feat(reporter/s3): disable config/credential: file and some providers

config/awsconf.go

@@ -19,27 +19,9 @@ type AWSConf struct {
 	// AWS profile to use
 	Profile string `json:"profile"`
 
-	// AWS config files to use
-	ConfigFiles []string `json:"configFiles"`
-
-	// AWS credential files to use
-	CredentialFiles []string `json:"credentialFiles"`
-
 	// use credential provider
 	CredentialProvider CredentialProviderType `json:"credentialProvider"`
 
-	// The access key ID that identifies the temporary security credentials. (credential provider type: static only)
-	AccessKeyID string `json:"accessKeyID"`
-
-	// The secret access key that can be used to sign requests. (credential provider type: static only)
-	SecretAccessKey string `json:"secretAccessKey"`
-
-	// The token that users must pass to the service API to use the temporary (credential provider type: static only)
-	SessionToken string `json:"sessionToken"`
-
-	// endpoint for credential provider (credential provider type: endpoint only)
-	CredentialEndpoint string `json:"credentialEndpoint"`
-
 	// S3 bucket name
 	S3Bucket string `json:"s3Bucket"`
 
@@ -62,12 +44,6 @@ type CredentialProviderType string
 const (
 	// CredentialProviderAnonymous is credential provider type: anonymous
 	CredentialProviderAnonymous CredentialProviderType = "anonymous"
-	// CredentialProviderEC2Metadata is credential provider type: ec2metadata
-	CredentialProviderEC2Metadata CredentialProviderType = "ec2metadata"
-	// CredentialProviderStatic is credential provider type: static
-	CredentialProviderStatic CredentialProviderType = "static"
-	// CredentialProviderEndpoint is credential provider type: endpoint
-	CredentialProviderEndpoint CredentialProviderType = "endpoint"
 )
 
 // Validate configuration
@@ -79,18 +55,6 @@ func (c *AWSConf) Validate() (errs []error) {
 	switch c.CredentialProvider {
 	case CredentialProviderType(""):
 	case CredentialProviderAnonymous:
-	case CredentialProviderEC2Metadata:
-	case CredentialProviderStatic:
-		if c.AccessKeyID == "" {
-			errs = append(errs, fmt.Errorf("AccessKeyID is empty"))
-		}
-		if c.SecretAccessKey == "" {
-			errs = append(errs, fmt.Errorf("SecretAccessKey is empty"))
-		}
-	case CredentialProviderEndpoint:
-		if c.CredentialEndpoint == "" {
-			errs = append(errs, fmt.Errorf("CredentialEndpoint is empty"))
-		}
 	default:
 		errs = append(errs, fmt.Errorf("CredentialProvider: %s is not supported", c.CredentialProvider))
 	}

reporter/s3.go

@@ -12,9 +12,6 @@ import (
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	awsConfig "github.com/aws/aws-sdk-go-v2/config"
-	"github.com/aws/aws-sdk-go-v2/credentials"
-	"github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds"
-	"github.com/aws/aws-sdk-go-v2/credentials/endpointcreds"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
 	"golang.org/x/xerrors"
@@ -47,22 +44,10 @@ func (w S3Writer) getS3() (*s3.Client, error) {
 	if w.Profile != "" {
 		optFns = append(optFns, awsConfig.WithSharedConfigProfile(w.Profile))
 	}
-	if len(w.ConfigFiles) > 0 {
-		optFns = append(optFns, awsConfig.WithSharedConfigFiles(w.ConfigFiles))
-	}
-	if len(w.CredentialFiles) > 0 {
-		optFns = append(optFns, awsConfig.WithSharedCredentialsFiles(w.CredentialFiles))
-	}
 	switch w.CredentialProvider {
 	case "":
 	case config.CredentialProviderAnonymous:
 		optFns = append(optFns, awsConfig.WithCredentialsProvider(aws.AnonymousCredentials{}))
-	case config.CredentialProviderEC2Metadata:
-		optFns = append(optFns, awsConfig.WithCredentialsProvider(aws.NewCredentialsCache(ec2rolecreds.New())))
-	case config.CredentialProviderStatic:
-		optFns = append(optFns, awsConfig.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(w.AccessKeyID, w.SecretAccessKey, w.SessionToken)))
-	case config.CredentialProviderEndpoint:
-		optFns = append(optFns, awsConfig.WithCredentialsProvider(endpointcreds.New(w.CredentialEndpoint)))
 	default:
 		return nil, xerrors.Errorf("CredentialProvider: %s is not supported", w.CredentialProvider)
 	}

subcmds/discover.go

@@ -155,13 +155,7 @@ func printConfigToml(ips []string) (err error) {
 #s3Endpoint             = "http://localhost:9000"
 #region                 = "ap-northeast-1"
 #profile                = "default"
-#configFiles            = ["/home/vuls/.aws/config"]
-#credentialFiles        = ["/home/vuls/.aws/credentials"]
-#credentialProvider       = "ec2metadata"
-#accessKeyID            = "AKIAIOSFODNN7EXAMPLE"
-#secretAccessKey        = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
-#sessionToken           = "AQoEXAMPLEH4aoAH0gNCAPy...truncated...zrkuWJOgQs8IZZaIv2BXIa2R4Olgk"
-#credentialEndpoint     = "http://localhost:8000"
+#credentialProvider     = "anonymous"
 #s3Bucket               = "vuls"
 #s3ResultsDir           = "/path/to/result"
 #s3ServerSideEncryption = "AES256"