update s3 datasource to aws sdk v2

mmetc · mmetc · commit e7346366d35b · 2025-09-21T23:13:36.000+02:00
diff --git a/.golangci.yml b/.golangci.yml
@@ -462,6 +462,11 @@ linters:
         path: cmd/notification-file/main.go
         text: found a struct that contains a context.Context field
 
+      - linters:
+          - containedctx
+        path: pkg/acquisition/modules/s3/s3.go
+        text: found a struct that contains a context.Context field
+
       # migrate over time
 
       - linters:
diff --git a/go.mod b/go.mod
@@ -12,6 +12,11 @@ require (
 	github.com/appleboy/gin-jwt/v2 v2.10.3
 	github.com/aws/aws-lambda-go v1.47.0
 	github.com/aws/aws-sdk-go v1.52.0
+	github.com/aws/aws-sdk-go-v2 v1.38.3
+	github.com/aws/aws-sdk-go-v2/config v1.31.6
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.4
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.87.3
+	github.com/aws/aws-sdk-go-v2/service/sqs v1.42.3
 	github.com/beevik/etree v1.4.1
 	github.com/blackfireio/osinfo v1.1.0 // indirect
 	github.com/bluele/gcache v0.0.2
@@ -100,6 +105,21 @@ require (
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.18.10 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.6 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.29.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.38.2 // indirect
+	github.com/aws/smithy-go v1.23.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bmatcuk/doublestar v1.3.4 // indirect
 	github.com/bytedance/sonic v1.13.2 // indirect
diff --git a/go.sum b/go.sum
@@ -48,6 +48,46 @@ github.com/aws/aws-lambda-go v1.47.0 h1:0H8s0vumYx/YKs4sE7YM0ktwL2eWse+kfopsRI1s
 github.com/aws/aws-lambda-go v1.47.0/go.mod h1:dpMpZgvWx5vuQJfBt0zqBha60q7Dd7RfgJv23DymV8A=
 github.com/aws/aws-sdk-go v1.52.0 h1:ptgek/4B2v/ljsjYSEvLQ8LTD+SQyrqhOOWvHc/VGPI=
 github.com/aws/aws-sdk-go v1.52.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
+github.com/aws/aws-sdk-go-v2 v1.38.3 h1:B6cV4oxnMs45fql4yRH+/Po/YU+597zgWqvDpYMturk=
+github.com/aws/aws-sdk-go-v2 v1.38.3/go.mod h1:sDioUELIUO9Znk23YVmIk86/9DOpkbyyVb1i/gUNFXY=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1 h1:i8p8P4diljCr60PpJp6qZXNlgX4m2yQFpYk+9ZT+J4E=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1/go.mod h1:ddqbooRZYNoJ2dsTwOty16rM+/Aqmk/GOXrK8cg7V00=
+github.com/aws/aws-sdk-go-v2/config v1.31.6 h1:a1t8fXY4GT4xjyJExz4knbuoxSCacB5hT/WgtfPyLjo=
+github.com/aws/aws-sdk-go-v2/config v1.31.6/go.mod h1:5ByscNi7R+ztvOGzeUaIu49vkMk2soq5NaH5PYe33MQ=
+github.com/aws/aws-sdk-go-v2/credentials v1.18.10 h1:xdJnXCouCx8Y0NncgoptztUocIYLKeQxrCgN6x9sdhg=
+github.com/aws/aws-sdk-go-v2/credentials v1.18.10/go.mod h1:7tQk08ntj914F/5i9jC4+2HQTAuJirq7m1vZVIhEkWs=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.6 h1:wbjnrrMnKew78/juW7I2BtKQwa1qlf6EjQgS69uYY14=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.6/go.mod h1:AtiqqNrDioJXuUgz3+3T0mBWN7Hro2n9wll2zRUc0ww=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.4 h1:BTl+TXrpnrpPWb/J3527GsJ/lMkn7z3GO12j6OlsbRg=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.4/go.mod h1:cG2tenc/fscpChiZE29a2crG9uo2t6nQGflFllFL8M8=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6 h1:uF68eJA6+S9iVr9WgX1NaRGyQ/6MdIyc4JNUo6TN1FA=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6/go.mod h1:qlPeVZCGPiobx8wb1ft0GHT5l+dc6ldnwInDFaMvC7Y=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6 h1:pa1DEC6JoI0zduhZePp3zmhWvk/xxm4NB8Hy/Tlsgos=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6/go.mod h1:gxEjPebnhWGJoaDdtDkA0JX46VRg1wcTHYe63OfX5pE=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.6 h1:R0tNFJqfjHL3900cqhXuwQ+1K4G0xc9Yf8EDbFXCKEw=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.6/go.mod h1:y/7sDdu+aJvPtGXr4xYosdpq9a6T9Z0jkXfugmti0rI=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 h1:oegbebPEMA/1Jny7kvwejowCaHz1FWZAQ94WXFNCyTM=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1/go.mod h1:kemo5Myr9ac0U9JfSjMo9yHLtw+pECEHsFtJ9tqCEI8=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.6 h1:hncKj/4gR+TPauZgTAsxOxNcvBayhUlYZ6LO/BYiQ30=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.6/go.mod h1:OiIh45tp6HdJDDJGnja0mw8ihQGz3VGrUflLqSL0SmM=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.6 h1:LHS1YAIJXJ4K9zS+1d/xa9JAA9sL2QyXIQCQFQW/X08=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.6/go.mod h1:c9PCiTEuh0wQID5/KqA32J+HAgZxN9tOGXKCiYJjTZI=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.6 h1:nEXUSAwyUfLTgnc9cxlDWy637qsq4UWwp3sNAfl0Z3Y=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.6/go.mod h1:HGzIULx4Ge3Do2V0FaiYKcyKzOqwrhUZgCI77NisswQ=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.87.3 h1:ETkfWcXP2KNPLecaDa++5bsQhCRa5M5sLUJa5DWYIIg=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.87.3/go.mod h1:+/3ZTqoYb3Ur7DObD00tarKMLMuKg8iqz5CHEanqTnw=
+github.com/aws/aws-sdk-go-v2/service/sqs v1.42.3 h1:0dWg1Tkz3FnEo48DgAh7CT22hYyMShly8WMd3sGx0xI=
+github.com/aws/aws-sdk-go-v2/service/sqs v1.42.3/go.mod h1:hpOo4IGPfGPlHRcf2nizYAzKfz8GzbQ8tTDIUR4H4GQ=
+github.com/aws/aws-sdk-go-v2/service/sso v1.29.1 h1:8OLZnVJPvjnrxEwHFg9hVUof/P4sibH+Ea4KKuqAGSg=
+github.com/aws/aws-sdk-go-v2/service/sso v1.29.1/go.mod h1:27M3BpVi0C02UiQh1w9nsBEit6pLhlaH3NHna6WUbDE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.2 h1:gKWSTnqudpo8dAxqBqZnDoDWCiEh/40FziUjr/mo6uA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.2/go.mod h1:x7+rkNmRoEN1U13A6JE2fXne9EWyJy54o3n6d4mGaXQ=
+github.com/aws/aws-sdk-go-v2/service/sts v1.38.2 h1:YZPjhyaGzhDQEvsffDEcpycq49nl7fiGcfJTIo8BszI=
+github.com/aws/aws-sdk-go-v2/service/sts v1.38.2/go.mod h1:2dIN8qhQfv37BdUYGgEC8Q3tteM3zFxTI1MLO2O3J3c=
+github.com/aws/smithy-go v1.23.0 h1:8n6I3gXzWJB2DxBDnfxgBaSX6oe0d/t10qGz7OKqMCE=
+github.com/aws/smithy-go v1.23.0/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
 github.com/beevik/etree v1.4.1 h1:PmQJDDYahBGNKDcpdX8uPy1xRCwoCGVUiW669MEirVI=
 github.com/beevik/etree v1.4.1/go.mod h1:gPNJNaBGVZ9AwsidazFZyygnd+0pAU38N4D+WemwKNs=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
diff --git a/pkg/acquisition/modules/s3/s3.go b/pkg/acquisition/modules/s3/s3.go
@@ -16,12 +16,12 @@ import (
 	"time"
 
 	"github.com/aws/aws-lambda-go/events"
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/s3"
-	"github.com/aws/aws-sdk-go/service/s3/s3iface"
-	"github.com/aws/aws-sdk-go/service/sqs"
-	"github.com/aws/aws-sdk-go/service/sqs/sqsiface"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/s3"
+	s3Manager "github.com/aws/aws-sdk-go-v2/feature/s3/manager"
+	s3types "github.com/aws/aws-sdk-go-v2/service/s3/types"
+	"github.com/aws/aws-sdk-go-v2/service/sqs"
 	yaml "github.com/goccy/go-yaml"
 	"github.com/prometheus/client_golang/prometheus"
 	log "github.com/sirupsen/logrus"
@@ -32,6 +32,16 @@ import (
 	"github.com/crowdsecurity/crowdsec/pkg/types"
 )
 
+type S3API interface {
+	s3Manager.ListObjectsV2APIClient
+	s3Manager.DownloadAPIClient
+}
+
+type SQSAPI interface {
+	ReceiveMessage(ctx context.Context, params *sqs.ReceiveMessageInput, optFns ...func(*sqs.Options)) (*sqs.ReceiveMessageOutput, error)
+	DeleteMessage(ctx context.Context, params *sqs.DeleteMessageInput, optFns ...func(*sqs.Options)) (*sqs.DeleteMessageOutput, error)
+}
+
 type S3Configuration struct {
 	configuration.DataSourceCommonCfg `yaml:",inline"`
 	AwsProfile                        *string `yaml:"aws_profile"`
@@ -51,12 +61,12 @@ type S3Source struct {
 	metricsLevel metrics.AcquisitionMetricsLevel
 	Config       S3Configuration
 	logger       *log.Entry
-	s3Client     s3iface.S3API
-	sqsClient    sqsiface.SQSAPI
+	s3Client     S3API
+	sqsClient    SQSAPI
 	readerChan   chan S3Object
 	t            *tomb.Tomb
 	out          chan types.Event
-	ctx          aws.Context
+	ctx          context.Context
 	cancel       context.CancelFunc
 }
 
@@ -109,62 +119,60 @@ const (
 )
 
 func (s *S3Source) newS3Client() error {
-	options := session.Options{
-		SharedConfigState: session.SharedConfigEnable,
-	}
-	if s.Config.AwsProfile != nil {
-		options.Profile = *s.Config.AwsProfile
+	if s.s3Client != nil {
+		return nil
 	}
 
-	sess, err := session.NewSessionWithOptions(options)
-	if err != nil {
-		return fmt.Errorf("failed to create aws session: %w", err)
+	var loadOpts []func(*config.LoadOptions) error
+	if s.Config.AwsProfile != nil && *s.Config.AwsProfile != "" {
+		loadOpts = append(loadOpts, config.WithSharedConfigProfile(*s.Config.AwsProfile))
 	}
-
-	config := aws.NewConfig()
-	if s.Config.AwsRegion != "" {
-		config = config.WithRegion(s.Config.AwsRegion)
+	region := s.Config.AwsRegion
+	if region == "" {
+		region = "us-east-1"
 	}
-	if s.Config.AwsEndpoint != "" {
-		config = config.WithEndpoint(s.Config.AwsEndpoint)
+	loadOpts = append(loadOpts, config.WithRegion(region))
+	loadOpts = append(loadOpts, config.WithCredentialsProvider(aws.AnonymousCredentials{}))
+	cfg, err := config.LoadDefaultConfig(s.ctx, loadOpts...)
+	if err != nil {
+		return fmt.Errorf("failed to load aws config: %w", err)
 	}
 
-	s.s3Client = s3.New(sess, config)
-	if s.s3Client == nil {
-		return errors.New("failed to create S3 client")
+	var clientOpts []func(*s3.Options)
+	if s.Config.AwsEndpoint != "" {
+		clientOpts = append(clientOpts, func(o *s3.Options) { o.BaseEndpoint = aws.String(s.Config.AwsEndpoint) })
 	}
 
+	s.s3Client = s3.NewFromConfig(cfg, clientOpts...)
 	return nil
 }
 
 func (s *S3Source) newSQSClient() error {
-	var sess *session.Session
-
-	if s.Config.AwsProfile != nil {
-		sess = session.Must(session.NewSessionWithOptions(session.Options{
-			SharedConfigState: session.SharedConfigEnable,
-			Profile:           *s.Config.AwsProfile,
-		}))
-	} else {
-		sess = session.Must(session.NewSessionWithOptions(session.Options{
-			SharedConfigState: session.SharedConfigEnable,
-		}))
+	if s.sqsClient != nil {
+		return nil
 	}
 
-	if sess == nil {
-		return errors.New("failed to create aws session")
+	var loadOpts []func(*config.LoadOptions) error
+	if s.Config.AwsProfile != nil && *s.Config.AwsProfile != "" {
+		loadOpts = append(loadOpts, config.WithSharedConfigProfile(*s.Config.AwsProfile))
 	}
-	config := aws.NewConfig()
-	if s.Config.AwsRegion != "" {
-		config = config.WithRegion(s.Config.AwsRegion)
+	region := s.Config.AwsRegion
+	if region == "" {
+		region = "us-east-1"
 	}
-	if s.Config.AwsEndpoint != "" {
-		config = config.WithEndpoint(s.Config.AwsEndpoint)
+	loadOpts = append(loadOpts, config.WithRegion(region))
+	loadOpts = append(loadOpts, config.WithCredentialsProvider(aws.AnonymousCredentials{}))
+	cfg, err := config.LoadDefaultConfig(s.ctx, loadOpts...)
+	if err != nil {
+		return fmt.Errorf("failed to load aws config: %w", err)
 	}
-	s.sqsClient = sqs.New(sess, config)
-	if s.sqsClient == nil {
-		return errors.New("failed to create SQS client")
+
+	var clientOpts []func(*sqs.Options)
+	if s.Config.AwsEndpoint != "" {
+		clientOpts = append(clientOpts, func(o *sqs.Options) { o.BaseEndpoint = aws.String(s.Config.AwsEndpoint) })
 	}
+
+	s.sqsClient = sqs.NewFromConfig(cfg, clientOpts...)
 	return nil
 }
 
@@ -186,13 +194,13 @@ func (s *S3Source) readManager() {
 	}
 }
 
-func (s *S3Source) getBucketContent() ([]*s3.Object, error) {
+func (s *S3Source) getBucketContent() ([]s3types.Object, error) {
 	logger := s.logger.WithField("method", "getBucketContent")
 	logger.Debugf("Getting bucket content for %s", s.Config.BucketName)
-	bucketObjects := make([]*s3.Object, 0)
+	bucketObjects := make([]s3types.Object, 0)
 	var continuationToken *string
 	for {
-		out, err := s.s3Client.ListObjectsV2WithContext(s.ctx, &s3.ListObjectsV2Input{
+		out, err := s.s3Client.ListObjectsV2(s.ctx, &s3.ListObjectsV2Input{
 			Bucket:            aws.String(s.Config.BucketName),
 			Prefix:            aws.String(s.Config.Prefix),
 			ContinuationToken: continuationToken,
@@ -340,10 +348,10 @@ func (s *S3Source) sqsPoll() error {
 			return nil
 		default:
 			logger.Trace("Polling SQS queue")
-			out, err := s.sqsClient.ReceiveMessageWithContext(s.ctx, &sqs.ReceiveMessageInput{
+			out, err := s.sqsClient.ReceiveMessage(s.ctx, &sqs.ReceiveMessageInput{
 				QueueUrl:            aws.String(s.Config.SQSName),
-				MaxNumberOfMessages: aws.Int64(10),
-				WaitTimeSeconds:     aws.Int64(20), // Probably no need to make it configurable ?
+				MaxNumberOfMessages: 10,
+				WaitTimeSeconds:     20, // Probably no need to make it configurable ?
 			})
 			if err != nil {
 				logger.Errorf("Error while polling SQS: %s", err)
@@ -359,21 +367,23 @@ func (s *S3Source) sqsPoll() error {
 				if err != nil {
 					logger.Errorf("Error while parsing SQS message: %s", err)
 					// Always delete the message to avoid infinite loop
-					_, err = s.sqsClient.DeleteMessage(&sqs.DeleteMessageInput{
-						QueueUrl:      aws.String(s.Config.SQSName),
-						ReceiptHandle: message.ReceiptHandle,
-					})
+					_, err = s.sqsClient.DeleteMessage(s.ctx,
+						&sqs.DeleteMessageInput{
+							QueueUrl:      aws.String(s.Config.SQSName),
+							ReceiptHandle: message.ReceiptHandle,
+						})
 					if err != nil {
 						logger.Errorf("Error while deleting SQS message: %s", err)
 					}
 					continue
 				}
 				logger.Debugf("Received SQS message for object %s/%s", bucket, key)
 				s.readerChan <- S3Object{Key: key, Bucket: bucket}
-				_, err = s.sqsClient.DeleteMessage(&sqs.DeleteMessageInput{
-					QueueUrl:      aws.String(s.Config.SQSName),
-					ReceiptHandle: message.ReceiptHandle,
-				})
+				_, err = s.sqsClient.DeleteMessage(s.ctx,
+					&sqs.DeleteMessageInput{
+						QueueUrl:      aws.String(s.Config.SQSName),
+						ReceiptHandle: message.ReceiptHandle,
+					})
 				if err != nil {
 					logger.Errorf("Error while deleting SQS message: %s", err)
 				}
@@ -393,7 +403,7 @@ func (s *S3Source) readFile(bucket string, key string) error {
 		"key":    key,
 	})
 
-	output, err := s.s3Client.GetObjectWithContext(s.ctx, &s3.GetObjectInput{
+	output, err := s.s3Client.GetObject(s.ctx, &s3.GetObjectInput{
 		Bucket: aws.String(bucket),
 		Key:    aws.String(key),
 	})
diff --git a/pkg/acquisition/modules/s3/s3_test.go b/pkg/acquisition/modules/s3/s3_test.go
