wip: secrets manager sdk v2 changes

Signed-off-by: Richard Case <[email protected]>

Author: richardcase

pkg/cloud/converters/tags.go

@@ -25,6 +25,7 @@ import (
 	elbtypes "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing/types"
 	elbv2types "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types"
 	iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types"
+	secretsmanagertypes "github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
 	ssmtypes "github.com/aws/aws-sdk-go-v2/service/ssm/types"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/secretsmanager"
@@ -168,6 +169,20 @@ func MapToSecretsManagerTags(src infrav1.Tags) []*secretsmanager.Tag {
 	return tags
 }
 
+// MapToSecretsManagerTagsV2 converts infrav1.Tags (a map of string key-value pairs) to a slice of Secrets Manager Tag objects for SDK v2.
+func MapToSecretsManagerTagsV2(tags infrav1.Tags) []secretsmanagertypes.Tag {
+	result := make([]secretsmanagertypes.Tag, 0, len(tags))
+	for k, v := range tags {
+		key := k
+		value := v
+		result = append(result, secretsmanagertypes.Tag{
+			Key:   &key,
+			Value: &value,
+		})
+	}
+	return result
+}
+
 // MapToIAMTags converts a infrav1.Tags to a []*iam.Tag.
 func MapToIAMTags(src infrav1.Tags) []iamtypes.Tag {
 	tags := make([]iamtypes.Tag, 0, len(src))

pkg/cloud/endpointsv2/endpoints.go

@@ -30,6 +30,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/eventbridge"
 	rgapi "github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
+	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
 	"github.com/aws/aws-sdk-go-v2/service/sqs"
 	"github.com/aws/aws-sdk-go-v2/service/ssm"
 	"github.com/aws/aws-sdk-go-v2/service/sts"
@@ -326,3 +327,25 @@ func (s *STSEndpointResolver) ResolveEndpoint(ctx context.Context, params sts.En
 	params.Region = &endpoint.SigningRegion
 	return sts.NewDefaultEndpointResolverV2().ResolveEndpoint(ctx, params)
 }
+
+// SecretsManagerEndpointResolver implements EndpointResolverV2 interface for Secrets Manager.
+type SecretsManagerEndpointResolver struct {
+	*MultiServiceEndpointResolver
+}
+
+// ResolveEndpoint for Secrets Manager.
+func (s *SecretsManagerEndpointResolver) ResolveEndpoint(ctx context.Context, params secretsmanager.EndpointParameters) (smithyendpoints.Endpoint, error) {
+	// If custom endpoint not found, return default endpoint for the service
+	log := logger.FromContext(ctx)
+	endpoint, ok := s.endpoints[secretsmanager.ServiceID]
+
+	if !ok {
+		log.Debug("Custom endpoint not found, using default endpoint")
+		return secretsmanager.NewDefaultEndpointResolverV2().ResolveEndpoint(ctx, params)
+	}
+
+	log.Debug("Custom endpoint found, using custom endpoint", "endpoint", endpoint.URL)
+	params.Endpoint = &endpoint.URL
+	params.Region = &endpoint.SigningRegion
+	return secretsmanager.NewDefaultEndpointResolverV2().ResolveEndpoint(ctx, params)
+}

pkg/cloud/scope/clients.go

@@ -217,20 +217,23 @@ func NewResourgeTaggingClient(scopeUser cloud.ScopeUsage, session cloud.Session,
 // NewSecretsManagerClient creates a new Secrets API client for a given session..
 func NewSecretsManagerClient(scopeUser cloud.ScopeUsage, session cloud.Session, logger logger.Wrapper, target runtime.Object) *secretsmanager.Client {
 	cfg := session.Session()
-
-	secretsOpts := []func(*secretsmanager.Options){
+	multiSvcEndpointResolver := endpointsv2.NewMultiServiceEndpointResolver()
+	secretsManagerEndpointResolver := &endpointsv2.SecretsManagerEndpointResolver{
+		MultiServiceEndpointResolver: multiSvcEndpointResolver,
+	}
+	secretsManagerOpts := []func(*secretsmanager.Options){
 		func(o *secretsmanager.Options) {
 			o.Logger = logger.GetAWSLogger()
 			o.ClientLogMode = awslogs.GetAWSLogLevelV2(logger.GetLogger())
+			o.EndpointResolverV2 = secretsManagerEndpointResolver
 		},
 		secretsmanager.WithAPIOptions(
 			awsmetricsv2.WithMiddlewares(scopeUser.ControllerName(), target),
 			awsmetricsv2.WithCAPAUserAgentMiddleware(),
-			throttle.WithServiceLimiterMiddleware(session.ServiceLimiter(secretsmanager.ServiceID)),
 		),
 	}
 
-	return secretsmanager.NewFromConfig(cfg, secretsOpts...)
+	return secretsmanager.NewFromConfig(cfg, secretsManagerOpts...)
 }
 
 // NewEKSClient creates a new EKS API client for a given session.

pkg/cloud/services/secretsmanager/secret.go

@@ -18,6 +18,7 @@ package secretsmanager
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"path"
 
@@ -26,6 +27,7 @@ import (
 	kerrors "k8s.io/apimachinery/pkg/util/errors"
 	"k8s.io/apimachinery/pkg/util/uuid"
 
+	"github.com/aws/smithy-go"
 	infrav1 "sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2"
 	"sigs.k8s.io/cluster-api-provider-aws/v2/pkg/cloud/awserrors"
 	"sigs.k8s.io/cluster-api-provider-aws/v2/pkg/cloud/convertersv2"
@@ -109,9 +111,11 @@ func (s *Service) forceDeleteSecretEntry(name string) error {
 		SecretId:                   aws.String(name),
 		ForceDeleteWithoutRecovery: aws.Bool(true),
 	})
-	smithyErr := awserrors.ParseSmithyError(err)
-	if smithyErr != nil && smithyErr.ErrorCode() == "ResourceNotFoundException" {
-		return nil
+	if err != nil {
+		var aerr smithy.APIError
+		if errors.As(err, &aerr) && aerr.ErrorCode() == "ResourceNotFoundException" {
+			return nil
+		}
 	}
 	return err
 }

test/e2e/suites/unmanaged/unmanaged_CAPI_clusterclass_test.go

@@ -60,9 +60,9 @@ var _ = ginkgo.Context("[unmanaged] [Cluster API Framework] [ClusterClass]", fun
 			}
 		})
 
-		ginkgo.AfterEach(func() {
-			shared.ReleaseResources(requiredResources, ginkgo.GinkgoParallelProcess(), flock.New(shared.ResourceQuotaFilePath))
-		})
+		// ginkgo.AfterEach(func() {
+		// 	shared.ReleaseResources(requiredResources, ginkgo.GinkgoParallelProcess(), flock.New(shared.ResourceQuotaFilePath))
+		// })
 	})
 
 	ginkgo.PDescribe("Cluster Upgrade Spec - HA control plane with workers [K8s-Upgrade] [ClusterClass]", func() {

test/mocks/aws_secretsmanager_mock.go

@@ -24,4 +24,6 @@ limitations under the License.
 //go:generate /usr/bin/env bash -c "cat ../../hack/boilerplate/boilerplate.generatego.txt aws_rgtagging_mock.go > _aws_rgtagging_mock.go && mv _aws_rgtagging_mock.go aws_rgtagging_mock.go"
 //go:generate ../../hack/tools/bin/mockgen -destination aws_ec2api_mock.go -package mocks sigs.k8s.io/cluster-api-provider-aws/v2/pkg/cloud/services/common EC2API
 //go:generate /usr/bin/env bash -c "cat ../../hack/boilerplate/boilerplate.generatego.txt aws_ec2api_mock.go > _aws_ec2api_mock.go && mv _aws_ec2api_mock.go aws_ec2api_mock.go"
+//go:generate ../../hack/tools/bin/mockgen -destination aws_secretsmanager_mock.go -package mocks sigs.k8s.io/cluster-api-provider-aws/v2/pkg/cloud/services/secretsmanager SecretsManagerAPI
+//go:generate /usr/bin/env bash -c "cat ../../hack/boilerplate/boilerplate.generatego.txt aws_secretsmanager_mock.go > _aws_secretsmanager_mock.go && mv _aws_secretsmanager_mock.go aws_secretsmanager_mock.go"
 package mocks