v1.142.1
What's Changed
This release hardens the AWS packages (awsopt, awssecretcache, sqs, s3) around a single set of conventions: exported sentinel errors matchable with errors.Is, response/input guards that return errors instead of panicking, skipping AWS config load when a client is injected, and expanded docs with runnable examples.
⚠️ This release contains breaking changes in every package below. See the Breaking changes section before upgrading.
awsopt — partition-agnostic region extraction
- Reworked
WithRegionFromURLto extract the region as the right-most region-shaped host label instead of anchoring on.amazonaws.com, so standard, dual-stack (api.aws), China (amazonaws.com.cn), GovCloud, ISO (c2s.ic.gov,sc2s.sgov.gov), VPC interface endpoints, and future partitions all resolve with no code changes. - Endpoint URLs are now parsed with
net/url(host only; scheme optional; userinfo, port, and path ignored; case-insensitive), replacing the endpoint-extraction regexp with a small region-shape check. - Candidate labels are validated against the AWS region shape, so a service name or the
vpcelabel never becomes a bogus region. - Fixed VPC interface endpoint region resolution and scheme-less endpoints whose path/query contains
://. - Documented that
Optionsmust be built from a single goroutine, then shared read-only.
awssecretcache — sentinel errors and nil/empty-secret guards
- Added exported sentinel errors
ErrEmptySecretandErrEmptySecretID(wrapped with%w). - Guarded against a nil
GetSecretValueOutputsoGetSecretData,GetSecretBinary, andGetSecretStringreturnErrEmptySecretinstead of panicking. - Skipped the AWS config load when a client is injected via
WithSecretsManagerClient. - Rejected an empty secret id up front with
ErrEmptySecretIDinstead of a guaranteed-failing upstream call. - Documented
%wwrapping (typed SDK errors stay matchable viaerrors.As; context/abort errors viaerrors.Is), edge behavior onNew, and added a runnable Example.
sqs — sentinel errors, nil-response guards, client injection, URL-derived region
- Added exported sentinel errors (
ErrInvalidQueueURL,ErrMissingMessageGroupID,ErrUnexpectedMessageGroupID,ErrDedupIDNotAllowed,ErrInvalidDedupID,ErrNilEncodeFunc,ErrNilDecodeFunc,ErrInvalidWaitTime,ErrInvalidVisibilityTimeout,ErrQueueNotResponding). - Added
WithSQSClientto inject a custom implementation, skipping AWS config load when set. - Derived the AWS region from the queue URL via
awsopt.WithRegionFromURLwhen no explicit region is set (an explicitWithAWSOptionsregion still wins). - Validated the queue URL and FIFO message-group constraints before loading AWS config, so misconfiguration fails fast.
- Guarded against nil
ReceiveMessage/GetQueueAttributesoutput inReceiveandHealthCheck. - Wrapped encode/decode errors with
%w, documented concurrency safety, and added a runnable Example.
s3 — sentinel errors, nil-response guards, client injection, health check, object metadata
- Added exported sentinel errors (
ErrEmptyBucketName,ErrEmptyKey,ErrEmptyObjectBody,ErrBucketNotResponding). - Added
WithS3Clientto inject a custom implementation, skipping AWS config load when set. - Added
HealthCheck, probing bucket reachability and access viaHeadBucket(requiress3:ListBucket). - Exposed object metadata on
Object(ContentType,ContentLength,ETag,LastModified, plusBucketandKey). - Added
ListObjectsreturning per-object metadata (ObjectInfowithKey,Size,LastModified,ETag);ListKeysis now a thin projection over it sharing a single pagination path. - Defaulted a nil
Putreader tohttp.NoBody, validated bucket/key before calling AWS, and stopped pagination when the continuation token does not advance (prevents an infinite loop against non-conformant endpoints). - Guarded against nil
GetObject/ListObjectsV2output, documented concurrency safety, and added a runnable Example.
Maintenance
- Updated dependencies and bumped version.
⚠️ Breaking changes
awsopt
- When the URL carries no region and no
defaultRegionis given,WithRegionFromURLnow adds no region option and defers to the SDK's canonical resolution (AWS_REGION, thenAWS_DEFAULT_REGION, then the shared config file, then IMDS) instead of substituting a hardcodedus-east-2default. - Region resolution no longer requires an
amazonaws.comhost: any host carrying a region-shaped label yields that region, so the host is no longer verified to be AWS-owned.
awssecretcache
GetSecretBinaryandGetSecretStringnow returnErrEmptySecretwhen the response holds no value, instead of an empty value with a nil error (an explicitly empty""/[]byteis still returned as a real value).GetSecretData,GetSecretBinary, andGetSecretStringnow returnErrEmptySecretIDfor an empty key instead of attempting an upstream lookup.
sqs
Newnow returnsErrUnexpectedMessageGroupIDwhen a message group ID is supplied for a standard (non-FIFO) queue instead of silently ignoring it.Newnow validates the queue URL and returnsErrInvalidQueueURLfor an empty or malformed URL instead of failing only on first use.- The region is now derived from the queue URL and takes precedence over the
AWS_REGIONenvironment variable (an explicitWithAWSOptionsregion still wins). - Package errors are now exported sentinel values and several error message texts changed.
s3
- The
S3interface gains aHeadBucketmethod; existing implementations (including test mocks) must provide it. Newnow returnsErrEmptyBucketNamefor an empty bucket name instead of failing only on first use.Get,Put, andDeletenow returnErrEmptyKeyfor an empty key instead of issuing an AWS request.- Package errors are now exported sentinel values, and the wrapped list error text changed from
"cannot list s3 keys"to"cannot list s3 objects".
Full Changelog: v1.141.0...v1.142.1