broader-aws-support (#608)

Summary:

- Support for `aws.s3` parameter mobility.
- Support for fine grained host parameters.
- Support for `context` parameters, a convenient abstraction loosely aligned to `golang` `context` at this point.
- Added handler unit testing.
- Added context variable unit testing.

Author: general-kroll-4-life

.golangci.yml

@@ -206,13 +206,17 @@ linters:
           - bodyclose
           - dupl
           - errcheck
+          - errorlint
           - funlen
           - goconst
           - gosec
           - noctx
           - revive
           - wrapcheck
           - govet
+          - lll
+          - whitespace
+          - cyclop
         path: _test\.go
     paths:
       - third_party$

go.mod

@@ -18,7 +18,7 @@ require (
 	github.com/spf13/cobra v1.4.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.10.1
-	github.com/stackql/any-sdk v0.4.2-beta08
+	github.com/stackql/any-sdk v0.4.3-alpha07
 	github.com/stackql/go-suffix-map v0.0.1-alpha01
 	github.com/stackql/psql-wire v0.1.2-alpha01
 	github.com/stackql/stackql-parser v0.0.16-alpha01

go.sum

@@ -467,8 +467,8 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.10.1 h1:nuJZuYpG7gTj/XqiUwg8bA0cp1+M2mC3J4g5luUYBKk=
 github.com/spf13/viper v1.10.1/go.mod h1:IGlFPqhNAPKRxohIzWpI5QEy4kuI7tcl5WvR+8qy1rU=
-github.com/stackql/any-sdk v0.4.2-beta08 h1:LyCWuUAnis8mukHc+2el7shqwAZxalSEOcXkv+b6ZQQ=
-github.com/stackql/any-sdk v0.4.2-beta08/go.mod h1:ZRTGrcDKFLaC+5yWo4OqXVs1HTNxgYM9nQsQDlq0Fe0=
+github.com/stackql/any-sdk v0.4.3-alpha07 h1:TJaVO63sE49q4KSl7RCQtfX82mLB3FANH3FbwuUcj1o=
+github.com/stackql/any-sdk v0.4.3-alpha07/go.mod h1:ZRTGrcDKFLaC+5yWo4OqXVs1HTNxgYM9nQsQDlq0Fe0=
 github.com/stackql/go-suffix-map v0.0.1-alpha01 h1:TDUDS8bySu41Oo9p0eniUeCm43mnRM6zFEd6j6VUaz8=
 github.com/stackql/go-suffix-map v0.0.1-alpha01/go.mod h1:QAi+SKukOyf4dBtWy8UMy+hsXXV+yyEE4vmBkji2V7g=
 github.com/stackql/psql-wire v0.1.2-alpha01 h1:RMBRURGspmSNqm2/sgoEc+D6Sri2y/3drjl4nKlOOi4=

internal/stackql/docparser/doc_parser.go

@@ -71,7 +71,7 @@ func OpenapiStackQLTabulationsPersistor(
 	for _, tblt := range tabluationsAnnotated {
 		ddl, ddlErr := drmCfg.GenerateDDL(tblt, prov, svc, resource, m, isAwait, discoveryGenerationID, false, true)
 		if ddlErr != nil {
-			displayErr := fmt.Errorf("error generating DDL: %w", err)
+			displayErr := fmt.Errorf("error generating DDL: %w", ddlErr)
 			logging.GetLogger().Infoln(displayErr.Error())
 			txn.Rollback() //nolint:errcheck // TODO: investigate
 			return discoveryGenerationID, displayErr

internal/stackql/driver/driver_defaulted_integration_test.go

@@ -0,0 +1,129 @@
+package driver_test
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"runtime"
+	"testing"
+
+	"github.com/stackql/any-sdk/pkg/dto"
+	. "github.com/stackql/stackql/internal/stackql/driver"
+	"github.com/stackql/stackql/internal/stackql/util"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/stackql/stackql/internal/stackql/handler"
+
+	"github.com/stackql/stackql/internal/test/stackqltestutil"
+	"github.com/stackql/stackql/internal/test/testobjects"
+
+	lrucache "github.com/stackql/stackql-parser/go/cache"
+)
+
+func getRuntimeCtx(providerStr string, outputFmtStr string, testName string) (*dto.RuntimeCtx, error) {
+	saKeyPath, err := util.GetFilePathFromRepositoryRoot("internal/stackql/driver/testdata/dummy_credentials/dummy-sa-key.json")
+	if err != nil {
+		return nil, fmt.Errorf("test failed on %s: %v", saKeyPath, err)
+	}
+	oktaSaKeyPath, err := util.GetFilePathFromRepositoryRoot("internal/stackql/driver/testdata/dummy_credentials/okta-api-key.txt")
+	if err != nil {
+		return nil, fmt.Errorf("test failed on %s: %v", oktaSaKeyPath, err)
+	}
+	appRoot, err := util.GetFilePathFromRepositoryRoot("internal/stackql/driver/testdata/.stackql")
+	if err != nil {
+		return nil, fmt.Errorf("test failed on %s: %v", appRoot, err)
+	}
+	dbInitFilePath, err := util.GetFilePathFromRepositoryRoot("test/db/sqlite/setup.sql")
+	if err != nil {
+		return nil, fmt.Errorf("test failed on %s: %v", dbInitFilePath, err)
+	}
+	registryRoot, err := util.GetFilePathFromRepositoryRoot("internal/stackql/driver/testdata/registry")
+	if err != nil {
+		return nil, fmt.Errorf("test failed on %s: %v", registryRoot, err)
+	}
+	return &dto.RuntimeCtx{
+		Delimiter:                 ",",
+		ProviderStr:               providerStr,
+		LogLevelStr:               "warn",
+		ApplicationFilesRootPath:  appRoot,
+		AuthRaw:                   fmt.Sprintf(`{ "google": { "credentialsfilepath": "%s" }, "okta": { "credentialsfilepath": "%s", "type": "api_key" } }`, saKeyPath, oktaSaKeyPath),
+		RegistryRaw:               fmt.Sprintf(`{ "url": "file://%s", "localDocRoot": "%s", "useEmbedded": false, "verifyConfig": { "nopVerify": true } }`, registryRoot, registryRoot),
+		OutputFormat:              outputFmtStr,
+		SQLBackendCfgRaw:          fmt.Sprintf(`{ "dbInitFilepath": "%s", "dsn": "file:%s?mode=memory&cache=shared" }`, dbInitFilePath, testName),
+		ExecutionConcurrencyLimit: 1,
+		VarList:                   []string{"test_var=test_value"},
+		IndirectDepthMax:          5, //nolint:mnd // test config value
+	}, nil
+}
+
+//nolint:lll // legacy test
+func TestDefaultedHttpClientIntegration(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("skipping test on Windows")
+	}
+	t.Setenv("AWS_SECRET_ACCESS_KEY", "some-junk")
+	t.Setenv("AWS_ACCESS_KEY_ID", "some-other-junk")
+	runtimeCtx, err := getRuntimeCtx(testobjects.GetGoogleProviderString(), "text", "TestSimpleSelectGoogleComputeInstanceDriver")
+	if err != nil {
+		t.Fatalf("Test failed: %v", err)
+	}
+	runtimeCtx.AllowInsecure = true
+
+	inputBundle, err := stackqltestutil.BuildInputBundle(*runtimeCtx)
+	if err != nil {
+		t.Fatalf("Test failed: %v", err)
+	}
+
+	expectedHost := "my-test-bucket.s3-ap-southeast-2.amazonaws.com"
+
+	reponseCounter := 0
+
+	tlsServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		defer r.Body.Close()
+		io.Copy(io.Discard, r.Body)
+		assert.Equal(t, r.Host, expectedHost, "expected host does not match actual host")
+		w.WriteHeader(http.StatusOK)
+		reponseCounter++
+	}))
+	t.Cleanup(tlsServer.Close)
+
+	baseTransport := tlsServer.Client().Transport.(*http.Transport)
+	dummyClient := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig:   baseTransport.TLSClientConfig,
+			DisableKeepAlives: true,
+			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
+				return net.Dial("tcp", tlsServer.Listener.Addr().String())
+			},
+		},
+	}
+
+	testingQuery := `SELECT * FROM aws.s3.bucket_acls WHERE Bucket = 'my-test-bucket' AND created_date = '2024-01-01T00:00:00Z' AND region = 'ap-southeast-2';`
+
+	handlerCtx, err := handler.NewHandlerCtx(
+		testingQuery,
+		*runtimeCtx,
+		lrucache.NewLRUCache(int64(runtimeCtx.QueryCacheSize)),
+		inputBundle,
+		"v0.1.0",
+	)
+
+	handlerCtx.SetDefaultHTTPClient(dummyClient)
+
+	dr, _ := NewStackQLDriver(handlerCtx)
+
+	if err != nil {
+		t.Fatalf("Test failed: %v", err)
+	}
+
+	dr.ProcessQuery(handlerCtx.GetRawQuery())
+
+	if reponseCounter != 1 {
+		t.Fatalf("Test failed: expected 1 request to test server, got %d", reponseCounter)
+	}
+
+	t.Logf("simple select driver integration test passed")
+}

internal/stackql/driver/testdata/dummy_credentials/dummy-sa-key.json

@@ -0,0 +1,12 @@
+{
+  "type": "service_account",
+  "project_id": "silly-project-01",
+  "private_key_id": "silly-key-id",
+  "private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEAsTfIs92qRg+srgviU9EHJfcgjn/38QFJTa0xYPSNSLSj4hXw\niyPyZ4ih6nIfW2NP4tvwK3piQrmHx/pQesrp5exKF3b97tf+Cvf9gM+i/3wJGhEb\nE24Py91+/5aXf6TfkuhNutZ3v5qzHYRtWcr3AXcD2WAThF6hxmvQTFTYqcyUb6vl\nt7evG6OleifU5rAKmD8Odk8Hs1skwAmlWjWT1uouWVegFv53a8eUilNiBSnYy/PA\nYchL2fGI8Os+CFyju+ns6dG9H7bAOywvZZaTzlVNvJ42gop03l5xzEwHkUKlcukg\nhyDtP5FTeD5liYUJ/Xqq6Xn6Rjck/AgTwqYePwIDAQABAoIBAQCdS08X3oJ4hwcU\nwDWVgW1f1DYQZSLzxdmDWVr/nHAefT8Mt752MWTBYnOcfMi6O663Q9GrNYgrgzMy\nW0m9g4cRbaXhp9sBeLLil3RpNWKOc1A807v9he39W86SGt7DC9rpMMl1MVC+PxgF\n9fl8/no40aMX+H+6OKhMTntmlNRt+E1WUIGBk9cScb37e+oAStfS0Z6c8kQ9CkOZ\nHwydCtq8gQDpkRYMM3m7j3j9mr2Rma1o8xcBbgbomYn6y2xPQf1B4rs9fb8txngv\nGxA+QSRSXNMQmQFLmoc6d3XHFZQ5LX7atRhHsnt4blb8GNqJg8FsTFED68cWKoNp\n0Lk7c/9xAoGBAOLplpGdg3ezAMtFR5gAi8pV9vGJairJsuBij22uK0rItNkaff4G\nYyciybCKJZfXTcOzYq/CGh8KwxhN6RECmHm+bHfnxFDdHXS8e0bs8oTlR7w3yHs4\nhrplBMCwyAgSsma7s8aNBfdkDlPMxYmvytWdHf3T4mj6C5LGlFzpTLmpAoGBAMfv\naHNPLCoJjvQmNlzboN0sLZYhRl2YgW86mM0MoW7pO4cY4On5twbdFD7AtHIKF4j5\nomsMVfTDvKZ+jbHoJFuvvhozq0T/LpEx5b6d27A4pfacmG0zNaLaopoDYQ6wBvYD\n4L9OScFRrtf/X3ZgLzsmNpEVlqyUU2tbCAJVa5mnAoGBAI7ODVmVNPD3Mc+7ySPr\nbA6p7WDzZ2KIT9ARl0yiqVJGYDKmDpb5NBukNCSrvJ8D/EfmtHwCf2f74O6B0eVH\nqegspJ0NuqpdjjUyja8EXliu52eX/880su3Jt6UBXNJf2fD3vlt90zxvtuicXdGa\nVd/8IqzlVX9VpkT4PtT+arAJAoGAZkmknYG+7Y7QVTaLj3xJ0327oNhLQK06YyaO\ncDFrEew/KUHgJ7Q7IEbRCb3bU5C4M7rLjorUGxJdHK0YXxGOMF48GvmeQQFw2JW3\nnYrzjzecKQw6q3uMkFHc6ICcEkCafxjCzf0GnOHmWtlrBIv2/gLx3c42tPp5py3+\nbfs3vncCgYEA0x6tF67q3zt+daUMUox6LimkkDJLsfqnmKjvHFAhKQaqOObWaody\nfGOzlf/KLX15uicYWeCwRrs03OjBfk6LEtVddsZOrjJEp8+6gA8KEf58MJhNuRVj\no3qSe9po1TMj0/hvzd32klXslpqQjXFjm9U3lAxfcRdgWsG7SciOAAs=\n-----END RSA PRIVATE KEY-----\n",
+  "client_email": "[email protected]",
+  "client_id": "11",
+  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+  "token_uri": "https://oauth2.googleapis.com/token",
+  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/silly-sa%40silly-project-01.iam.gserviceaccount.com"
+}

internal/stackql/driver/testdata/dummy_credentials/okta-api-key.txt

@@ -0,0 +1 @@
+some-dummy-api-key

internal/stackql/driver/testdata/registry/src/aws/v0.1.0/provider.yaml

@@ -0,0 +1,126 @@
+id: aws
+name: aws
+version: v0.1.0
+providerServices:
+  acmpca:
+    description: acmpca
+    id: acmpca:v0.1.0
+    name: acmpca
+    preferred: true
+    service:
+      $ref: aws/v0.1.0/services/acmpca.yaml
+    title: acmpca API
+    version: v0.1.0
+  cloud_control:
+    description: cloud_control
+    id: cloud_control:v0.1.0
+    name: cloud_control
+    preferred: true
+    service:
+      $ref: aws/v0.1.0/services/cloud_control.yaml
+    title: Cloud Control API
+    version: v0.1.0
+  ce_native:
+    description: ce_native
+    id: ce_native:v0.1.0
+    name: ce_native
+    preferred: true
+    service:
+      $ref: aws/v0.1.0/services/ce_native.yaml
+    title: ce_native API
+    version: v0.1.0
+  cloud_control_legacy:
+    description: cloud_control_legacy
+    id: cloud_control_legacy:v0.1.0
+    name: cloud_control_legacy
+    preferred: true
+    service:
+      $ref: aws/v0.1.0/services/cloud_control_legacy.yaml
+    title: Cloud Control Legacy API
+    version: v0.1.0
+  cloudhsm:
+    description: cloud_hsm
+    id: cloud_hsm:v2.0.0
+    name: cloudhsm
+    preferred: true
+    service:
+      $ref: aws/v0.1.0/services/cloudhsm.yaml
+    title: Cloud HSM API
+    version: v2.0.0
+  cloud_watch:
+    description: cloud_watch
+    id: cloud_watch:v0.1.0
+    name: cloud_watch
+    preferred: true
+    service:
+      $ref: aws/v0.1.0/services/cloudwatch.yaml
+    title: Cloud Control API
+    version: v0.1.0
+  ec2:
+    description: ec2
+    id: ec2:v0.1.0
+    name: ec2
+    preferred: true
+    service:
+      $ref: aws/v0.1.0/services/ec2.yaml
+    title: EC2
+    version: v0.1.0
+  ec2_nextgen:
+    description: ec2_nextgen
+    id: ec2_nextgen:v0.1.0
+    name: ec2_nextgen
+    preferred: true
+    service:
+      $ref: aws/v0.1.0/services/ec2_nextgen.yaml
+    title: EC2 NextGen
+  iam:
+    description: iam
+    id: iam:v0.1.0
+    name: ec2
+    preferred: true
+    service:
+      $ref: aws/v0.1.0/services/iam.yaml
+    title: IAM
+    version: v0.1.0
+  pseudo_s3:
+    description: pseudo_s3
+    id: pseudo_s3:v0.1.0
+    name: pseudo_s3
+    preferred: true
+    service:
+      $ref: aws/v0.1.0/services/pseudo_s3.yaml
+    title: Pseudo S3 API
+    version: v0.1.0
+  route53:
+    description: route53
+    id: route53:v0.1.0
+    name: route53
+    preferred: true
+    service:
+      $ref: aws/v0.1.0/services/route53.yaml
+    title: Route 53 API
+    version: v0.1.0
+  s3:
+    description: s3
+    id: s3:v0.1.0
+    name: s3
+    preferred: true
+    service:
+      $ref: aws/v0.1.0/services/s3.yaml
+    title: S3
+    version: v0.1.0
+  transfer:
+    description: transfer
+    id: transfer:v0.1.0
+    name: transfer
+    preferred: true
+    service:
+      $ref: aws/v0.1.0/services/transfer.yaml
+    title: Transfer
+    version: v0.1.0
+openapi: 3.0.0
+config:
+  auth:
+    type: "aws_signing_v4"
+    credentialsenvvar: "AWS_SECRET_ACCESS_KEY"
+    keyIDenvvar: "AWS_ACCESS_KEY_ID"