fix(aws): Some inputs are not longer required

juliojimenez · juliojimenez · commit 4f25ce475679 · 2025-11-07T16:42:49.000-05:00
Signed-off-by: Julio Jimenez &lt;julio@clickhouse.com&gt;
diff --git a/cmd/clickbom/main.go b/cmd/clickbom/main.go
@@ -45,7 +45,7 @@ func run() error {
 	}()
 
 	// Initialize S3 client
-	s3Client, err := storage.NewS3Client(ctx, cfg.AWSAccessKeyID, cfg.AWSSecretAccessKey, cfg.AWSRegion)
+	s3Client, err := storage.NewS3Client(ctx)
 	if err != nil {
 		return fmt.Errorf("failed to create S3 client: %w", err)
 	}
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -70,11 +70,8 @@ type Config struct {
 func LoadConfig() (*Config, error) {
 	cfg := &Config{
 		// AWS (required)
-		AWSAccessKeyID:     os.Getenv("AWS_ACCESS_KEY_ID"),
-		AWSSecretAccessKey: os.Getenv("AWS_SECRET_ACCESS_KEY"),
-		AWSRegion:          getEnvOrDefault("AWS_DEFAULT_REGION", "us-east-1"),
-		S3Bucket:           os.Getenv("S3_BUCKET"),
-		S3Key:              getEnvOrDefault("S3_KEY", "sbom.json"),
+		S3Bucket: os.Getenv("S3_BUCKET"),
+		S3Key:    getEnvOrDefault("S3_KEY", "sbom.json"),
 
 		// GitHub
 		GitHubToken: os.Getenv("GITHUB_TOKEN"),
@@ -139,12 +136,6 @@ func LoadConfig() (*Config, error) {
 // Validate checks that all required configuration fields are set appropriately.
 func (c *Config) Validate() error {
 	// AWS is always required
-	if c.AWSAccessKeyID == "" {
-		return fmt.Errorf("AWS_ACCESS_KEY_ID is required")
-	}
-	if c.AWSSecretAccessKey == "" {
-		return fmt.Errorf("AWS_SECRET_ACCESS_KEY is required")
-	}
 	if c.S3Bucket == "" {
 		return fmt.Errorf("S3_BUCKET is required")
 	}
diff --git a/internal/config/config_test.go b/internal/config/config_test.go
@@ -14,30 +14,24 @@ func TestLoadConfig(t *testing.T) {
 		{
 			name: "valid minimal config",
 			env: map[string]string{
-				"AWS_ACCESS_KEY_ID":     "test-key",
-				"AWS_SECRET_ACCESS_KEY": "test-secret",
-				"S3_BUCKET":             "test-bucket",
-				"REPOSITORY":            "owner/repo",
+				"S3_BUCKET":  "test-bucket",
+				"REPOSITORY": "owner/repo",
 			},
 			wantErr: false,
 		},
 		{
 			name: "missing required field",
 			env: map[string]string{
-				"AWS_ACCESS_KEY_ID": "test-key",
-				// Missing AWS_SECRET_ACCESS_KEY
-				"S3_BUCKET":  "test-bucket",
+				// Missing S3_BUCKET
 				"REPOSITORY": "owner/repo",
 			},
 			wantErr: true,
 		},
 		{
 			name: "invalid repository format",
 			env: map[string]string{
-				"AWS_ACCESS_KEY_ID":     "test-key",
-				"AWS_SECRET_ACCESS_KEY": "test-secret",
-				"S3_BUCKET":             "test-bucket",
-				"REPOSITORY":            "invalid-repo", // No slash
+				"S3_BUCKET":  "test-bucket",
+				"REPOSITORY": "invalid-repo", // No slash
 			},
 			wantErr: true,
 		},
@@ -79,35 +73,29 @@ func TestConfigValidate(t *testing.T) {
 		{
 			name: "valid github config",
 			config: &Config{
-				AWSAccessKeyID:     "key",
-				AWSSecretAccessKey: "secret",
-				S3Bucket:           "bucket",
-				Repository:         "owner/repo",
-				SBOMSource:         "github",
+				S3Bucket:   "bucket",
+				Repository: "owner/repo",
+				SBOMSource: "github",
 			},
 			wantErr: false,
 		},
 		{
 			name: "valid mend config",
 			config: &Config{
-				AWSAccessKeyID:     "key",
-				AWSSecretAccessKey: "secret",
-				S3Bucket:           "bucket",
-				SBOMSource:         "mend",
-				MendEmail:          "test@example.com",
-				MendOrgUUID:        "123e4567-e89b-12d3-a456-426614174000",
-				MendUserKey:        "user-key",
-				MendProjectUUID:    "123e4567-e89b-12d3-a456-426614174001",
+				S3Bucket:        "bucket",
+				SBOMSource:      "mend",
+				MendEmail:       "test@example.com",
+				MendOrgUUID:     "123e4567-e89b-12d3-a456-426614174000",
+				MendUserKey:     "user-key",
+				MendProjectUUID: "123e4567-e89b-12d3-a456-426614174001",
 			},
 			wantErr: false,
 		},
 		{
 			name: "invalid mend config - missing email",
 			config: &Config{
-				AWSAccessKeyID:     "key",
-				AWSSecretAccessKey: "secret",
-				S3Bucket:           "bucket",
-				SBOMSource:         "mend",
+				S3Bucket:   "bucket",
+				SBOMSource: "mend",
 				// Missing MendEmail
 				MendOrgUUID:     "123e4567-e89b-12d3-a456-426614174000",
 				MendUserKey:     "user-key",
diff --git a/internal/storage/s3.go b/internal/storage/s3.go
@@ -9,7 +9,8 @@ import (
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/config"
-	"github.com/aws/aws-sdk-go-v2/credentials"
+
+	// "github.com/aws/aws-sdk-go-v2/credentials"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
 
 	"github.com/ClickHouse/ClickBOM/pkg/logger"
@@ -21,15 +22,8 @@ type S3Client struct {
 }
 
 // NewS3Client creates a new S3Client with the provided AWS credentials and region.
-func NewS3Client(ctx context.Context, accessKeyID, secretAccessKey, region string) (*S3Client, error) {
-	cfg, err := config.LoadDefaultConfig(ctx,
-		config.WithRegion(region),
-		config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(
-			accessKeyID,
-			secretAccessKey,
-			"",
-		)),
-	)
+func NewS3Client(ctx context.Context) (*S3Client, error) {
+	cfg, err := config.LoadDefaultConfig(ctx)
 	if err != nil {
 		return nil, fmt.Errorf("failed to load AWS config: %w", err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ func run() error {`
`45`	`45`	`}()`
`46`	`46`
`47`	`47`	`// Initialize S3 client`
`48`		`- s3Client, err := storage.NewS3Client(ctx, cfg.AWSAccessKeyID, cfg.AWSSecretAccessKey, cfg.AWSRegion)`
	`48`	`+ s3Client, err := storage.NewS3Client(ctx)`
`49`	`49`	`if err != nil {`
`50`	`50`	`return fmt.Errorf("failed to create S3 client: %w", err)`
`51`	`51`	`}`