aws
diff --git a/‎Makefile
+31 b/‎Makefile
+31
diff --git a/‎cmd/main.go
+38 b/‎cmd/main.go
+38
diff --git a/‎go.mod
+31 b/‎go.mod
+31
diff --git a/‎go.sum
+76 b/‎go.sum
+76
diff --git a/‎internal/client/client.go
+86 b/‎internal/client/client.go
+86
diff --git a/‎internal/client/client_test.go
+50 b/‎internal/client/client_test.go
+50
diff --git a/‎internal/client/interface.go
+13 b/‎internal/client/interface.go
+13
@@ -0,0 +1,31 @@
+BASE_DIR := $(dir $(realpath -s $(firstword $(MAKEFILE_LIST))))
+
+.PHONY: build
+build: | generate-mocks
+	go build -o $(BASE_DIR)/build/bin/notation-com.amazonaws.signer.notation.plugin $(BASE_DIR)/cmd
+
+.PHONY: generate-mocks
+generate-mocks:
+	@if ! command -v mockgen &> /dev/null; then \
+		echo "Installing mockgen as it is not present in the system..."; \
+		go install github.com/golang/mock/[email protected]; \
+	fi
+	@echo "Generating Mocks..."
+	$(GOPATH)/bin/mockgen -package client -destination=./internal/client/mock_client.go "github.com/aws/aws-signer-notation-plugin/internal/client" Interface
+	@echo "Mocks generated successfully."
+
+.PHONY: clean-mocks
+clean-mocks:
+	rm -rf ./internal/client/mock_client.go
+
+.PHONY: test
+test: check-line-endings
+	go test -v -race -coverprofile=coverage.txt -covermode=atomic ./...
+
+.PHONY: check-line-endings
+check-line-endings:
+	! find . -name "*.go" -type f -exec file "{}" ";" | grep CRLF
+
+.PHONY: fix-line-endings
+fix-line-endings:
+	find . -type f -name "*.go" -exec sed -i -e "s/\r//g" {} +
@@ -0,0 +1,38 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/aws/aws-signer-notation-plugin/internal/logger"
+	"github.com/aws/aws-signer-notation-plugin/plugin"
+
+	"github.com/notaryproject/notation-plugin-framework-go/cli"
+)
+
+const debugFlag = "AWS_SIGNER_NOTATION_PLUGIN_DEBUG"
+
+func main() {
+	awsPlugin := plugin.NewAWSSignerForCLI()
+	ctx := context.Background()
+
+	var pluginCli *cli.CLI
+	var err error
+	if os.Getenv(debugFlag) == "true" {
+		log, logErr := logger.New()
+		if logErr != nil {
+			os.Exit(100)
+		}
+		defer log.Close()
+		ctx = log.UpdateContext(ctx)
+		pluginCli, err = cli.NewWithLogger(awsPlugin, log)
+	} else {
+		pluginCli, err = cli.New(awsPlugin)
+	}
+	if err != nil {
+		_, _ = fmt.Fprintf(os.Stderr, "failed to create executable: %v\n", err)
+		os.Exit(101)
+	}
+	pluginCli.Execute(ctx, os.Args)
+}
@@ -0,0 +1,31 @@
+go 1.21
+
+module github.com/aws/aws-signer-notation-plugin
+
+require (
+	github.com/aws/aws-sdk-go-v2 v1.25.3
+	github.com/aws/aws-sdk-go-v2/config v1.26.2
+	github.com/aws/aws-sdk-go-v2/service/signer v1.19.6
+	github.com/aws/smithy-go v1.20.1
+	github.com/golang/mock v1.6.0
+	github.com/notaryproject/notation-plugin-framework-go v1.0.0
+	github.com/stretchr/testify v1.8.4
+)
+
+require (
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.13 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.26.6 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
@@ -0,0 +1,76 @@
+github.com/aws/aws-sdk-go-v2 v1.25.3 h1:xYiLpZTQs1mzvz5PaI6uR0Wh57ippuEthxS4iK5v0n0=
+github.com/aws/aws-sdk-go-v2 v1.25.3/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I=
+github.com/aws/aws-sdk-go-v2/config v1.26.2 h1:+RWLEIWQIGgrz2pBPAUoGgNGs1TOyF4Hml7hCnYj2jc=
+github.com/aws/aws-sdk-go-v2/config v1.26.2/go.mod h1:l6xqvUxt0Oj7PI/SUXYLNyZ9T/yBPn3YTQcJLLOdtR8=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.13 h1:WLABQ4Cp4vXtXfOWOS3MEZKr6AAYUpMczLhgKtAjQ/8=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.13/go.mod h1:Qg6x82FXwW0sJHzYruxGiuApNo31UEtJvXVSZAXeWiw=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6JkVzjowOKeOJRHERyy1vh58=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3 h1:ifbIbHZyGl1alsAhPIYsHOg5MuApgqOvVeI8wIugXfs=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3/go.mod h1:oQZXg3c6SNeY6OZrDY+xHcF4VGIEoNotX2B4PrDeoJI=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 h1:Qvodo9gHG9F3E8SfYOspPeBt0bjSbsevK8WhRAUHcoY=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3/go.mod h1:vCKrdLXtybdf/uQd/YfVR2r5pcbNuEYKzMQpcxmeSJw=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsMJDJ2sLur1gRBhEM=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 h1:Nf2sHxjMJR8CSImIVCONRi4g0Su3J+TSTbS7G0pUeMU=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9/go.mod h1:idky4TER38YIjr2cADF1/ugFMKvZV7p//pVeV5LZbF0=
+github.com/aws/aws-sdk-go-v2/service/signer v1.19.6 h1:Y4Rikb/krOWTfdy6dzQ2/WbBGRTTPcM6qAB+Mt0QKVo=
+github.com/aws/aws-sdk-go-v2/service/signer v1.19.6/go.mod h1:Y3u+41K5TVVkKhSlzZ+mtUI9z1k13TxpLtbJNHhV3fA=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 h1:ldSFWz9tEHAwHNmjx2Cvy1MjP5/L9kNoR0skc6wyOOM=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.5/go.mod h1:CaFfXLYL376jgbP7VKC96uFcU8Rlavak0UlAwk1Dlhc=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 h1:2k9KmFawS63euAkY4/ixVNsYYwrwnd5fIvgEKkfZFNM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5/go.mod h1:W+nd4wWDVkSUIox9bacmkBP5NMFQeTJ/xqNabpzSR38=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.6 h1:HJeiuZ2fldpd0WqngyMR6KW7ofkXNLyOaHwEIGm39Cs=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.6/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU=
+github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw=
+github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
+github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW34dhU4az1GN0pTPADwNmvoRSeoZ6PItiqnY=
+github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/notaryproject/notation-plugin-framework-go v1.0.0 h1:6Qzr7DGXoCgXEQN+1gTZWuJAZvxh3p8Lryjn5FaLzi4=
+github.com/notaryproject/notation-plugin-framework-go v1.0.0/go.mod h1:RqWSrTOtEASCrGOEffq0n8pSg2KOgKYiWqFWczRSics=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -0,0 +1,86 @@
+// Package client creates AWS service like AWS Signer client required by plugin.
+package client
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/aws/aws-signer-notation-plugin/internal/logger"
+	"github.com/aws/aws-signer-notation-plugin/internal/version"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/signer"
+	"github.com/aws/smithy-go/logging"
+	"github.com/aws/smithy-go/middleware"
+	"github.com/notaryproject/notation-plugin-framework-go/plugin"
+
+	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+)
+
+const (
+	configKeyAwsProfile     = "aws-profile"
+	configKeyAwsRegion      = "aws-region"
+	configKeySignerEndpoint = "aws-signer-endpoint-url"
+)
+
+// NewAWSSigner creates new AWS Signer client from given pluginConfig
+func NewAWSSigner(ctx context.Context, pluginConfig map[string]string) (*signer.Client, error) {
+	log := logger.GetLogger(ctx)
+	log.Debugln("Initializing Signer Client")
+	loadOptions := getLoadOptions(ctx, pluginConfig)
+
+	// Use default config for aws credentials
+	defaultConfig, err := config.LoadDefaultConfig(ctx, loadOptions...)
+	if err != nil {
+		return nil, plugin.NewGenericError(err.Error())
+	}
+	s, err := signer.NewFromConfig(defaultConfig), nil
+
+	log.Debugln("Initialized Signer Client")
+	return s, err
+}
+
+func getLoadOptions(ctx context.Context, pluginConfig map[string]string) []func(*config.LoadOptions) error {
+	log := logger.GetLogger(ctx)
+	var loadOptions []func(*config.LoadOptions) error
+	if customEndpoint, ok := pluginConfig[configKeySignerEndpoint]; ok {
+		customResolver := aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) {
+			if service == signer.ServiceID && customEndpoint != "" {
+				log.Debug("AWS Signer endpoint override: " + customEndpoint)
+				return aws.Endpoint{
+					PartitionID:   "aws",
+					URL:           customEndpoint,
+					SigningRegion: region,
+				}, nil
+			}
+			// returning EndpointNotFoundError will allow the service to fall back to its default resolution
+			return aws.Endpoint{}, &aws.EndpointNotFoundError{}
+		})
+		loadOptions = append(loadOptions, config.WithEndpointResolverWithOptions(customResolver))
+	}
+
+	if region, ok := pluginConfig[configKeyAwsRegion]; ok {
+		loadOptions = append(loadOptions, config.WithRegion(region))
+		log.Debugf("AWS Signer region override: %s\n", region)
+	}
+
+	if credentialProfile, ok := pluginConfig[configKeyAwsProfile]; ok {
+		loadOptions = append(loadOptions, config.WithSharedConfigProfile(credentialProfile))
+		log.Debugf("AWS Signer credential profile: %s\n", credentialProfile)
+	}
+
+	loadOptions = append(loadOptions, config.WithAPIOptions([]func(*middleware.Stack) error{
+		awsmiddleware.AddUserAgentKeyValue("aws-signer-caller", "NotationPlugin/"+version.Version),
+	}))
+
+	if log.IsDebug() {
+		loadOptions = append(loadOptions, config.WithClientLogMode(aws.LogRequestWithBody|aws.LogResponseWithBody))
+		loadOptions = append(loadOptions, config.WithLogConfigurationWarnings(true))
+		loadOptions = append(loadOptions, config.WithLogger(logging.LoggerFunc(func(_ logging.Classification, format string, v ...interface{}) {
+			log.Debugf("AWS call %s\n", fmt.Sprintf(format, v))
+		})))
+	}
+
+	return loadOptions
+}
@@ -0,0 +1,50 @@
+package client
+
+import (
+	"context"
+	"os"
+	"testing"
+
+	"github.com/aws/aws-signer-notation-plugin/internal/logger"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNewAWSSigner(t *testing.T) {
+	tests := map[string]map[string]string{
+		"emptyConfig":           {},
+		configKeySignerEndpoint: {configKeySignerEndpoint: "https://127.0.0.1:80/some-endpoint"},
+		configKeyAwsRegion:      {configKeyAwsRegion: "us-east-1"},
+	}
+	for name, config := range tests {
+		t.Run(name, func(t *testing.T) {
+			_, err := NewAWSSigner(context.TODO(), config)
+			assert.Nil(t, err, "NewAWSSigner returned error")
+		})
+	}
+}
+
+func TestNewAWSSigner_Debug(t *testing.T) {
+	// we need this because build fleet might not have XDG_CONFIG_HOME set
+	tempDir, _ := os.MkdirTemp("", "tempDir")
+	defer os.RemoveAll(tempDir)
+	t.Setenv("XDG_CONFIG_HOME", os.TempDir())
+
+	ctx := context.TODO()
+	dl, _ := logger.New()
+	ctx = dl.UpdateContext(ctx)
+	_, err := NewAWSSigner(ctx, map[string]string{})
+	assert.Nil(t, err, "NewAWSSigner returned error")
+}
+
+func TestNewAWSSigner_InvalidProfile(t *testing.T) {
+	// we need this because build fleet might not have XDG_CONFIG_HOME set
+	tempDir, _ := os.MkdirTemp("", "tempDir")
+	defer os.RemoveAll(tempDir)
+	t.Setenv("XDG_CONFIG_HOME", os.TempDir())
+
+	ctx := context.TODO()
+	dl, _ := logger.New()
+	ctx = dl.UpdateContext(ctx)
+	_, err := NewAWSSigner(ctx, map[string]string{configKeyAwsProfile: "someProfile"})
+	assert.Error(t, err, "NewAWSSigner returned error")
+}
@@ -0,0 +1,13 @@
+package client
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/service/signer"
+)
+
+// Interface facilitates unit testing
+type Interface interface {
+	SignPayload(ctx context.Context, params *signer.SignPayloadInput, optFns ...func(*signer.Options)) (*signer.SignPayloadOutput, error)
+	GetRevocationStatus(ctx context.Context, params *signer.GetRevocationStatusInput, optFns ...func(*signer.Options)) (*signer.GetRevocationStatusOutput, error)
+}