From 776bbe7c1c71e4b9397893c895631be5b7b0c279 Mon Sep 17 00:00:00 2001 From: Blake Pettersson Date: Fri, 12 Jul 2024 12:25:22 +0200 Subject: [PATCH] chore: rename type Signed-off-by: Blake Pettersson --- internal/credentials/kubernetes/database.go | 2 +- .../ecr/managed_identity_credential.go | 14 +++++------ .../ecr/managed_identity_credential_test.go | 24 +++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/internal/credentials/kubernetes/database.go b/internal/credentials/kubernetes/database.go index fabfcd7c5..7e581fb71 100644 --- a/internal/credentials/kubernetes/database.go +++ b/internal/credentials/kubernetes/database.go @@ -55,7 +55,7 @@ func NewDatabase( credentialHelpers := []credentials.Helper{ basic.SecretToCreds, ecr.NewAccessKeyCredentialHelper(), - ecr.NewManagedIAMCredentialHelper(ctx), + ecr.NewManagedIdentityCredentialHelper(ctx), gar.NewServiceAccountKeyCredentialHelper(), gar.NewWorkloadIdentityFederationCredentialHelper(ctx), github.NewAppCredentialHelper(), diff --git a/internal/credentials/kubernetes/ecr/managed_identity_credential.go b/internal/credentials/kubernetes/ecr/managed_identity_credential.go index 4998eb182..c5cda314c 100644 --- a/internal/credentials/kubernetes/ecr/managed_identity_credential.go +++ b/internal/credentials/kubernetes/ecr/managed_identity_credential.go @@ -23,7 +23,7 @@ import ( "github.com/akuity/kargo/internal/logging" ) -type managedIAMCredentialHelper struct { +type managedIdentityCredentialHelper struct { awsAccountID string tokenCache *cache.Cache @@ -37,9 +37,9 @@ type managedIAMCredentialHelper struct { ) (string, error) } -// NewManagedIAMCredentialHelper returns an implementation of +// NewManagedIdentityCredentialHelper returns an implementation of // credentials.Helper that utilizes a cache to avoid unnecessary calls to AWS. -func NewManagedIAMCredentialHelper(ctx context.Context) credentials.Helper { +func NewManagedIdentityCredentialHelper(ctx context.Context) credentials.Helper { logger := logging.LoggerFromContext(ctx) var awsAccountID string if os.Getenv("AWS_CONTAINER_CREDENTIALS_FULL_URI") != "" { @@ -71,7 +71,7 @@ func NewManagedIAMCredentialHelper(ctx context.Context) credentials.Helper { awsAccountID = *res.Account } } - p := &managedIAMCredentialHelper{ + p := &managedIdentityCredentialHelper{ awsAccountID: awsAccountID, tokenCache: cache.New( // Tokens live for 12 hours. We'll hang on to them for 10. @@ -83,7 +83,7 @@ func NewManagedIAMCredentialHelper(ctx context.Context) credentials.Helper { return p.getCredentials } -func (p *managedIAMCredentialHelper) getCredentials( +func (p *managedIdentityCredentialHelper) getCredentials( ctx context.Context, project string, credType credentials.Type, @@ -133,7 +133,7 @@ func (p *managedIAMCredentialHelper) getCredentials( return decodeAuthToken(encodedToken) } -func (p *managedIAMCredentialHelper) tokenCacheKey(region, project string) string { +func (p *managedIdentityCredentialHelper) tokenCacheKey(region, project string) string { return fmt.Sprintf( "%x", sha256.Sum256([]byte( @@ -145,7 +145,7 @@ func (p *managedIAMCredentialHelper) tokenCacheKey(region, project string) strin // getAuthToken returns an ECR authorization token obtained by assuming a // project-specific IAM role and using that to obtain a short-lived ECR access // token. -func (p *managedIAMCredentialHelper) getAuthToken( +func (p *managedIdentityCredentialHelper) getAuthToken( ctx context.Context, region string, project string, diff --git a/internal/credentials/kubernetes/ecr/managed_identity_credential_test.go b/internal/credentials/kubernetes/ecr/managed_identity_credential_test.go index 191a2e22b..cbeed03a2 100644 --- a/internal/credentials/kubernetes/ecr/managed_identity_credential_test.go +++ b/internal/credentials/kubernetes/ecr/managed_identity_credential_test.go @@ -26,7 +26,7 @@ func TestPodIdentityCredentialHelper(t *testing.T) { warmTokenCache := cache.New(0, 0) warmTokenCache.Set( - (&managedIAMCredentialHelper{}).tokenCacheKey(testRegion, testProject), + (&managedIdentityCredentialHelper{}).tokenCacheKey(testRegion, testProject), testEncodedToken, cache.DefaultExpiration, ) @@ -35,13 +35,13 @@ func TestPodIdentityCredentialHelper(t *testing.T) { name string credType credentials.Type repoURL string - helper *managedIAMCredentialHelper + helper *managedIdentityCredentialHelper assertions func(*testing.T, *credentials.Credentials, *cache.Cache, error) }{ { name: "cred type is not image", credType: credentials.TypeGit, - helper: &managedIAMCredentialHelper{ + helper: &managedIdentityCredentialHelper{ awsAccountID: testAWSAccountID, }, assertions: func(t *testing.T, creds *credentials.Credentials, _ *cache.Cache, err error) { @@ -53,7 +53,7 @@ func TestPodIdentityCredentialHelper(t *testing.T) { name: "EKS Pod Identity not in use", credType: credentials.TypeImage, repoURL: testRepoURL, - helper: &managedIAMCredentialHelper{}, + helper: &managedIdentityCredentialHelper{}, assertions: func(t *testing.T, creds *credentials.Credentials, _ *cache.Cache, err error) { require.NoError(t, err) require.Nil(t, creds) @@ -63,7 +63,7 @@ func TestPodIdentityCredentialHelper(t *testing.T) { name: "repo URL does not match ECR URL regex", credType: credentials.TypeImage, repoURL: "ghcr.io/fake-org/fake-repo", - helper: &managedIAMCredentialHelper{ + helper: &managedIdentityCredentialHelper{ awsAccountID: testAWSAccountID, }, assertions: func(t *testing.T, creds *credentials.Credentials, _ *cache.Cache, err error) { @@ -75,7 +75,7 @@ func TestPodIdentityCredentialHelper(t *testing.T) { name: "helm repo URL does not match ECR URL regex", credType: credentials.TypeHelm, repoURL: testRepoURL, - helper: &managedIAMCredentialHelper{ + helper: &managedIdentityCredentialHelper{ awsAccountID: testAWSAccountID, }, assertions: func(t *testing.T, creds *credentials.Credentials, _ *cache.Cache, err error) { @@ -87,7 +87,7 @@ func TestPodIdentityCredentialHelper(t *testing.T) { name: "cache hit", credType: credentials.TypeImage, repoURL: testRepoURL, - helper: &managedIAMCredentialHelper{ + helper: &managedIdentityCredentialHelper{ awsAccountID: testAWSAccountID, tokenCache: warmTokenCache, }, @@ -102,7 +102,7 @@ func TestPodIdentityCredentialHelper(t *testing.T) { name: "cache miss; error getting auth token", credType: credentials.TypeImage, repoURL: testRepoURL, - helper: &managedIAMCredentialHelper{ + helper: &managedIdentityCredentialHelper{ awsAccountID: testAWSAccountID, tokenCache: cache.New(0, 0), getAuthTokenFn: func(context.Context, string, string) (string, error) { @@ -118,7 +118,7 @@ func TestPodIdentityCredentialHelper(t *testing.T) { name: "cache miss; success", credType: credentials.TypeImage, repoURL: testRepoURL, - helper: &managedIAMCredentialHelper{ + helper: &managedIdentityCredentialHelper{ awsAccountID: testAWSAccountID, tokenCache: cache.New(0, 0), getAuthTokenFn: func(context.Context, string, string) (string, error) { @@ -131,7 +131,7 @@ func TestPodIdentityCredentialHelper(t *testing.T) { require.Equal(t, testUsername, creds.Username) require.Equal(t, testPassword, creds.Password) _, found := c.Get( - (&managedIAMCredentialHelper{}).tokenCacheKey(testRegion, testProject), + (&managedIdentityCredentialHelper{}).tokenCacheKey(testRegion, testProject), ) require.True(t, found) }, @@ -140,7 +140,7 @@ func TestPodIdentityCredentialHelper(t *testing.T) { name: "cache miss; success (helm)", credType: credentials.TypeHelm, repoURL: fmt.Sprintf("oci://%s", testRepoURL), - helper: &managedIAMCredentialHelper{ + helper: &managedIdentityCredentialHelper{ awsAccountID: testAWSAccountID, tokenCache: cache.New(0, 0), getAuthTokenFn: func(context.Context, string, string) (string, error) { @@ -153,7 +153,7 @@ func TestPodIdentityCredentialHelper(t *testing.T) { require.Equal(t, testUsername, creds.Username) require.Equal(t, testPassword, creds.Password) _, found := c.Get( - (&managedIAMCredentialHelper{}).tokenCacheKey(testRegion, testProject), + (&managedIdentityCredentialHelper{}).tokenCacheKey(testRegion, testProject), ) require.True(t, found) },