Migrate AWS SDK to v2 #874

vpnachev · 2025-05-05T15:52:55Z

How to categorize this PR?
/area security ipcei
/kind enhancement
/label ipcei/workload-identity

What this PR does / why we need it:
Migrate AWS SDK to v2

Which issue(s) this PR fixes:
Fixes #838

Special notes for your reviewer:
Part of gardener/gardener#9586
Release note:

AWS SDK has been upgraded to v2.

gardener-robot · 2025-05-05T15:53:24Z

@vpnachev Label ipcei/workload-identity does not exist.

gardener-robot · May 5, 2025

@vpnachev Label ipcei/workload-identity does not exist.

ishan16696 · 2025-05-06T09:58:01Z

/assign

ishan16696

few nits:

pkg/snapstore/s3_snapstore.go

pkg/snapstore/internal/s3api/interface.go

pkg/snapstore/snapstore_test.go

ishan16696 · 2025-05-21T10:22:37Z

I have performed these tests with/without object lock enabled S3 bucket. Everything works fine

Restoration tests:

Restoration functionality of backup-restore should work with buckets which don't have bucket/object lock enabled (Backward compatibility).
Restoration functionality of backup-restore should work with buckets which have both versioned immutable as well as mutable, non-versioned snapshots present.
Restoration functionality of backup-restore should work with buckets which have only immutable versioned snapshots(full as well as delta) present.
Restoration functionality of backup-restore should work when attacker corrupted/deleted immutable versioned snapshots present in bucket.

To ignore the snapshots:

support of skipping/ignoring of any snapshot in an object lock enabled S3 bucket.

For Garbage collection of snapshots:

Backward compatibility with buckets which don't have immutability enabled.
GC should work with buckets which have both immutable as well as non immutable objects.
GC should work with buckets which have only immutable objects.

ishan16696 · 2025-05-23T07:23:53Z

I have tested the copy-backup tasks as well, basically coping the snapshots from source bucket(with object locked enabled ) to target bucket.

ishan16696

LGTM!!

pkg/snapstore/internal/s3api/interface.go

vpnachev added 2 commits May 5, 2025 18:50

Migrate AWS SDK to v2

78cb6c8

revendor

627cfed

vpnachev requested a review from a team as a code owner May 5, 2025 15:52

gardener-robot added needs/review Needs review area/ipcei IPCEI (Important Project of Common European Interest) area/security Security related kind/enhancement Enhancement, improvement, extension labels May 5, 2025

gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label May 5, 2025

gardener-robot added size/xl Size of pull request is huge (see gardener-robot robot/bots/size.py) needs/second-opinion Needs second review by someone else labels May 5, 2025

gardener-robot-ci-1 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels May 5, 2025

vpnachev added 2 commits May 5, 2025 19:01

Update reuse config

6b95665

Suppress sast finding

81dd11a

gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels May 5, 2025

gardener-robot assigned ishan16696 May 6, 2025

ishan16696 requested changes May 20, 2025

View reviewed changes

pkg/snapstore/s3_snapstore.go Outdated Show resolved Hide resolved

pkg/snapstore/internal/s3api/interface.go Outdated Show resolved Hide resolved

pkg/snapstore/snapstore_test.go Outdated Show resolved Hide resolved

gardener-robot added the needs/changes Needs (more) changes label May 20, 2025

Apply review feedback

d6fcff1

vpnachev requested a review from ishan16696 May 20, 2025 15:04

gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label May 20, 2025

gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label May 20, 2025

vpnachev mentioned this pull request May 22, 2025

☂️ [GEP-26] Workload Identity - Trust Based Authentication gardener/gardener#9586

Open

68 tasks

ishan16696 approved these changes May 23, 2025

View reviewed changes

ishan16696 reviewed May 23, 2025

View reviewed changes

pkg/snapstore/internal/s3api/interface.go Show resolved Hide resolved

ishan16696 merged commit dbc22d3 into gardener:master May 23, 2025
10 checks passed

gardener-robot added the status/closed Issue is closed (either delivered or triaged) label May 23, 2025

ishan16696 mentioned this pull request May 23, 2025

⬆️ Bump github.com/aws/aws-sdk-go from 1.55.6 to 1.55.7 #872

Closed

vpnachev deleted the enh/migrate-aws-sdk-to-v2 branch May 23, 2025 09:57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Migrate AWS SDK to v2 #874

Migrate AWS SDK to v2 #874

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Migrate AWS SDK to v2 #874

Migrate AWS SDK to v2 #874

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!