Update nf-codecommit to AWS SDK v2 (#6263)

Signed-off-by: jorgee <jorge.ejarque@seqera.io>

Author: jorgee

plugins/nf-codecommit/build.gradle

@@ -38,7 +38,9 @@ dependencies {
     compileOnly 'org.pf4j:pf4j:3.12.0'
 
     api ('javax.xml.bind:jaxb-api:2.4.0-b180830.0359')
-    api ('com.amazonaws:aws-java-sdk-codecommit:1.12.777')
+    api ('software.amazon.awssdk:codecommit:2.31.64')
+    api ('software.amazon.awssdk:sso:2.31.64')
+    api ('software.amazon.awssdk:ssooidc:2.31.64')
 
     testImplementation(testFixtures(project(":nextflow")))
     testImplementation project(':nextflow')

plugins/nf-codecommit/src/main/nextflow/cloud/aws/codecommit/AwsCodeCommitCredentialProvider.groovy

@@ -16,6 +16,8 @@
 
 package nextflow.cloud.aws.codecommit
 
+import software.amazon.awssdk.auth.credentials.AwsCredentials
+
 import javax.crypto.Mac
 
 /*
@@ -40,12 +42,11 @@ import java.security.MessageDigest
 import java.security.NoSuchAlgorithmException
 import java.text.SimpleDateFormat
 
-import com.amazonaws.auth.AWSCredentials
-import com.amazonaws.auth.AWSCredentialsProvider
-import com.amazonaws.auth.AWSSessionCredentials
-import com.amazonaws.auth.AWSStaticCredentialsProvider
-import com.amazonaws.auth.BasicAWSCredentials
-import com.amazonaws.auth.DefaultAWSCredentialsProviderChain
+import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider
+import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials
+import software.amazon.awssdk.auth.credentials.AwsSessionCredentials
 import groovy.transform.CompileStatic
 import groovy.util.logging.Slf4j
 import nextflow.exception.AbortOperationException
@@ -201,23 +202,23 @@ final class AwsCodeCommitCredentialProvider extends CredentialsProvider {
     }
 
     /**
-     * Get the AWSCredentials. If an AWSCredentialProvider was specified, use that,
-     * otherwise, create a new AWSCredentialsProvider. If the username and password are
-     * provided, use those directly as AWSCredentials. Otherwise, use the
-     * {@link DefaultAWSCredentialsProviderChain} as is standard with AWS applications.
+     * Get the AWSCredentials. If an AwsCredentialProvider was specified, use that,
+     * otherwise, create a new AwsCredentialsProvider. If the username and password are
+     * provided, use those directly as AwsCredentials. Otherwise, use the
+     * {@link DefaultCredentialsProvider} as is standard with AWS applications.
      * @return the AWS credentials.
      */
-    private AWSCredentials retrieveAwsCredentials() {
-        AWSCredentialsProvider credsProvider
+    private AwsCredentials retrieveAwsCredentials() {
+        AwsCredentialsProvider credsProvider
         if ( username && password ) {
             log.debug "Creating a static AWS credentials provider"
-            credsProvider = new AWSStaticCredentialsProvider( new BasicAWSCredentials( username, password ))
+            credsProvider = StaticCredentialsProvider.create( AwsBasicCredentials.create(username,password) )
         }
         else {
             log.debug "Creating a default AWS credentials provider chain"
-            credsProvider = new DefaultAWSCredentialsProviderChain()
+            credsProvider = DefaultCredentialsProvider.builder().build()
         }
-        return credsProvider.getCredentials()
+        return credsProvider.resolveCredentials()
     }
 
     /**
@@ -260,14 +261,14 @@ final class AwsCodeCommitCredentialProvider extends CredentialsProvider {
         String awsSecretKey
 
         try {
-            AWSCredentials awsCredentials = retrieveAwsCredentials()
+            AwsCredentials awsCredentials = retrieveAwsCredentials()
             StringBuilder awsKey = new StringBuilder();
-            awsKey.append(awsCredentials.getAWSAccessKeyId());
-            awsSecretKey = awsCredentials.getAWSSecretKey();
-            if (awsCredentials instanceof AWSSessionCredentials) {
-                AWSSessionCredentials sessionCreds = (AWSSessionCredentials) awsCredentials;
-                if ( sessionCreds.getSessionToken() ) {
-                    awsKey.append('%').append(sessionCreds.getSessionToken())
+            awsKey.append(awsCredentials.accessKeyId());
+            awsSecretKey = awsCredentials.secretAccessKey();
+            if (awsCredentials instanceof AwsSessionCredentials) {
+                AwsSessionCredentials sessionCreds = (AwsSessionCredentials) awsCredentials;
+                if ( sessionCreds.sessionToken() ) {
+                    awsKey.append('%').append(sessionCreds.sessionToken())
                 }
             }
             awsAccessKey = awsKey.toString()
@@ -322,7 +323,7 @@ final class AwsCodeCommitCredentialProvider extends CredentialsProvider {
     /**
      * @param awsCredentialProvider the awsCredentialProvider to set
      */
-    void setAwsCredentialsProvider(AWSCredentialsProvider awsCredentialsProvider) {
+    void setAwsCredentialsProvider(AwsCredentialsProvider awsCredentialsProvider) {
         this.awsCredentialsProvider = awsCredentialsProvider
     }
 

plugins/nf-codecommit/src/main/nextflow/cloud/aws/codecommit/AwsCodeCommitRepositoryProvider.groovy

@@ -16,16 +16,16 @@
 
 package nextflow.cloud.aws.codecommit
 
-import com.amazonaws.SdkClientException
-import com.amazonaws.auth.AWSStaticCredentialsProvider
-import com.amazonaws.auth.BasicAWSCredentials
-import com.amazonaws.auth.DefaultAWSCredentialsProviderChain
-import com.amazonaws.services.codecommit.AWSCodeCommit
-import com.amazonaws.services.codecommit.AWSCodeCommitClientBuilder
-import com.amazonaws.services.codecommit.model.AWSCodeCommitException
-import com.amazonaws.services.codecommit.model.GetFileRequest
-import com.amazonaws.services.codecommit.model.GetRepositoryRequest
-import com.amazonaws.services.codecommit.model.RepositoryMetadata
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials
+import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider
+import software.amazon.awssdk.core.exception.SdkException
+import software.amazon.awssdk.regions.Region
+import software.amazon.awssdk.services.codecommit.CodeCommitClient
+import software.amazon.awssdk.services.codecommit.model.CodeCommitException
+import software.amazon.awssdk.services.codecommit.model.GetFileRequest
+import software.amazon.awssdk.services.codecommit.model.GetRepositoryRequest
+import software.amazon.awssdk.services.codecommit.model.RepositoryMetadata
 import groovy.transform.CompileStatic
 import groovy.transform.Memoized
 import groovy.util.logging.Slf4j
@@ -56,22 +56,21 @@ class AwsCodeCommitRepositoryProvider extends RepositoryProvider {
     }
 
     private String region
-    private AWSCodeCommit client
+    private CodeCommitClient client
     private String repositoryName
 
 
-    protected AWSCodeCommit createClient(AwsCodeCommitProviderConfig config) {
-        final builder = AWSCodeCommitClientBuilder
-                .standard()
-                .withRegion(region)
+    protected CodeCommitClient createClient(AwsCodeCommitProviderConfig config) {
+        final builder = CodeCommitClient.builder()
+                .region(Region.of(region))
         if( config.user && config.password ) {
-            final creds = new BasicAWSCredentials(config.user, config.password)
+            final creds = AwsBasicCredentials.create(config.user, config.password)
             log.debug "AWS CodeCommit using username=$config.user; password=${StringUtils.redact(config.password)}"
-            builder.withCredentials( new AWSStaticCredentialsProvider(creds) )
+            builder.credentialsProvider( StaticCredentialsProvider.create(creds) )
         }
         else {
             log.debug "AWS CodeCommit using default credentials chain"
-            builder.withCredentials( new DefaultAWSCredentialsProviderChain() )
+            builder.credentialsProvider( DefaultCredentialsProvider.builder().build() )
         }
         builder.build()
     }
@@ -84,12 +83,13 @@ class AwsCodeCommitRepositoryProvider extends RepositoryProvider {
     }
 
     private RepositoryMetadata getRepositoryMetadata() {
-        final request = new GetRepositoryRequest()
-                .withRepositoryName(repositoryName)
+        final request = GetRepositoryRequest.builder()
+                .repositoryName(repositoryName)
+                .build()
 
         return client
                 .getRepository(request)
-                .getRepositoryMetadata()
+                .repositoryMetadata()
     }
 
     /** {@inheritDoc} **/
@@ -136,16 +136,16 @@ class AwsCodeCommitRepositoryProvider extends RepositoryProvider {
     @Override
     byte[] readBytes( String path ) {
 
-        final request = new GetFileRequest()
-            .withRepositoryName(repositoryName)
-            .withFilePath(path)
+        final builder = GetFileRequest.builder()
+            .repositoryName(repositoryName)
+            .filePath(path)
         if( revision )
-            request.withCommitSpecifier(revision)
+            builder.commitSpecifier(revision)
 
         try {
             return client
-                    .getFile( request )
-                    .getFileContent()?.array()
+                    .getFile( builder.build() )
+                    .fileContent()?.asByteArray()
         }
         catch (Exception e) {
             checkMissingCredsException(e)
@@ -160,9 +160,9 @@ class AwsCodeCommitRepositoryProvider extends RepositoryProvider {
                 "Unable to load AWS credentials",
                 "The security token included in the request is invalid",
                 "The request signature we calculated does not match the signature you provided"]
-        if( e !instanceof SdkClientException )
+        if( e !instanceof SdkException )
             return
-        if( e instanceof AWSCodeCommitException && e.message?.startsWith("Could not find path") ) {
+        if( e instanceof CodeCommitException && e.message?.startsWith("Could not find path") ) {
             // it cannot find the request file
             return
         }

plugins/nf-codecommit/src/test/nextflow/cloud/aws/codecommit/AwsCodeCommitRepositoryProviderTest.groovy

@@ -26,7 +26,7 @@ import spock.lang.Specification
  * @author Paolo Di Tommaso <paolo.ditommaso@gmail.com>
  */
 @IgnoreIf({System.getenv('NXF_SMOKE')})
-@Requires({System.getenv('AWS_ACCESS_KEY_ID') && System.getenv('AWS_SECRET_ACCESS_KEY')})
+//@Requires({System.getenv('AWS_ACCESS_KEY_ID') && System.getenv('AWS_SECRET_ACCESS_KEY')})
 class AwsCodeCommitRepositoryProviderTest extends Specification {
 
     def 'should get repo url' () {