sha256:3411aef9ae9cb0fe3534fe2a4d1a9745d952d9a5ed1e20a11ff10549731156e8 as build
 
 WORKDIR /go/src/github.com/realestate-com-au/shush
 COPY . /go/src/github.com/realestate-com-au/shush
-RUN go install
+RUN go mod vendor && go install
 
-FROM alpine:3.11@sha256:b276d875eeed9c7d3f1cfa7edb06b22ed22b14219a7d67c52c56612330348239
+FROM alpine:3.13@sha256:a75afd8b57e7f34e4dad8d65e2c7ba2e1975c795ce1ee22fa34f8cf46f96a3be
 
 RUN mkdir -p /go/bin
 

Dockerfile.xcompile

@@ -1,4 +1,4 @@
-FROM golang:1.13@sha256:652c8f8ec2153ce500c7c8e984afd3115c1c58d3a0445643858930439d7664e1
+FROM golang:1.16@sha256:3c4d8b77baf3e12b4a1f08a99bf248f8be125045b4448455884a16e977907f11
 
 RUN go get github.com/mitchellh/gox
 

go.mod

@@ -1,12 +1,14 @@
 module github.com/realestate-com-au/shush
 
-go 1.13
+go 1.16
 
 require (
-	github.com/aws/aws-sdk-go v1.25.49
+	github.com/aws/aws-sdk-go-v2 v1.2.1 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.1.2
+	github.com/aws/aws-sdk-go-v2/service/kms v1.1.2
 	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
-	github.com/go-ini/ini v1.51.0
+	github.com/go-ini/ini v1.51.0 // indirect
 	github.com/google/uuid v1.1.1
-	github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/urfave/cli v1.22.2
 )

go.sum

@@ -3,27 +3,53 @@ github.com/aws/aws-sdk-go v1.12.2 h1:wY/ELcBLPYpPgFtzSLzfvk06ERAyyfJ7xp1h56VKXAk
 github.com/aws/aws-sdk-go v1.12.2/go.mod h1:ZRmQr0FajVIyZ4ZzBYKG5P3ZqPz9IHG41ZoMu1ADI3k=
 github.com/aws/aws-sdk-go v1.25.49 h1:j5R2Ey+g8qaiy2NJ9iH+KWzDWS4SjXRCjhc22EeQVE4=
 github.com/aws/aws-sdk-go v1.25.49/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-sdk-go-v2 v1.2.1 h1:055XAi+MtmhyYX161p+jWRibkCb9YpI2ymXZiW1dwVY=
+github.com/aws/aws-sdk-go-v2 v1.2.1/go.mod h1:hTQc/9pYq5bfFACIUY9tc/2SYWd9Vnmw+testmuQeRY=
+github.com/aws/aws-sdk-go-v2/config v1.1.2 h1:H2r6cwMvvINFpEC55Y7jcNaR/oc7zYIChrG2497wmBI=
+github.com/aws/aws-sdk-go-v2/config v1.1.2/go.mod h1:77yIk+qmCS/94JlxbwV1d+YEyu6Z8FBlCGcSz3TdM6A=
+github.com/aws/aws-sdk-go-v2/credentials v1.1.2 h1:YoNqfhxAJGZI+lStIbqgx30UcCqQ86fr7FjTLUvrFOc=
+github.com/aws/aws-sdk-go-v2/credentials v1.1.2/go.mod h1:hofjw//lM0XLplgvzPPMA7oD0doQU1QpaIK1nweEEWg=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.0.3 h1:d3bKAGy4XdJyK8hz3Nx3WJJ4TCmYp2498G4mFY5wly0=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.0.3/go.mod h1:Zr1Mj+KUMGVQ+WJvTT68EZJxqhjiie2PWSPGEUPaNY0=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.0.3 h1:dST4y8pZKZdTPs4uwXmGCJmpycz1SHKmCSIhf3GqHEo=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.0.3/go.mod h1:C50Z41fJaJ7WgaeeCulOGAU3q4+4se4B3uOPFdhBi2I=
+github.com/aws/aws-sdk-go-v2/service/kms v1.1.2 h1:6a+KQe3r7Wps9nJrasrEip0lWaC7W1gRUVFWZmewshs=
+github.com/aws/aws-sdk-go-v2/service/kms v1.1.2/go.mod h1:+VMpFqykub/7QnLH3IGZNjBxv/r0SU/vNZAkYH0UMRU=
+github.com/aws/aws-sdk-go-v2/service/sso v1.1.2 h1:9BnjX/ALn5uLo2DbgkwMpUkPL1VLQVBXcjZxqJBhf44=
+github.com/aws/aws-sdk-go-v2/service/sso v1.1.2/go.mod h1:5yU1oE3+CVYYLUsaHt2AVU3CJJZ6ER4pwsrRD1L2KSc=
+github.com/aws/aws-sdk-go-v2/service/sts v1.1.2 h1:7Kxqov7uQeP8WUEO0iHz3j9Bh0E1rJrn6cf/OGfcDds=
+github.com/aws/aws-sdk-go-v2/service/sts v1.1.2/go.mod h1:zu7rotIY9P4Aoc6ytqLP9jeYrECDHUODB5Gbp+BSHl8=
+github.com/aws/smithy-go v1.2.0 h1:0PoGBWXkXDIyVdPaZW9gMhaGzj3UOAgTdiVoHuuZAFA=
+github.com/aws/smithy-go v1.2.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-ini/ini v1.28.2 h1:drmmYv7psRpoGZkPtPKKTB+ZFSnvmwCMfNj5o1nLh2Y=
 github.com/go-ini/ini v1.28.2/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-ini/ini v1.51.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8 h1:12VvqtR6Aowv3l/EQUlocDHW2Cp4G9WJVH7uyH8QFJE=
 github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/urfave/cli v1.20.0 h1:fDqGv3UG/4jbVl/QkFwEdddtEDjh/5Ov6X+0B/3bPaw=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
 github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

kms/kms_handle.go

@@ -1,28 +1,28 @@
 package kms
 
 import (
+	"context"
 	"encoding/base64"
 	"errors"
 	"fmt"
 	"strings"
 
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/kms"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/kms"
 	"github.com/realestate-com-au/shush/awsmeta"
 )
 
-type kmsEncryptionContext map[string]*string
+type kmsEncryptionContext map[string]string
 
 // Structure encapsulating stuff common to encrypt and decrypt.
 //
 type KmsHandle struct {
-	Client  *kms.KMS
+	Client  *kms.Client
 	Context kmsEncryptionContext
 }
 
-func NewHandle(region string, context []string) (ops *KmsHandle, err error) {
-	encryptionContext, err := parseEncryptionContext(context)
+func NewHandle(region string, encryptionContextData []string) (ops *KmsHandle, err error) {
+	encryptionContext, err := parseEncryptionContext(encryptionContextData)
 	if err != nil {
 		return nil, fmt.Errorf("could not parse encryption context: %v", err)
 	}
@@ -33,7 +33,14 @@ func NewHandle(region string, context []string) (ops *KmsHandle, err error) {
 			return
 		}
 	}
-	client := kms.New(session.New(), aws.NewConfig().WithRegion(region))
+
+	conf, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion(region))
+
+	if err != nil {
+		return nil, fmt.Errorf("could not create AWS session: %v", err)
+	}
+
+	client := kms.NewFromConfig(conf)
 	ops = &KmsHandle{
 		Client:  client,
 		Context: encryptionContext,
@@ -48,14 +55,14 @@ func parseEncryptionContext(contextStrings []string) (kmsEncryptionContext, erro
 		if len(parts) < 2 {
 			return nil, fmt.Errorf("context must be provided in NAME=VALUE format")
 		}
-		context[parts[0]] = &parts[1]
+		context[parts[0]] = parts[1]
 	}
 	return context, nil
 }
 
 // Encrypt plaintext using specified key.
 func (h *KmsHandle) Encrypt(plaintext string, keyID string) (string, error) {
-	output, err := h.Client.Encrypt(&kms.EncryptInput{
+	output, err := h.Client.Encrypt(context.TODO(), &kms.EncryptInput{
 		KeyId:             &keyID,
 		EncryptionContext: h.Context,
 		Plaintext:         []byte(plaintext),
@@ -73,7 +80,7 @@ func (h *KmsHandle) Decrypt(ciphertext string) (string, string, error) {
 	if err != nil {
 		return "", "", err
 	}
-	output, err := h.Client.Decrypt(&kms.DecryptInput{
+	output, err := h.Client.Decrypt(context.TODO(), &kms.DecryptInput{
 		EncryptionContext: h.Context,
 		CiphertextBlob:    ciphertextBlob,
 	})

main.go

@@ -15,7 +15,7 @@ func main() {
 
 	app := cli.NewApp()
 	app.Name = "shush"
-	app.Version = "1.4.1"
+	app.Version = "1.5.0"
 	app.Usage = "KMS encryption and decryption"
 
 	app.Flags = []cli.Flag{