wip: secrets manager sdk v2 changes

Signed-off-by: Richard Case <[email protected]>

Author: richardcase

pkg/cloud/converters/tags.go

@@ -24,6 +24,7 @@ import (
 	elbtypes "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing/types"
 	elbv2types "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types"
 	iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types"
+	secretsmanagertypes "github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
 	ssmtypes "github.com/aws/aws-sdk-go-v2/service/ssm/types"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/ec2"
@@ -168,6 +169,20 @@ func MapToSecretsManagerTags(src infrav1.Tags) []*secretsmanager.Tag {
 	return tags
 }
 
+// MapToSecretsManagerTagsV2 converts infrav1.Tags (a map of string key-value pairs) to a slice of Secrets Manager Tag objects for SDK v2.
+func MapToSecretsManagerTagsV2(tags infrav1.Tags) []secretsmanagertypes.Tag {
+	result := make([]secretsmanagertypes.Tag, 0, len(tags))
+	for k, v := range tags {
+		key := k
+		value := v
+		result = append(result, secretsmanagertypes.Tag{
+			Key:   &key,
+			Value: &value,
+		})
+	}
+	return result
+}
+
 // MapToIAMTags converts a infrav1.Tags to a []*iam.Tag.
 func MapToIAMTags(src infrav1.Tags) []iamtypes.Tag {
 	tags := make([]iamtypes.Tag, 0, len(src))

pkg/cloud/endpointsv2/endpoints.go

@@ -30,6 +30,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/eventbridge"
 	rgapi "github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
+	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
 	"github.com/aws/aws-sdk-go-v2/service/sqs"
 	"github.com/aws/aws-sdk-go-v2/service/ssm"
 	smithyendpoints "github.com/aws/smithy-go/endpoints"
@@ -303,3 +304,25 @@ func (s *SSMEndpointResolver) ResolveEndpoint(ctx context.Context, params ssm.En
 	params.Region = &endpoint.SigningRegion
 	return ssm.NewDefaultEndpointResolverV2().ResolveEndpoint(ctx, params)
 }
+
+// SecretsManagerEndpointResolver implements EndpointResolverV2 interface for Secrets Manager.
+type SecretsManagerEndpointResolver struct {
+	*MultiServiceEndpointResolver
+}
+
+// ResolveEndpoint for Secrets Manager.
+func (s *SecretsManagerEndpointResolver) ResolveEndpoint(ctx context.Context, params secretsmanager.EndpointParameters) (smithyendpoints.Endpoint, error) {
+	// If custom endpoint not found, return default endpoint for the service
+	log := logger.FromContext(ctx)
+	endpoint, ok := s.endpoints[secretsmanager.ServiceID]
+
+	if !ok {
+		log.Debug("Custom endpoint not found, using default endpoint")
+		return secretsmanager.NewDefaultEndpointResolverV2().ResolveEndpoint(ctx, params)
+	}
+
+	log.Debug("Custom endpoint found, using custom endpoint", "endpoint", endpoint.URL)
+	params.Endpoint = &endpoint.URL
+	params.Region = &endpoint.SigningRegion
+	return secretsmanager.NewDefaultEndpointResolverV2().ResolveEndpoint(ctx, params)
+}

pkg/cloud/scope/clients.go

@@ -28,14 +28,14 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/iam"
 	rgapi "github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
+	secretsmanagerv2 "github.com/aws/aws-sdk-go-v2/service/secretsmanager"
 	"github.com/aws/aws-sdk-go-v2/service/sqs"
 	"github.com/aws/aws-sdk-go-v2/service/ssm"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/aws/aws-sdk-go/service/ec2/ec2iface"
-	"github.com/aws/aws-sdk-go/service/secretsmanager"
 	"github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface"
 	"github.com/aws/aws-sdk-go/service/sts"
 	"github.com/aws/aws-sdk-go/service/sts/stsiface"
@@ -224,16 +224,26 @@ func NewResourgeTaggingClient(scopeUser cloud.ScopeUsage, session cloud.Session,
 	return rgapi.NewFromConfig(cfg, opts...)
 }
 
-// NewSecretsManagerClient creates a new Secrets API client for a given session..
-func NewSecretsManagerClient(scopeUser cloud.ScopeUsage, session cloud.Session, logger logger.Wrapper, target runtime.Object) secretsmanageriface.SecretsManagerAPI {
-	secretsClient := secretsmanager.New(session.Session(), aws.NewConfig().WithLogLevel(awslogs.GetAWSLogLevel(logger.GetLogger())).WithLogger(awslogs.NewWrapLogr(logger.GetLogger())))
-	secretsClient.Handlers.Build.PushFrontNamed(getUserAgentHandler())
-	secretsClient.Handlers.Sign.PushFront(session.ServiceLimiter(secretsClient.ServiceID).LimitRequest)
-	secretsClient.Handlers.CompleteAttempt.PushFront(awsmetrics.CaptureRequestMetrics(scopeUser.ControllerName()))
-	secretsClient.Handlers.CompleteAttempt.PushFront(session.ServiceLimiter(secretsClient.ServiceID).ReviewResponse)
-	secretsClient.Handlers.Complete.PushBack(recordAWSPermissionsIssue(target))
+// NewSecretsManagerClientV2 creates a new Secrets Manager API client for a given session using AWS SDK v2.
+func NewSecretsManagerClientV2(scopeUser cloud.ScopeUsage, session cloud.Session, logger logger.Wrapper, target runtime.Object) *secretsmanagerv2.Client {
+	cfg := session.SessionV2()
+	multiSvcEndpointResolver := endpointsv2.NewMultiServiceEndpointResolver()
+	secretsManagerEndpointResolver := &endpointsv2.SecretsManagerEndpointResolver{
+		MultiServiceEndpointResolver: multiSvcEndpointResolver,
+	}
+	secretsManagerOpts := []func(*secretsmanagerv2.Options){
+		func(o *secretsmanagerv2.Options) {
+			o.Logger = logger.GetAWSLogger()
+			o.ClientLogMode = awslogs.GetAWSLogLevelV2(logger.GetLogger())
+			o.EndpointResolverV2 = secretsManagerEndpointResolver
+		},
+		secretsmanagerv2.WithAPIOptions(
+			awsmetricsv2.WithMiddlewares(scopeUser.ControllerName(), target),
+			awsmetricsv2.WithCAPAUserAgentMiddleware(),
+		),
+	}
 
-	return secretsClient
+	return secretsmanagerv2.NewFromConfig(cfg, secretsManagerOpts...)
 }
 
 // NewEKSClient creates a new EKS API client for a given session.

pkg/cloud/services/secretsmanager/mock_secretsmanageriface/doc.go

@@ -17,6 +17,6 @@ limitations under the License.
 // Package mock_secretsmanageriface provides a mock interface for the SecretsManager API client.
 // Run go generate to regenerate this mock.
 //
-//go:generate ../../../../../hack/tools/bin/mockgen -destination secretsmanagerapi_mock.go -package mock_secretsmanageriface github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface SecretsManagerAPI
+//go:generate ../../../../../hack/tools/bin/mockgen -destination secretsmanagerapi_mock.go -package mock_secretsmanageriface sigs.k8s.io/cluster-api-provider-aws/v2/pkg/cloud/services/secretsmanager SecretsManagerAPI
 //go:generate /usr/bin/env bash -c "cat ../../../../../hack/boilerplate/boilerplate.generatego.txt secretsmanagerapi_mock.go > _secretsmanagerapi_mock.go && mv _secretsmanagerapi_mock.go secretsmanagerapi_mock.go"
 package mock_secretsmanageriface //nolint:stylecheck