Migrate Websocket and TCS to v2 credentials

Author: Thean Lim

agent/app/agent.go

@@ -991,7 +991,7 @@ func (agent *ecsAgent) startAsyncRoutines(
 	}
 	go statsEngine.StartMetricsPublish()
 
-	session, err := reporter.NewDockerTelemetrySession(agent.containerInstanceARN, agent.credentialProvider, agent.cfg, deregisterInstanceEventStream,
+	session, err := reporter.NewDockerTelemetrySession(agent.containerInstanceARN, agent.credentialsCache, agent.cfg, deregisterInstanceEventStream,
 		client, taskEngine, telemetryMessages, healthMessages, doctor)
 	if err != nil {
 		seelog.Warnf("Error creating telemetry session: %v", err)
@@ -1102,7 +1102,7 @@ func (agent *ecsAgent) startACSSession(
 	acsSession := session.NewSession(agent.containerInstanceARN,
 		agent.cfg.Cluster,
 		client,
-		agent.credentialProvider,
+		agent.credentialsCache,
 		inactiveInstanceCB,
 		acsclient.NewACSClientFactory(),
 		metricsfactory.NewNopEntryFactory(),

agent/stats/reporter/reporter.go

@@ -30,7 +30,8 @@ import (
 	tcshandler "github.com/aws/amazon-ecs-agent/ecs-agent/tcs/handler"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/tcs/model/ecstcs"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/wsclient"
-	"github.com/aws/aws-sdk-go/aws/credentials"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
 )
 
 const (
@@ -47,7 +48,7 @@ type DockerTelemetrySession struct {
 // tcshandler.TelemetrySession contains the logic to manage the TCSClient and corresponding websocket connection
 func NewDockerTelemetrySession(
 	containerInstanceArn string,
-	credentialProvider *credentials.Credentials,
+	credentialsCache *aws.CredentialsCache,
 	cfg *config.Config,
 	deregisterInstanceEventStream *eventstream.EventStream,
 	ecsClient ecs.ECSClient,
@@ -75,7 +76,7 @@ func NewDockerTelemetrySession(
 		agentHash,
 		containerRuntimeVersion,
 		cfg.DisableMetrics.Enabled(),
-		credentialProvider,
+		credentialsCache,
 		&wsclient.WSClientMinAgentConfig{
 			AWSRegion:          cfg.AWSRegion,
 			AcceptInsecureCert: cfg.AcceptInsecureCert,

agent/stats/reporter/reporter_test.go

@@ -26,7 +26,9 @@ import (
 	"github.com/aws/amazon-ecs-agent/agent/version"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/doctor"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/eventstream"
-	"github.com/aws/aws-sdk-go/aws/credentials"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/credentials"
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/assert"
 )
@@ -41,7 +43,7 @@ const (
 
 func TestNewDockerTelemetrySession(t *testing.T) {
 	emptyDoctor, _ := doctor.NewDoctor([]doctor.Healthcheck{}, testCluster, testContainerInstanceArn)
-	testCredentials := credentials.NewStaticCredentials("test-id", "test-secret", "test-token")
+	testCredentials := credentials.NewStaticCredentialsProvider("test-id", "test-secret", "test-token")
 	ctrl := gomock.NewController(t)
 	defer ctrl.Finish()
 	mockEngine := mock_engine.NewMockTaskEngine(ctrl)
@@ -94,7 +96,7 @@ func TestNewDockerTelemetrySession(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			dockerTelemetrySession, err := NewDockerTelemetrySession(
 				testContainerInstanceArn,
-				testCredentials,
+				aws.NewCredentialsCache(testCredentials),
 				tc.cfg,
 				eventstream.NewEventStream("Deregister_Instance", context.Background()),
 				nil,

ecs-agent/acs/client/acs_client.go

@@ -26,7 +26,7 @@ import (
 	"github.com/aws/amazon-ecs-agent/ecs-agent/logger"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/metrics"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/wsclient"
-	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go-v2/aws"
 )
 
 // clientServer implements ClientServer for acs.
@@ -46,14 +46,14 @@ func NewACSClientFactory() wsclient.ClientFactory {
 // The returned struct should have both 'Connect' and 'Serve' called upon it
 // before being used.
 func (*acsClientFactory) New(url string,
-	credentialProvider *credentials.Credentials,
+	credentialsCache *aws.CredentialsCache,
 	rwTimeout time.Duration,
 	cfg *wsclient.WSClientMinAgentConfig,
 	metricsFactory metrics.EntryFactory) wsclient.ClientServer {
 
 	cs := &clientServer{}
 	cs.URL = url
-	cs.CredentialProvider = credentialProvider
+	cs.CredentialsCache = credentialsCache
 	cs.Cfg = cfg
 	cs.ServiceError = &acsError{}
 	cs.RequestHandlers = make(map[string]wsclient.RequestHandler)

ecs-agent/acs/client/acs_client_test.go

@@ -32,9 +32,9 @@ import (
 	mock_wsconn "github.com/aws/amazon-ecs-agent/ecs-agent/wsclient/wsconn/mock"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/credentials"
 	"github.com/aws/aws-sdk-go-v2/service/acs"
 	acstypes "github.com/aws/aws-sdk-go-v2/service/acs/types"
-	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/golang/mock/gomock"
 	"github.com/gorilla/websocket"
 	"github.com/stretchr/testify/assert"
@@ -110,7 +110,7 @@ const (
 	rwTimeout       = time.Second
 )
 
-var testCreds = credentials.NewStaticCredentials("test-id", "test-secret", "test-token")
+var testCreds = credentials.NewStaticCredentialsProvider("test-id", "test-secret", "test-token")
 
 var testCfg = &wsclient.WSClientMinAgentConfig{
 	AcceptInsecureCert: true,
@@ -267,7 +267,7 @@ func TestConnect(t *testing.T) {
 		t.Fatal(<-serverErr)
 	}()
 
-	cs := testACSClientFactory.New(server.URL, testCreds, rwTimeout, testCfg, metrics.NewNopEntryFactory())
+	cs := testACSClientFactory.New(server.URL, aws.NewCredentialsCache(testCreds), rwTimeout, testCfg, metrics.NewNopEntryFactory())
 	// Wait for up to a second for the mock server to launch
 	for i := 0; i < 100; i++ {
 		_, err = cs.Connect(metrics.ACSDisconnectTimeoutMetricName, wsclient.DisconnectTimeout, wsclient.DisconnectJitterMax)
@@ -338,15 +338,15 @@ func TestConnectClientError(t *testing.T) {
 	}))
 	defer testServer.Close()
 
-	cs := testACSClientFactory.New(testServer.URL, testCreds, rwTimeout, testCfg, metrics.NewNopEntryFactory())
+	cs := testACSClientFactory.New(testServer.URL, aws.NewCredentialsCache(testCreds), rwTimeout, testCfg, metrics.NewNopEntryFactory())
 	_, err := cs.Connect(metrics.ACSDisconnectTimeoutMetricName, wsclient.DisconnectTimeout, wsclient.DisconnectJitterMax)
 	_, ok := err.(*wsclient.WSError)
 	assert.True(t, ok, "Connect error expected to be a WSError type")
 	assert.EqualError(t, err, "InvalidClusterException: Invalid cluster")
 }
 
 func testCS(conn *mock_wsconn.MockWebsocketConn) wsclient.ClientServer {
-	foo := testACSClientFactory.New("localhost:443", testCreds, rwTimeout, testCfg, metrics.NewNopEntryFactory())
+	foo := testACSClientFactory.New("localhost:443", aws.NewCredentialsCache(testCreds), rwTimeout, testCfg, metrics.NewNopEntryFactory())
 	cs := foo.(*clientServer)
 	cs.SetConnection(conn)
 	return cs

ecs-agent/acs/session/session.go

@@ -32,7 +32,8 @@ import (
 	"github.com/aws/amazon-ecs-agent/ecs-agent/utils/retry"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/utils/ttime"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/wsclient"
-	"github.com/aws/aws-sdk-go/aws/credentials"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
 )
 
 const (
@@ -71,7 +72,7 @@ type Session interface {
 type session struct {
 	containerInstanceARN           string
 	cluster                        string
-	credentialsProvider            *credentials.Credentials
+	credentialsCache               *aws.CredentialsCache
 	ecsClient                      ecs.ECSClient
 	inactiveInstanceCB             func()
 	agentVersion                   string
@@ -106,7 +107,7 @@ type session struct {
 func NewSession(containerInstanceARN string,
 	cluster string,
 	ecsClient ecs.ECSClient,
-	credentialsProvider *credentials.Credentials,
+	credentialsCache *aws.CredentialsCache,
 	inactiveInstanceCB func(),
 	clientFactory wsclient.ClientFactory,
 	metricsFactory metrics.EntryFactory,
@@ -132,7 +133,7 @@ func NewSession(containerInstanceARN string,
 		containerInstanceARN:           containerInstanceARN,
 		cluster:                        cluster,
 		ecsClient:                      ecsClient,
-		credentialsProvider:            credentialsProvider,
+		credentialsCache:               credentialsCache,
 		inactiveInstanceCB:             inactiveInstanceCB,
 		clientFactory:                  clientFactory,
 		metricsFactory:                 metricsFactory,
@@ -247,7 +248,7 @@ func (s *session) startSessionOnce(ctx context.Context) error {
 
 	client := s.clientFactory.New(
 		s.acsURL(acsEndpoint),
-		s.credentialsProvider,
+		s.credentialsCache,
 		wsRWTimeout,
 		s.minAgentConfig,
 		s.metricsFactory)

ecs-agent/acs/session/session_test.go

@@ -44,7 +44,9 @@ import (
 	mock_retry "github.com/aws/amazon-ecs-agent/ecs-agent/utils/retry/mock"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/wsclient"
 	mock_wsclient "github.com/aws/amazon-ecs-agent/ecs-agent/wsclient/mock"
-	"github.com/aws/aws-sdk-go/aws/credentials"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/credentials"
 	"github.com/golang/mock/gomock"
 	"github.com/gorilla/websocket"
 	"github.com/pkg/errors"
@@ -180,7 +182,7 @@ const (
 
 var inactiveInstanceError = errors.New("InactiveInstanceException")
 var noopFunc = func() {}
-var testCreds = credentials.NewStaticCredentials("test-id", "test-secret", "test-token")
+var testCreds = credentials.NewStaticCredentialsProvider("test-id", "test-secret", "test-token")
 var testMinAgentConfig = &wsclient.WSClientMinAgentConfig{
 	AcceptInsecureCert: true,
 	AWSRegion:          "us-west-2",
@@ -973,7 +975,7 @@ func TestSessionDoesntLeakGoroutines(t *testing.T) {
 	go func() {
 		acsSession := session{
 			containerInstanceARN:  testconst.ContainerInstanceARN,
-			credentialsProvider:   testCreds,
+			credentialsCache:      aws.NewCredentialsCache(testCreds),
 			dockerVersion:         dockerVersion,
 			minAgentConfig:        testMinAgentConfig,
 			ecsClient:             ecsClient,
@@ -1052,7 +1054,7 @@ func TestStartSessionHandlesRefreshCredentialsMessages(t *testing.T) {
 		acsSession := NewSession(testconst.ContainerInstanceARN,
 			testconst.ClusterARN,
 			ecsClient,
-			testCreds,
+			aws.NewCredentialsCache(testCreds),
 			noopFunc,
 			acsclient.NewACSClientFactory(),
 			metricsfactory.NewNopEntryFactory(),
@@ -1318,7 +1320,7 @@ func TestStartSessionHandlesAttachResourceMessages(t *testing.T) {
 		acsSession := NewSession(testconst.ContainerInstanceARN,
 			testconst.ClusterARN,
 			ecsClient,
-			testCreds,
+			aws.NewCredentialsCache(testCreds),
 			noopFunc,
 			acsclient.NewACSClientFactory(),
 			metricsfactory.NewNopEntryFactory(),

ecs-agent/tcs/client/client.go

@@ -28,10 +28,9 @@ import (
 	"github.com/aws/amazon-ecs-agent/ecs-agent/tcs/model/ecstcs"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/utils"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/wsclient"
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
 
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
 	"github.com/cihub/seelog"
 	"github.com/pborman/uuid"
 )
@@ -72,7 +71,7 @@ func New(url string,
 	doctor *doctor.Doctor,
 	disableResourceMetrics bool,
 	publishMetricsInterval time.Duration,
-	credentialProvider *credentials.Credentials,
+	credentialsCache *aws.CredentialsCache,
 	rwTimeout time.Duration,
 	metricsMessages <-chan ecstcs.TelemetryMessage,
 	healthMessages <-chan ecstcs.HealthMessage,
@@ -88,9 +87,9 @@ func New(url string,
 		ClientServerImpl: wsclient.ClientServerImpl{
 			URL:                url,
 			Cfg:                cfg,
-			CredentialProvider: credentialProvider,
+			CredentialsCache:    credentialsCache,
 			RWTimeout:          rwTimeout,
-			MakeRequestHook:    signRequestFunc(url, cfg.AWSRegion, credentialProvider),
+			MakeRequestHook:    signRequestFunc(url, cfg.AWSRegion, credentialsCache),
 			TypeDecoder:        NewTCSDecoder(),
 			RequestHandlers:    make(map[string]wsclient.RequestHandler),
 			MetricsFactory:     metricsFactory,
@@ -368,10 +367,10 @@ func copyServiceConnectMetrics(scMetrics []*ecstcs.GeneralMetricsWrapper) []*ecs
 // copyHealthMetadata performs a deep copy of HealthMetadata object
 func copyHealthMetadata(metadata *ecstcs.HealthMetadata, fin bool) *ecstcs.HealthMetadata {
 	return &ecstcs.HealthMetadata{
-		Cluster:           aws.String(aws.StringValue(metadata.Cluster)),
-		ContainerInstance: aws.String(aws.StringValue(metadata.ContainerInstance)),
+		Cluster:           aws.String(aws.ToString(metadata.Cluster)),
+		ContainerInstance: aws.String(aws.ToString(metadata.ContainerInstance)),
 		Fin:               aws.Bool(fin),
-		MessageId:         aws.String(aws.StringValue(metadata.MessageId)),
+		MessageId:         aws.String(aws.ToString(metadata.MessageId)),
 	}
 }
 
@@ -492,7 +491,7 @@ func (cs *tcsClientServer) Close() error {
 }
 
 // signRequestFunc is a MakeRequestHookFunc that signs each generated request
-func signRequestFunc(url, region string, credentialProvider *credentials.Credentials) wsclient.MakeRequestHookFunc {
+func signRequestFunc(url, region string, credentialsCache *aws.CredentialsCache) wsclient.MakeRequestHookFunc {
 	return func(payload []byte) ([]byte, error) {
 		reqBody := bytes.NewReader(payload)
 
@@ -501,7 +500,7 @@ func signRequestFunc(url, region string, credentialProvider *credentials.Credent
 			return nil, err
 		}
 
-		err = utils.SignHTTPRequest(request, region, "ecs", credentialProvider, reqBody)
+		err = utils.SignHTTPRequest(request, region, "ecs", credentialsCache, reqBody)
 		if err != nil {
 			return nil, err
 		}

ecs-agent/tcs/client/client_test.go

@@ -35,8 +35,9 @@ import (
 	"github.com/aws/amazon-ecs-agent/ecs-agent/tcs/model/ecstcs"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/wsclient"
 	mock_wsconn "github.com/aws/amazon-ecs-agent/ecs-agent/wsclient/wsconn/mock"
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/credentials"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/credentials"
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/assert"
 )
@@ -99,7 +100,7 @@ func (fc *falseHealthcheck) GetLastHealthcheckTime() time.Time {
 	return time.Date(1974, time.May, 19, 1, 2, 3, 4, time.UTC)
 }
 
-var testCreds = credentials.NewStaticCredentials("test-id", "test-secret", "test-token")
+var testCreds = credentials.NewStaticCredentialsProvider("test-id", "test-secret", "test-token")
 
 var emptyDoctor, _ = doctor.NewDoctor([]doctor.Healthcheck{}, "test-cluster", "this:is:an:instance:arn")
 
@@ -647,7 +648,7 @@ func testCS(conn *mock_wsconn.MockWebsocketConn, metricsMessages <-chan ecstcs.T
 		AcceptInsecureCert: true,
 	}
 	cs := New("https://aws.amazon.com/ecs", cfg, emptyDoctor, false, testPublishMetricsInterval,
-		testCreds, rwTimeout, metricsMessages, healthMessages, metrics.NewNopEntryFactory()).(*tcsClientServer)
+	aws.NewCredentialsCache(testCreds), rwTimeout, metricsMessages, healthMessages, metrics.NewNopEntryFactory()).(*tcsClientServer)
 	cs.SetConnection(conn)
 	return cs
 }
@@ -718,7 +719,7 @@ func TestHealthToPublishHealthRequests(t *testing.T) {
 		IsDocker:           true,
 	}
 
-	cs := New("", cfg, emptyDoctor, true, testPublishMetricsInterval, testCreds, rwTimeout, nil, nil, metrics.NewNopEntryFactory())
+	cs := New("", cfg, emptyDoctor, true, testPublishMetricsInterval, aws.NewCredentialsCache(testCreds), rwTimeout, nil, nil, metrics.NewNopEntryFactory())
 	cs.SetConnection(conn)
 
 	testMetadata := &ecstcs.HealthMetadata{

ecs-agent/tcs/handler/handler.go

@@ -30,7 +30,8 @@ import (
 	"github.com/aws/amazon-ecs-agent/ecs-agent/tcs/model/ecstcs"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/utils/retry"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/wsclient"
-	"github.com/aws/aws-sdk-go/aws/credentials"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/cihub/seelog"
 )
 
@@ -61,7 +62,7 @@ type telemetrySession struct {
 	agentHash                     string
 	containerRuntimeVersion       string
 	disableMetrics                bool
-	credentialsProvider           *credentials.Credentials
+	credentialsCache              *aws.CredentialsCache
 	cfg                           *wsclient.WSClientMinAgentConfig
 	deregisterInstanceEventStream *eventstream.EventStream
 	heartbeatTimeout              time.Duration
@@ -82,7 +83,7 @@ func NewTelemetrySession(
 	agentHash string,
 	containerRuntimeVersion string,
 	disableMetrics bool,
-	credentialsProvider *credentials.Credentials,
+	credentialsCache *aws.CredentialsCache,
 	cfg *wsclient.WSClientMinAgentConfig,
 	deregisterInstanceEventStream *eventstream.EventStream,
 	heartbeatTimeout time.Duration,
@@ -102,7 +103,7 @@ func NewTelemetrySession(
 		agentHash:                     agentHash,
 		containerRuntimeVersion:       containerRuntimeVersion,
 		disableMetrics:                disableMetrics,
-		credentialsProvider:           credentialsProvider,
+		credentialsCache:              credentialsCache,
 		cfg:                           cfg,
 		deregisterInstanceEventStream: deregisterInstanceEventStream,
 		metricsChannel:                metricsChannel,
@@ -158,7 +159,7 @@ func (session *telemetrySession) StartTelemetrySession(ctx context.Context) erro
 	tcsEndpointUrl := formatURL(endpoint, session.cluster, session.containerInstanceArn, session.agentVersion,
 		session.agentHash, containerRuntime, session.containerRuntimeVersion)
 	client := tcsclient.New(tcsEndpointUrl, session.cfg, session.doctor, session.disableMetrics, tcsclient.DefaultContainerMetricsPublishInterval,
-		session.credentialsProvider, wsRWTimeout, session.metricsChannel, session.healthChannel, session.metricsFactory)
+		session.credentialsCache, wsRWTimeout, session.metricsChannel, session.healthChannel, session.metricsFactory)
 	defer client.Close()
 
 	if session.deregisterInstanceEventStream != nil {