Switch to sqscreds param for passing in SQS credentials

client/lib/rendezvous.go

@@ -94,11 +94,11 @@ func newBrokerChannelFromConfig(config ClientConfig) (*BrokerChannel, error) {
 		if config.AmpCacheURL != "" || config.BrokerURL != "" {
 			log.Fatalln("Multiple rendezvous methods specified. " + rendezvousErrorMsg)
 		}
-		if config.SQSAccessKeyID == "" || config.SQSSecretKey == "" {
-			log.Fatalln("sqsakid and sqsskey must be specified to use SQS rendezvous method.")
+		if config.SQSCredsStr == "" {
+			log.Fatalln("sqscreds must be specified to use SQS rendezvous method.")
 		}
 		log.Println("Through SQS queue at:", config.SQSQueueURL)
-		rendezvous, err = newSQSRendezvous(config.SQSQueueURL, config.SQSAccessKeyID, config.SQSSecretKey, brokerTransport)
+		rendezvous, err = newSQSRendezvous(config.SQSQueueURL, config.SQSCredsStr, brokerTransport)
 	} else if config.AmpCacheURL != "" && config.BrokerURL != "" {
 		log.Println("Through AMP cache at:", config.AmpCacheURL)
 		rendezvous, err = newAMPCacheRendezvous(

client/lib/rendezvous_sqs.go

@@ -16,6 +16,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/sqs"
 	"github.com/aws/aws-sdk-go-v2/service/sqs/types"
 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/sqsclient"
+	sqscreds "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/sqscreds/lib"
 )
 
 type sqsRendezvous struct {
@@ -26,12 +27,17 @@ type sqsRendezvous struct {
 	numRetries int
 }
 
-func newSQSRendezvous(sqsQueue string, sqsAccessKeyId string, sqsSecretKey string, transport http.RoundTripper) (*sqsRendezvous, error) {
+func newSQSRendezvous(sqsQueue string, sqsCredsStr string, transport http.RoundTripper) (*sqsRendezvous, error) {
 	sqsURL, err := url.Parse(sqsQueue)
 	if err != nil {
 		return nil, err
 	}
 
+	sqsCreds, err := sqscreds.AwsCredsFromBase64(sqsCredsStr)
+	if err != nil {
+		return nil, err
+	}
+
 	queueURL := sqsURL.String()
 	hostName := sqsURL.Hostname()
 
@@ -43,7 +49,7 @@ func newSQSRendezvous(sqsQueue string, sqsAccessKeyId string, sqsSecretKey strin
 	region := res[1]
 	cfg, err := config.LoadDefaultConfig(context.TODO(),
 		config.WithCredentialsProvider(
-			credentials.NewStaticCredentialsProvider(sqsAccessKeyId, sqsSecretKey, ""),
+			credentials.NewStaticCredentialsProvider(sqsCreds.AwsAccessKeyId, sqsCreds.AwsSecretKey, ""),
 		),
 		config.WithRegion(region),
 	)

client/lib/rendezvous_test.go

@@ -284,7 +284,7 @@ func TestSQSRendezvous(t *testing.T) {
 
 		Convey("Construct SQS queue rendezvous", func() {
 			transport := &mockTransport{http.StatusOK, []byte{}}
-			rend, err := newSQSRendezvous("https://sqs.us-east-1.amazonaws.com", "some-access-key-id", "some-secret-key", transport)
+			rend, err := newSQSRendezvous("https://sqs.us-east-1.amazonaws.com", "eyJhd3MtYWNjZXNzLWtleS1pZCI6InRlc3QtYWNjZXNzLWtleSIsImF3cy1zZWNyZXQta2V5IjoidGVzdC1zZWNyZXQta2V5In0=", transport)
 
 			So(err, ShouldBeNil)
 			So(rend.sqsClient, ShouldNotBeNil)

client/lib/snowflake.go

@@ -89,9 +89,8 @@ type ClientConfig struct {
 	// SQSQueueURL is the full URL of an AWS SQS Queue. A nonzero value indicates
 	// that SQS queue will be used as the rendezvous method with the broker.
 	SQSQueueURL string
-	// Access Key ID and Secret Key of the credentials used to access the AWS SQS Qeueue
-	SQSAccessKeyID string
-	SQSSecretKey   string
+	// Base64 encoded string of the credentials containing access Key ID and secret key used to access the AWS SQS Qeueue
+	SQSCredsStr string
 	// FrontDomain is the full URL of an optional front domain that can be used with either
 	// the AMP cache or HTTP domain fronting rendezvous method.
 	FrontDomain string