chore: Separate AwsCredentials from AwsConfig

[lym953]

Problem

Right now AwsConfig has a lot of fields, including the ones related to credential:

    pub aws_access_key_id: String,
    pub aws_secret_access_key: String,
    pub aws_session_token: String,
    pub aws_container_credentials_full_uri: String,
    pub aws_container_authorization_token: String,

The next PR #717 wants to lazily load API key and the credentials. To do that, for the resolver function resolve_secrets(), I need to change the param aws_config from &AwsConfig to Arc<RwLock<AwsConfig>>. Because aws_config is passed to many places, this change involves updating lots of functions, which is formidable.

This PR

Separates these credential-related fields out from AwsConfig and creates a new struct AwsCredentials

Thus, the next PR will only need to change the param aws_credentials from &AwsCredentials to Arc<RwLock<AwsCredentials>>. Because aws_credentials is not used in lots of places, the next PR becomes easier.

https://datadoghq.atlassian.net/issues/SVLS-6996
https://datadoghq.atlassian.net/issues/SVLS-6998

[lym953]

I don't see a region to pass region separately in the old code. It should be the same as the region in aws_config.
In the new code, removing aws_config since region is the only field needed from aws_config.

[astuyve]

secrets can be cross region, see: #594

[lym953]

Got it. Let me add back aws_config param.

[Copilot]

Pull Request Overview

This PR separates AWS credential fields from AwsConfig and introduces a new struct, AwsCredentials, to simplify upcoming changes involving lazy loading of credentials. Key changes include updating function signatures in decrypt.rs to accept an AwsCredentials parameter, updating helper functions to use AwsCredentials, and modifying tests to use the new structure.

Reviewed Changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
bottlecap/src/secrets/decrypt.rs	Updated resolve_secrets and helper functions to use AwsCredentials
bottlecap/src/proxy/mod.rs	Removed credential fields from test AwsConfig instances
bottlecap/src/proxy/interceptor.rs	Adjusted test AwsConfig instantiation to account for extracted fields
bottlecap/src/lifecycle/invocation/span_inferrer.rs	Removed credential fields in test AwsConfig instantiation
bottlecap/src/lifecycle/invocation/processor.rs	Removed credential fields in test AwsConfig instantiation
bottlecap/src/config/aws.rs	Removed credential fields from AwsConfig and added the AwsCredentials struct

Comments suppressed due to low confidence (3)

bottlecap/src/secrets/decrypt.rs:45

• Ensure that the logic comparing empty credential fields in aws_credentials aligns with how credentials are initialized elsewhere, to avoid false negatives when credentials are intentionally empty.

            if aws_credentials.aws_secret_access_key.is_empty()

bottlecap/src/secrets/decrypt.rs:20

• [nitpick] Consider whether the use of a mutable reference for AwsCredentials in resolve_secrets is necessary, or if the function could accept an immutable reference to improve safety and concurrency.

pub async fn resolve_secrets(

bottlecap/src/config/aws.rs:41

• [nitpick] Adding brief documentation comments for the fields in AwsCredentials would improve clarity for future maintainers.

pub struct AwsCredentials {

[Copilot]

Since credential fields are now removed from AwsConfig, ensure that any test or sample initialization that previously provided dummy credential values is updated to either create an AwsCredentials instance or clearly document that these values are not required.

Suggested change

	// Note: Credentials are not required for this test case as it does not involve AWS authentication.