Revert "Revert "Migrate ECR Client to AWS SDK Go V2 (#4512)" (#4539)"

This reverts commit 6422290.

Author: Thean Lim

agent/dockerclient/dockerapi/docker_client_test.go

@@ -36,17 +36,15 @@ import (
 	mock_sdkclient "github.com/aws/amazon-ecs-agent/agent/dockerclient/sdkclient/mocks"
 	mock_sdkclientfactory "github.com/aws/amazon-ecs-agent/agent/dockerclient/sdkclientfactory/mocks"
 	mock_ecr "github.com/aws/amazon-ecs-agent/agent/ecr/mocks"
-	ecrapi "github.com/aws/amazon-ecs-agent/agent/ecr/model/ecr"
 	apicontainerstatus "github.com/aws/amazon-ecs-agent/ecs-agent/api/container/status"
 	apierrors "github.com/aws/amazon-ecs-agent/ecs-agent/api/errors"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/credentials"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/ec2"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/utils/retry"
 	mock_ttime "github.com/aws/amazon-ecs-agent/ecs-agent/utils/ttime/mocks"
-	"github.com/opencontainers/go-digest"
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 
-	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	ecr_types "github.com/aws/aws-sdk-go-v2/service/ecr/types"
 	"github.com/docker/docker/api/types"
 	dockercontainer "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/events"
@@ -56,6 +54,8 @@ import (
 	"github.com/docker/docker/api/types/volume"
 	"github.com/docker/go-connections/nat"
 	"github.com/golang/mock/gomock"
+	"github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -282,7 +282,7 @@ func TestPullImageECRSuccess(t *testing.T) {
 
 	ecrClientFactory.EXPECT().GetClient(authData.ECRAuthData).Return(ecrClient, nil)
 	ecrClient.EXPECT().GetAuthorizationToken(registryID).Return(
-		&ecrapi.AuthorizationData{
+		&ecr_types.AuthorizationData{
 			ProxyEndpoint:      aws.String("https://" + imageEndpoint),
 			AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(username + ":" + password))),
 		}, nil)
@@ -1020,7 +1020,7 @@ func TestContainerEvents(t *testing.T) {
 		anEvent := <-dockerEvents
 		assert.True(t, anEvent.DockerID == "cid30" || anEvent.DockerID == "cid31", "Wrong container id: "+anEvent.DockerID)
 		assert.Equal(t, anEvent.Status, apicontainerstatus.ContainerStopped, "Should be stopped")
-		assert.Equal(t, aws.IntValue(anEvent.ExitCode), 20, "Incorrect exit code")
+		assert.Equal(t, aws.ToInt(anEvent.ExitCode), 20, "Incorrect exit code")
 	}
 
 	containerWithHealthInfo := types.ContainerJSON{
@@ -1771,7 +1771,7 @@ func TestECRAuthCacheWithoutExecutionRole(t *testing.T) {
 
 	ecrClientFactory.EXPECT().GetClient(authData.ECRAuthData).Return(ecrClient, nil).Times(1)
 	ecrClient.EXPECT().GetAuthorizationToken(registryID).Return(
-		&ecrapi.AuthorizationData{
+		&ecr_types.AuthorizationData{
 			ProxyEndpoint:      aws.String("https://" + imageEndpoint),
 			AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(username + ":" + password))),
 			ExpiresAt:          aws.Time(time.Now().Add(10 * time.Hour)),
@@ -1827,7 +1827,7 @@ func TestECRAuthCacheForDifferentRegistry(t *testing.T) {
 
 	ecrClientFactory.EXPECT().GetClient(authData.ECRAuthData).Return(ecrClient, nil).Times(1)
 	ecrClient.EXPECT().GetAuthorizationToken(registryID).Return(
-		&ecrapi.AuthorizationData{
+		&ecr_types.AuthorizationData{
 			ProxyEndpoint:      aws.String("https://" + imageEndpoint),
 			AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(username + ":" + password))),
 			ExpiresAt:          aws.Time(time.Now().Add(10 * time.Hour)),
@@ -1846,7 +1846,7 @@ func TestECRAuthCacheForDifferentRegistry(t *testing.T) {
 	authData.ECRAuthData.RegistryID = "another"
 	ecrClientFactory.EXPECT().GetClient(authData.ECRAuthData).Return(ecrClient, nil).Times(1)
 	ecrClient.EXPECT().GetAuthorizationToken("another").Return(
-		&ecrapi.AuthorizationData{
+		&ecr_types.AuthorizationData{
 			ProxyEndpoint:      aws.String("https://" + imageEndpoint),
 			AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(username + ":" + password))),
 			ExpiresAt:          aws.Time(time.Now().Add(10 * time.Hour)),
@@ -1886,7 +1886,7 @@ func TestECRAuthCacheWithSameExecutionRole(t *testing.T) {
 
 	ecrClientFactory.EXPECT().GetClient(authData.ECRAuthData).Return(ecrClient, nil).Times(1)
 	ecrClient.EXPECT().GetAuthorizationToken(registryID).Return(
-		&ecrapi.AuthorizationData{
+		&ecr_types.AuthorizationData{
 			ProxyEndpoint:      aws.String("https://" + imageEndpoint),
 			AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(username + ":" + password))),
 			ExpiresAt:          aws.Time(time.Now().Add(10 * time.Hour)),
@@ -1941,7 +1941,7 @@ func TestECRAuthCacheWithDifferentExecutionRole(t *testing.T) {
 
 	ecrClientFactory.EXPECT().GetClient(authData.ECRAuthData).Return(ecrClient, nil).Times(1)
 	ecrClient.EXPECT().GetAuthorizationToken(registryID).Return(
-		&ecrapi.AuthorizationData{
+		&ecr_types.AuthorizationData{
 			ProxyEndpoint:      aws.String("https://" + imageEndpoint),
 			AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(username + ":" + password))),
 			ExpiresAt:          aws.Time(time.Now().Add(10 * time.Hour)),
@@ -1962,7 +1962,7 @@ func TestECRAuthCacheWithDifferentExecutionRole(t *testing.T) {
 	})
 	ecrClientFactory.EXPECT().GetClient(authData.ECRAuthData).Return(ecrClient, nil).Times(1)
 	ecrClient.EXPECT().GetAuthorizationToken(registryID).Return(
-		&ecrapi.AuthorizationData{
+		&ecr_types.AuthorizationData{
 			ProxyEndpoint:      aws.String("https://" + imageEndpoint),
 			AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(username + ":" + password))),
 			ExpiresAt:          aws.Time(time.Now().Add(10 * time.Hour)),

agent/dockerclient/dockerauth/ecr.go

@@ -21,13 +21,14 @@ import (
 
 	apicontainer "github.com/aws/amazon-ecs-agent/agent/api/container"
 	"github.com/aws/amazon-ecs-agent/agent/ecr"
-	ecrapi "github.com/aws/amazon-ecs-agent/agent/ecr/model/ecr"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/async"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/credentials"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/logger"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/logger/field"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/utils/retry"
-	"github.com/aws/aws-sdk-go/aws"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
 	log "github.com/cihub/seelog"
 	"github.com/docker/docker/api/types/registry"
 )
@@ -115,7 +116,7 @@ func (authProvider *ecrAuthProvider) getAuthConfigFromCache(key cacheKey) *regis
 		return nil
 	}
 
-	cachedToken, ok := token.(*ecrapi.AuthorizationData)
+	cachedToken, ok := token.(*types.AuthorizationData)
 	if !ok {
 		log.Warnf("Reading ECR credentials from cache failed")
 		return nil
@@ -163,7 +164,7 @@ func (authProvider *ecrAuthProvider) getAuthConfigFromECR(image string, key cach
 
 	// Verify the auth data has the correct format for ECR
 	if ecrAuthData.ProxyEndpoint != nil &&
-		strings.HasPrefix(proxyEndpointScheme+image, aws.StringValue(ecrAuthData.ProxyEndpoint)) &&
+		strings.HasPrefix(proxyEndpointScheme+image, aws.ToString(ecrAuthData.ProxyEndpoint)) &&
 		ecrAuthData.AuthorizationToken != nil {
 
 		// Cache the new token
@@ -173,27 +174,27 @@ func (authProvider *ecrAuthProvider) getAuthConfigFromECR(image string, key cach
 	return registry.AuthConfig{}, fmt.Errorf("ecr auth: AuthorizationData is malformed for %s", image)
 }
 
-func extractToken(authData *ecrapi.AuthorizationData) (registry.AuthConfig, error) {
-	decodedToken, err := base64.StdEncoding.DecodeString(aws.StringValue(authData.AuthorizationToken))
+func extractToken(authData *types.AuthorizationData) (registry.AuthConfig, error) {
+	decodedToken, err := base64.StdEncoding.DecodeString(aws.ToString(authData.AuthorizationToken))
 	if err != nil {
 		return registry.AuthConfig{}, err
 	}
 	parts := strings.SplitN(string(decodedToken), ":", 2)
 	return registry.AuthConfig{
 		Username:      parts[0],
 		Password:      parts[1],
-		ServerAddress: aws.StringValue(authData.ProxyEndpoint),
+		ServerAddress: aws.ToString(authData.ProxyEndpoint),
 	}, nil
 }
 
 // IsTokenValid checks the token is still within it's expiration window. We early expire to allow
 // for timing in calls and add jitter to avoid refreshing all of the tokens at once.
-func (authProvider *ecrAuthProvider) IsTokenValid(authData *ecrapi.AuthorizationData) bool {
+func (authProvider *ecrAuthProvider) IsTokenValid(authData *types.AuthorizationData) bool {
 	if authData == nil || authData.ExpiresAt == nil {
 		return false
 	}
 
-	refreshTime := aws.TimeValue(authData.ExpiresAt).
+	refreshTime := aws.ToTime(authData.ExpiresAt).
 		Add(-1 * retry.AddJitter(MinimumJitterDuration, MinimumJitterDuration))
 
 	return time.Now().Before(refreshTime)

agent/dockerclient/dockerauth/ecr_test.go

@@ -25,11 +25,12 @@ import (
 
 	apicontainer "github.com/aws/amazon-ecs-agent/agent/api/container"
 	mock_ecr "github.com/aws/amazon-ecs-agent/agent/ecr/mocks"
-	ecrapi "github.com/aws/amazon-ecs-agent/agent/ecr/model/ecr"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/async"
 	mock_async "github.com/aws/amazon-ecs-agent/ecs-agent/async/mocks"
 	"github.com/aws/amazon-ecs-agent/ecs-agent/credentials"
-	"github.com/aws/aws-sdk-go/aws"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/assert"
@@ -78,7 +79,7 @@ func TestGetAuthConfigSuccess(t *testing.T) {
 	}
 
 	factory.EXPECT().GetClient(authData).Return(client, nil)
-	client.EXPECT().GetAuthorizationToken(authData.RegistryID).Return(&ecrapi.AuthorizationData{
+	client.EXPECT().GetAuthorizationToken(authData.RegistryID).Return(&types.AuthorizationData{
 		ProxyEndpoint:      aws.String(proxyEndpointScheme + proxyEndpoint),
 		AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(username + ":" + password))),
 	}, nil)
@@ -115,7 +116,7 @@ func TestGetAuthConfigNoMatchAuthorizationToken(t *testing.T) {
 	}
 
 	factory.EXPECT().GetClient(authData).Return(client, nil)
-	client.EXPECT().GetAuthorizationToken(authData.RegistryID).Return(&ecrapi.AuthorizationData{
+	client.EXPECT().GetAuthorizationToken(authData.RegistryID).Return(&types.AuthorizationData{
 		ProxyEndpoint:      aws.String(proxyEndpointScheme + "notproxy"),
 		AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(username + ":" + password))),
 	}, nil)
@@ -150,7 +151,7 @@ func TestGetAuthConfigBadBase64(t *testing.T) {
 	}
 
 	factory.EXPECT().GetClient(authData).Return(client, nil)
-	client.EXPECT().GetAuthorizationToken(authData.RegistryID).Return(&ecrapi.AuthorizationData{
+	client.EXPECT().GetAuthorizationToken(authData.RegistryID).Return(&types.AuthorizationData{
 		ProxyEndpoint:      aws.String(proxyEndpointScheme + "notproxy"),
 		AuthorizationToken: aws.String((username + ":" + password)),
 	}, nil)
@@ -253,7 +254,7 @@ func TestIsTokenValid(t *testing.T) {
 	}
 
 	for _, testCase := range testAuthTimes {
-		testAuthData := &ecrapi.AuthorizationData{
+		testAuthData := &types.AuthorizationData{
 			ProxyEndpoint:      aws.String(testProxyEndpoint),
 			AuthorizationToken: aws.String(testToken),
 			ExpiresAt:          aws.Time(time.Now().Add(testCase.expireIn)),
@@ -300,7 +301,7 @@ func TestAuthorizationTokenCacheMiss(t *testing.T) {
 		endpointOverride: authData.EndpointOverride,
 	}
 
-	dockerAuthData := &ecrapi.AuthorizationData{
+	dockerAuthData := &types.AuthorizationData{
 		ProxyEndpoint:      aws.String(proxyEndpointScheme + proxyEndpoint),
 		AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(username + ":" + password))),
 	}
@@ -330,7 +331,7 @@ func TestAuthorizationTokenCacheHit(t *testing.T) {
 	password := "test_passwd"
 
 	proxyEndpoint := "proxy"
-	testAuthData := &ecrapi.AuthorizationData{
+	testAuthData := &types.AuthorizationData{
 		ProxyEndpoint:      aws.String(proxyEndpointScheme + proxyEndpoint),
 		AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(username + ":" + password))),
 		ExpiresAt:          aws.Time(time.Now().Add(12 * time.Hour)),
@@ -372,7 +373,7 @@ func TestAuthorizationTokenCacheWithCredentialsHit(t *testing.T) {
 	password := "test_passwd"
 
 	proxyEndpoint := "proxy"
-	testAuthData := &ecrapi.AuthorizationData{
+	testAuthData := &types.AuthorizationData{
 		ProxyEndpoint:      aws.String(proxyEndpointScheme + proxyEndpoint),
 		AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(username + ":" + password))),
 		ExpiresAt:          aws.Time(time.Now().Add(12 * time.Hour)),
@@ -419,7 +420,7 @@ func TestAuthorizationTokenCacheHitExpired(t *testing.T) {
 	password := "test_passwd"
 
 	proxyEndpoint := "proxy"
-	testAuthData := &ecrapi.AuthorizationData{
+	testAuthData := &types.AuthorizationData{
 		ProxyEndpoint:      aws.String(proxyEndpointScheme + proxyEndpoint),
 		AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(username + ":" + password))),
 		ExpiresAt:          aws.Time(time.Now()),
@@ -444,7 +445,7 @@ func TestAuthorizationTokenCacheHitExpired(t *testing.T) {
 		endpointOverride: authData.EndpointOverride,
 	}
 
-	dockerAuthData := &ecrapi.AuthorizationData{
+	dockerAuthData := &types.AuthorizationData{
 		ProxyEndpoint:      aws.String(proxyEndpointScheme + proxyEndpoint),
 		AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(username + ":" + password))),
 	}
@@ -476,7 +477,7 @@ func TestExtractECRTokenError(t *testing.T) {
 	password := "test_passwd"
 
 	proxyEndpoint := "proxy"
-	testAuthData := &ecrapi.AuthorizationData{
+	testAuthData := &types.AuthorizationData{
 		ProxyEndpoint: aws.String(proxyEndpointScheme + proxyEndpoint),
 		// This will makes the extract fail
 		AuthorizationToken: aws.String("-"),
@@ -502,7 +503,7 @@ func TestExtractECRTokenError(t *testing.T) {
 		endpointOverride: authData.EndpointOverride,
 	}
 
-	dockerAuthData := &ecrapi.AuthorizationData{
+	dockerAuthData := &types.AuthorizationData{
 		ProxyEndpoint:      aws.String(proxyEndpointScheme + proxyEndpoint),
 		AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(username + ":" + password))),
 	}

agent/ecr/client.go

@@ -14,11 +14,12 @@
 package ecr
 
 import (
+	"context"
 	"fmt"
 	"time"
 
-	ecrapi "github.com/aws/amazon-ecs-agent/agent/ecr/model/ecr"
-	"github.com/aws/aws-sdk-go/aws"
+	ecrservice "github.com/aws/aws-sdk-go-v2/service/ecr"
+	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
 	log "github.com/cihub/seelog"
 )
 
@@ -29,14 +30,14 @@ const (
 
 // ECRClient wrapper interface for mocking
 type ECRClient interface {
-	GetAuthorizationToken(registryId string) (*ecrapi.AuthorizationData, error)
+	GetAuthorizationToken(registryId string) (*types.AuthorizationData, error)
 }
 
 // ECRSDK is an interface that specifies the subset of the AWS Go SDK's ECR
 // client that the Agent uses.  This interface is meant to allow injecting a
 // mock for testing.
 type ECRSDK interface {
-	GetAuthorizationToken(*ecrapi.GetAuthorizationTokenInput) (*ecrapi.GetAuthorizationTokenOutput, error)
+	GetAuthorizationToken(context.Context, *ecrservice.GetAuthorizationTokenInput, ...func(*ecrservice.Options)) (*ecrservice.GetAuthorizationTokenOutput, error)
 }
 
 type ecrClient struct {
@@ -51,11 +52,11 @@ func NewECRClient(sdkClient ECRSDK) ECRClient {
 }
 
 // GetAuthorizationToken calls the ecr api to get the docker auth for the specified registry
-func (client *ecrClient) GetAuthorizationToken(registryId string) (*ecrapi.AuthorizationData, error) {
+func (client *ecrClient) GetAuthorizationToken(registryId string) (*types.AuthorizationData, error) {
 	log.Debugf("Calling GetAuthorizationToken for %q", registryId)
 
-	output, err := client.sdkClient.GetAuthorizationToken(&ecrapi.GetAuthorizationTokenInput{
-		RegistryIds: []*string{aws.String(registryId)},
+	output, err := client.sdkClient.GetAuthorizationToken(context.TODO(), &ecrservice.GetAuthorizationTokenInput{
+		RegistryIds: []string{registryId},
 	})
 
 	if err != nil {
@@ -65,5 +66,5 @@ func (client *ecrClient) GetAuthorizationToken(registryId string) (*ecrapi.Autho
 	if len(output.AuthorizationData) != 1 {
 		return nil, fmt.Errorf("unexpected number of results in AuthorizationData (%d)", len(output.AuthorizationData))
 	}
-	return output.AuthorizationData[0], nil
+	return &output.AuthorizationData[0], nil
 }

agent/ecr/client_test.go

@@ -18,13 +18,14 @@
 package ecr_test
 
 import (
+	"context"
 	"errors"
 	"testing"
 
 	"github.com/aws/amazon-ecs-agent/agent/ecr"
 	mock_ecr "github.com/aws/amazon-ecs-agent/agent/ecr/mocks"
-	ecrapi "github.com/aws/amazon-ecs-agent/agent/ecr/model/ecr"
-	"github.com/aws/aws-sdk-go/aws"
+	ecrservice "github.com/aws/aws-sdk-go-v2/service/ecr"
+	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
@@ -57,10 +58,11 @@ func (suite *GetAuthorizationTokenTestSuite) TeardownTest() {
 
 func (suite *GetAuthorizationTokenTestSuite) TestGetAuthorizationTokenMissingAuthData() {
 	suite.mockClient.EXPECT().GetAuthorizationToken(
-		&ecrapi.GetAuthorizationTokenInput{
-			RegistryIds: []*string{aws.String(testRegistryId)},
-		}).Return(&ecrapi.GetAuthorizationTokenOutput{
-		AuthorizationData: []*ecrapi.AuthorizationData{},
+		context.TODO(),
+		&ecrservice.GetAuthorizationTokenInput{
+			RegistryIds: []string{testRegistryId},
+		}).Return(&ecrservice.GetAuthorizationTokenOutput{
+		AuthorizationData: []types.AuthorizationData{},
 	}, nil)
 
 	authorizationData, err := suite.ecrClient.GetAuthorizationToken(testRegistryId)
@@ -70,8 +72,9 @@ func (suite *GetAuthorizationTokenTestSuite) TestGetAuthorizationTokenMissingAut
 
 func (suite *GetAuthorizationTokenTestSuite) TestGetAuthorizationTokenError() {
 	suite.mockClient.EXPECT().GetAuthorizationToken(
-		&ecrapi.GetAuthorizationTokenInput{
-			RegistryIds: []*string{aws.String(testRegistryId)},
+		context.TODO(),
+		&ecrservice.GetAuthorizationTokenInput{
+			RegistryIds: []string{testRegistryId},
 		}).Return(nil, errors.New("Nope Nope Nope"))
 
 	authorizationData, err := suite.ecrClient.GetAuthorizationToken(testRegistryId)