Feat/kinesis binding vmware go kcl v2 latest

[swatimodi-scout]

Description

This PR includes two key improvements to the AWS Kinesis input binding:

• Upgrade to vmware-go-kcl-v2
  • Updated the Kinesis consumer dependency from the legacy vmware-go-kcl to vmware-go-kcl-v2.
  • Motivation: The original library is no longer actively maintained and lacks critical bug fixes and performance improvements.
  • Changes:
    • Updated go.mod to reference github.com/vmware/vmware-go-kcl-v2.
    • Adjusted import paths and updated worker configuration to align with the new v2 APIs.
    • Verified compatibility with existing Kinesis input binding behavior through unit and integration tests.
• Fix for nil pointer reference in Kinesis input binding
  • Resolved a bug where the binding attempted to resolve the stream ARN unconditionally, even when KinesisConsumerMode was set to SharedThroughput (default mode).
  • Issue: The binding was calling authProvider.Kinesis().Stream(...) regardless of the configured consumer mode.
  • Impact: When running in SharedThroughput mode (such as with LocalStack), this caused nil pointer errors if the stream was unavailable or uninitialized.
  • Fix: Added a conditional check so that stream ARN resolution only occurs when KinesisConsumerMode is set to ExtendedFanout.

These changes improve stability and maintainability of the Kinesis input binding, ensuring compatibility with LocalStack and future AWS SDK updates.

Issue reference

We strive to have all PR being opened based on an issue, where the problem or feature have been discussed prior to implementation.

Please reference the issue this PR will close: #[3980, 3985]

Checklist

Please make sure you've completed the relevant tasks for this PR, out of the following list:

• Code compiles correctly
• Created/updated tests
• Extended the documentation
  • Created the dapr/docs PR: <insert PR link here>

Note: We expect contributors to open a corresponding documentation PR in the dapr/docs repository. As the implementer, you are the best person to document your work! Implementation PRs will not be merged until the documentation PR is opened and ready for review.

[sicoyle]

thank you for your contribution to the Dapr project 🙌 - few comments :)

[sicoyle]

can you please share some insights on why the additional field here?

[swatimodi-scout]

can you please share some insights on why the additional field here?

applicationName is required for KCL (Kinesis Client Library) worker configuration in shared throughput mode. It identifies the consumer application and is used for DynamoDB table naming and checkpointing.

Without applicationName we were facing an error.

[acroca]

I'd move this field next to consumerMode. And the comment is not necessary if you ask me, I'd remove it for consistency, but feel free to keep if you think it's useful :)

[swatimodi-scout]

I'd move this field next to consumerMode. And the comment is not necessary if you ask me, I'd remove it for consistency, but feel free to keep if you think it's useful :)

Done

[sicoyle]

why are we ignoring the err here? If we are updating to use v2 then can you make the v2 creds provider be the default and if err then maybe try the v1 and then err from there? but pls reference the other aws components to see the auth flow so we can ensure that we standardize on this for when using v2 sdks.

[swatimodi-scout]

why are we ignoring the err here? If we are updating to use v2 then can you make the v2 creds provider be the default and if err then maybe try the v1 and then err from there? but pls reference the other aws components to see the auth flow so we can ensure that we standardize on this for when using v2 sdks.

Done please verify this.

[acroca]

The git history of this PR seems odd, lots of those commits are unrelated. Do you mind cleaning it up so it only contains commits related to this change?

[swatimodi-scout]

The git history of this PR seems odd, lots of those commits are unrelated. Do you mind cleaning it up so it only contains commits related to this change?

@acroca Thanks for the feedback! I’ve cleaned up the branch history — the PR now contains only the relevant commit for this change. Please let me know if anything else needs adjustment.

[acroca]

I'd move this field next to consumerMode. And the comment is not necessary if you ask me, I'd remove it for consistency, but feel free to keep if you think it's useful :)

[acroca]

I think the comment is not necessary

[swatimodi-scout]

I think the comment is not necessary

Done

[acroca]

In which cases would v2 fail, but v1 work?

[swatimodi-scout]

In which cases would v2 fail, but v1 work?

@acroca

Good question! You're right to point that out. Looking at this more carefully, the v2 fallback to v1 scenario is actually quite rare and adds unnecessary complexity.

In practice, both v1 and v2 SDKs use the same underlying credential sources (env vars, credential files, IAM roles, etc.), so if v2 fails to load credentials, v1 would likely fail for the same reason.

Since we already have validated v1 credentials from the established session, I've simplified this to directly use those credentials and convert them to v2 format for KCL compatibility. This is more reliable and removes the redundant credential resolution logic.

Updated the code to use the existing session credentials directly - much cleaner approach! 👍

[acroca]

It feels wrong to have both v1 and v2 living together. Can't we migrate completely to v2?

[swatimodi-scout]

It feels wrong to have both v1 and v2 living together. Can't we migrate completely to v2?

Done please review it.

[acroca]

I don't think this works, it's not wired up to the refresh at all.
I think it was better before, but the conversion from v1 credentials to v2 should be done in the KinesisClients.New, which is called in the refresh operations.
This way, you can convert all kinesis to v2 and only do the v1->v2 in the New right?

[javier-aliaga]

thansks @swatimodi-scout! What if you fully migrate the aws client to v2? you do not need to migrate all other components, it would be something similar to this PR that @mikeee is working on.

[swatimodi-scout]

thansks @swatimodi-scout! What if you fully migrate the aws client to v2? you do not need to migrate all other components, it would be something similar to this PR that @mikeee is working on.

@javier-aliaga Yes, that makes sense. However, we’re not migrating the entire AWS SDK version at this stage — my current change focuses only on updating vmware-go-kcl to vmware-go-kcl-v2.

Would you prefer that I continue implementing the AWS SDK v2 changes for Kinesis within this same PR, or should I move that work to a separate PR?

[swatimodi-scout]

I don't think this works, it's not wired up to the refresh at all. I think it was better before, but the conversion from v1 credentials to v2 should be done in the KinesisClients.New, which is called in the refresh operations. This way, you can convert all kinesis to v2 and only do the v1->v2 in the New right?

@acroca I updated in KinesisClients.New. It is working i checked in local. Let me know if i need to revert back to previous version where we were supporting both v1 and v2.

[javier-aliaga]

I think you can do it in the same PR as changing to aws-sdk-v2 is related to update the vmware-go-kcl-v2

[javier-aliaga]

@mikeee I updated the aws-sdk-v2 issue to track it
#3896

[swatimodi-scout]

I think you can do it in the same PR as changing to aws-sdk-v2 is related to update the vmware-go-kcl-v2

@javier-aliaga Please review the code.

[javier-aliaga]

To migrate to aws sdk V2 move this out to the kinesis.go file and create and store the client there. No references to sdk v2 should be here

[swatimodi-scout]

To migrate to aws sdk V2 move this out to the kinesis.go file and create and store the client there. No references to sdk v2 should be here

@javier-aliaga All AWS resource clients are currently defined in client.go. Is there any specific reason we should move only the Kinesis client out of this file?

[swatimodi-scout]

To migrate to aws sdk V2 move this out to the kinesis.go file and create and store the client there. No references to sdk v2 should be here

Done please review it

[swatimodi-scout]

@mikeee @javier-aliaga Requested changes are done. Please review it.

[javier-aliaga]

@swatimodi-scout linting is failing, can you fix it?

[rideshnath-scout]

@swatimodi-scout linting is failing, can you fix it?

@javier-aliaga I have fixed the lint issue, please check

[mikeee]

Linter issue - complaining of the need to run goimports at the least (or golangci-lint run --fix)

The changes to /common/authentication/aws should also be reverted if the package is not being referenced in this PR.

[mikeee]

/ok-to-test

[dapr-bot]

Complete Build Matrix

The build status is currently not updated here. Please visit the action run below directly.

🔗 Link to Action run

Commit ref: d8f5103

[dapr-bot]

Components certification test

🔗 Link to Action run

Commit ref: d8f5103

❌ Some certification tests failed

These tests failed:

• bindings.azure.blobstorage
• bindings.azure.cosmosdb
• bindings.azure.eventhubs
• bindings.azure.servicebusqueues
• bindings.azure.storagequeues
• bindings.aws.s3
• bindings.cron
• bindings.dubbo
• bindings.zeebe.command
• bindings.zeebe.jobworker
• bindings.kafka
• bindings.kitex
• bindings.localstorage
• bindings.postgres
• bindings.rabbitmq
• bindings.redis
• configuration.postgres
• configuration.redis
• middleware.http.bearer
• middleware.http.ratelimit
• middleware.http.opa
• pubsub.aws.snssqs
• pubsub.gcp.pubsub
• pubsub.azure.eventhubs
• pubsub.azure.servicebus.topics
• pubsub.kafka
• pubsub.mqtt3
• pubsub.pulsar
• pubsub.rabbitmq
• secretstores.azure.keyvault
• secretstores.hashicorp.vault
• secretstores.local.env
• secretstores.local.file
• state.aws.dynamodb
• state.azure.blobstorage
• state.azure.cosmosdb
• state.azure.tablestorage
• state.cassandra
• state.cockroachdb.v1
• state.memcached
• state.mongodb
• state.mysql
• state.postgresql.v1
• state.postgresql.v2
• state.redis
• state.sqlite
• state.sqlserver
• state.sqlserver.v2
• state.gcp.firestore

Additionally, some tests did not report a status:

• bindings.azure.blobstorage
• bindings.azure.cosmosdb
• bindings.azure.eventhubs
• bindings.azure.servicebusqueues
• bindings.azure.storagequeues
• bindings.aws.s3
• bindings.cron
• bindings.dubbo
• bindings.zeebe.command
• bindings.zeebe.jobworker
• bindings.kafka
• bindings.kitex
• bindings.localstorage
• bindings.postgres
• bindings.rabbitmq
• bindings.redis
• configuration.postgres
• configuration.redis
• middleware.http.bearer
• middleware.http.ratelimit
• middleware.http.opa
• pubsub.aws.snssqs
• pubsub.gcp.pubsub
• pubsub.azure.eventhubs
• pubsub.azure.servicebus.topics
• pubsub.kafka
• pubsub.mqtt3
• pubsub.pulsar
• pubsub.rabbitmq
• secretstores.azure.keyvault
• secretstores.hashicorp.vault
• secretstores.local.env
• secretstores.local.file
• state.aws.dynamodb
• state.azure.blobstorage
• state.azure.cosmosdb
• state.azure.tablestorage
• state.cassandra
• state.cockroachdb.v1
• state.memcached
• state.mongodb
• state.mysql
• state.postgresql.v1
• state.postgresql.v2
• state.redis
• state.sqlite
• state.sqlserver
• state.sqlserver.v2
• state.gcp.firestore

[dapr-bot]

Components conformance test

🔗 Link to Action run

Commit ref: d8f5103

❌ Some conformance tests failed

These tests failed:

• bindings.azure.blobstorage
• bindings.azure.cosmosdb
• bindings.azure.eventgrid
• bindings.azure.eventhubs
• bindings.azure.servicebusqueues
• bindings.azure.storagequeues
• bindings.aws.s3.terraform
• bindings.cron
• bindings.http
• bindings.influx
• bindings.kafka-confluent
• bindings.kafka-wurstmeister
• bindings.kubemq
• bindings.mqtt3-emqx
• bindings.mqtt3-mosquitto
• bindings.mqtt3-vernemq
• bindings.postgresql.docker
• bindings.postgresql.azure
• bindings.rabbitmq
• bindings.redis.v6
• bindings.redis.v7
• configuration.postgresql.docker
• configuration.postgresql.azure
• configuration.redis.v6
• configuration.redis.v7
• crypto.azure.keyvault
• crypto.localstorage
• crypto.jwks
• lock.redis.v6
• lock.redis.v7
• pubsub.aws.snssqs.terraform
• pubsub.gcp.pubsub.terraform
• pubsub.azure.eventhubs
• pubsub.azure.servicebus.queues
• pubsub.azure.servicebus.topics
• pubsub.in-memory
• pubsub.jetstream
• pubsub.kafka-confluent
• pubsub.kafka-wurstmeister
• pubsub.kubemq
• pubsub.mqtt3-emqx
• pubsub.mqtt3-vernemq
• pubsub.pulsar
• pubsub.rabbitmq
• pubsub.redis.v6
• pubsub.solace
• secretstores.azure.keyvault.certificate
• secretstores.azure.keyvault.serviceprincipal
• secretstores.hashicorp.vault
• secretstores.kubernetes
• secretstores.local.env
• secretstores.local.file
• secretstores.aws.secretsmanager.terraform
• secretstores.aws.secretsmanager.docker
• state.aws.dynamodb.terraform
• state.azure.blobstorage.v2
• state.azure.blobstorage.v1
• state.azure.cosmosdb
• state.azure.sql
• state.azure.tablestorage.cosmosdb
• state.azure.tablestorage.storage
• state.cassandra
• state.cloudflare.workerskv
• state.cockroachdb.v1
• state.etcd.v1
• state.etcd.v2
• state.in-memory
• state.memcached
• state.mongodb
• state.mysql.mariadb
• state.mysql.mysql
• state.oracledatabase
• state.postgresql.v1.docker
• state.postgresql.v1.azure
• state.postgresql.v2.docker
• state.postgresql.v2.azure
• state.redis.v6
• state.redis.v7
• state.rethinkdb
• state.sqlite
• state.sqlserver
• state.sqlserver.v2
• state.sqlserver.docker
• state.sqlserver.v2.docker
• state.gcp.firestore.cloud

Additionally, some tests did not report a status:

• bindings.azure.blobstorage
• bindings.azure.cosmosdb
• bindings.azure.eventgrid
• bindings.azure.eventhubs
• bindings.azure.servicebusqueues
• bindings.azure.storagequeues
• bindings.aws.s3.terraform
• bindings.cron
• bindings.http
• bindings.influx
• bindings.kafka-confluent
• bindings.kafka-wurstmeister
• bindings.kubemq
• bindings.mqtt3-emqx
• bindings.mqtt3-mosquitto
• bindings.mqtt3-vernemq
• bindings.postgresql.docker
• bindings.postgresql.azure
• bindings.rabbitmq
• bindings.redis.v6
• bindings.redis.v7
• configuration.postgresql.docker
• configuration.postgresql.azure
• configuration.redis.v6
• configuration.redis.v7
• crypto.azure.keyvault
• crypto.localstorage
• crypto.jwks
• lock.redis.v6
• lock.redis.v7
• pubsub.aws.snssqs.terraform
• pubsub.gcp.pubsub.terraform
• pubsub.azure.eventhubs
• pubsub.azure.servicebus.queues
• pubsub.azure.servicebus.topics
• pubsub.in-memory
• pubsub.jetstream
• pubsub.kafka-confluent
• pubsub.kafka-wurstmeister
• pubsub.kubemq
• pubsub.mqtt3-emqx
• pubsub.mqtt3-vernemq
• pubsub.pulsar
• pubsub.rabbitmq
• pubsub.redis.v6
• pubsub.solace
• secretstores.azure.keyvault.certificate
• secretstores.azure.keyvault.serviceprincipal
• secretstores.hashicorp.vault
• secretstores.kubernetes
• secretstores.local.env
• secretstores.local.file
• secretstores.aws.secretsmanager.terraform
• secretstores.aws.secretsmanager.docker
• state.aws.dynamodb.terraform
• state.azure.blobstorage.v2
• state.azure.blobstorage.v1
• state.azure.cosmosdb
• state.azure.sql
• state.azure.tablestorage.cosmosdb
• state.azure.tablestorage.storage
• state.cassandra
• state.cloudflare.workerskv
• state.cockroachdb.v1
• state.etcd.v1
• state.etcd.v2
• state.in-memory
• state.memcached
• state.mongodb
• state.mysql.mariadb
• state.mysql.mysql
• state.oracledatabase
• state.postgresql.v1.docker
• state.postgresql.v1.azure
• state.postgresql.v2.docker
• state.postgresql.v2.azure
• state.redis.v6
• state.redis.v7
• state.rethinkdb
• state.sqlite
• state.sqlserver
• state.sqlserver.v2
• state.sqlserver.docker
• state.sqlserver.v2.docker
• state.gcp.firestore.cloud

[swatimodi-scout]

@mikeee @acroca Is there anything required from our side now?

[swatimodi-scout]

@mikeee @acroca Could you please merge this PR if everything looks good to you?

[mikeee]

My last review comment still stands

[swatimodi-scout]

The changes to /common/authentication/aws should also be reverted if the package is not being referenced in this PR.

Are you talking about this change? - The changes to /common/authentication/aws should also be reverted if the package is not being referenced in this PR.

[rideshnath-scout]

/common/authentication/aws

@mikeee I have reverted the changes.

[swatimodi-scout]

My last review comment still stands

Done please review the changes

[mikeee]

Q:

I'm not sure on this but I believe all the aws service clients use the a default number of retries built-in which I'm not aware of us customising.

What is the significance of the magic number (18) used and does this mean for these requests the Nopretryer should be used here, and are we iterating more than the intended number of times?

[rideshnath-scout]

@mikeee You're absolutely right to question this! The magic number 18 appears to be implementing a custom polling mechanism.
Let me fix this by implementing a proper polling mechanism with exponential backoff instead of the this.

[rideshnath-scout]

@mikeee Could you please check and let me know if any changes are needed ?

[mikeee]

Lgtm, just noting that I haven't got an environment set up to test this and we don't have certification/conformance test coverage for this binding. A bonus definitely would be if you could write some e2e tests I can set up the resources on our aws account for them.

https://github.com/dapr/components-contrib/tree/main/tests/certification/bindings/aws/s3

[swatimodi-scout]

Lgtm, just noting that I haven't got an environment set up to test this and we don't have certification/conformance test coverage for this binding. A bonus definitely would be if you could write some e2e tests I can set up the resources on our aws account for them.

https://github.com/dapr/components-contrib/tree/main/tests/certification/bindings/aws/s3

@mikeee Thanks for the review. We’ve tested the changes locally, and everything is working as expected. Would it be possible to merge this PR at the earliest? We can follow up by adding the e2e test cases separately afterward.