Main: remove unused AWS credentials and functions

Author: typeid

README.md

@@ -162,10 +162,6 @@ Grafana dashboard configmaps are stored in the [Dashboards](./dashboards/) direc
 * `CAD_OCM_CLIENT_ID`: refers to the OCM client ID used by CAD to initialize the OCM client
 * `CAD_OCM_CLIENT_SECRET`: refers to the OCM client secret used by CAD to initialize the OCM client
 * `CAD_OCM_URL`: refers to the used OCM url used by CAD to initialize the OCM client
-* `AWS_ACCESS_KEY_ID`: refers to the access key id of the base AWS account used by CAD
-* `AWS_SECRET_ACCESS_KEY`: refers to the secret access key of the base AWS account used by CAD
-* `CAD_AWS_CSS_JUMPROLE`:  refers to the arn of the RH-SRE-CCS-Access jumprole
-* `CAD_AWS_SUPPORT_JUMPROLE`: refers to the arn of the RH-Technical-Support-Access jumprole
 * `CAD_PD_EMAIL`: refers  to the email for a login via mail/pw credentials
 * `CAD_PD_PW`: refers to the password for a login via mail/pw credentials
 * `CAD_PD_TOKEN`: refers to the generated private access token for token-based authentication

deploy/aws.env.sample

@@ -249,18 +249,6 @@ objects:
   subjects:
   - kind: ServiceAccount
     name: cad-sa
-- apiVersion: v1
-  kind: Secret
-  metadata:
-    name: cad-aws-credentials
-  stringData:
-    AWS_ACCESS_KEY_ID: CHANGEME
-    AWS_DEFAULT_REGION: CHANGEME
-    AWS_SECRET_ACCESS_KEY: CHANGEME
-    AWS_SESSION_TOKEN: CHANGEME
-    CAD_AWS_CSS_JUMPROLE: CHANGEME
-    CAD_AWS_SUPPORT_JUMPROLE: CHANGEME
-  type: Opaque
 - apiVersion: v1
   kind: Secret
   metadata:

deploy/task-cad-checks-secrets-aws.yaml

@@ -4,9 +4,6 @@ package aws
 import (
 	"context"
 	"fmt"
-	"os"
-	"path"
-	"path/filepath"
 	"reflect"
 	"regexp"
 	"strings"
@@ -29,10 +26,8 @@ import (
 )
 
 const (
-	accessKeyIDFilename       string = "aws_access_key_id"
-	secretAccessKeyIDFilename string = "aws_secret_access_key" /* #nosec G101 -- this is just the fileName, not a key*/
-	maxRetries                int    = 3
-	backoffUpperLimit                = 5 * time.Minute
+	maxRetries        int = 3
+	backoffUpperLimit     = 5 * time.Minute
 )
 
 var stopInstanceDateRegex = regexp.MustCompile(`\((\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.*)\)`)
@@ -98,26 +93,6 @@ func NewClient(accessID, accessSecret, token, region string) (*SdkClient, error)
 	}, nil
 }
 
-// NewClientFromFileCredentials creates a new client by reading credentials from a file
-func NewClientFromFileCredentials(dir string, region string) (*SdkClient, error) {
-	dir = strings.TrimSuffix(dir, "/")
-	dir = filepath.Clean(dir)
-
-	accessKeyBytesPath := filepath.Clean(path.Join(dir, accessKeyIDFilename))
-	accessKeyBytes, err := os.ReadFile(accessKeyBytesPath)
-	if err != nil {
-		return nil, fmt.Errorf("cannot read accessKeyID '%s' from path  %s", accessKeyIDFilename, dir)
-	}
-	secretKeyBytesPath := filepath.Clean(path.Join(dir, secretAccessKeyIDFilename))
-	secretKeyBytes, err := os.ReadFile(secretKeyBytesPath)
-	if err != nil {
-		return nil, fmt.Errorf("cannot read secretKeyID '%s' from path  %s", secretAccessKeyIDFilename, dir)
-	}
-	accessKeyID := strings.TrimRight(string(accessKeyBytes), "\n")
-	secretKeyID := strings.TrimRight(string(secretKeyBytes), "\n")
-	return NewClient(accessKeyID, secretKeyID, "", region)
-}
-
 // GetAWSCredentials gets the AWS credentials
 func (c *SdkClient) GetAWSCredentials() awsv2.Credentials {
 	return c.Credentials