Addapting tests

Switch return type from *time.Time to time.Time.

Signed-off-by: Soule BA <bah.soule@gmail.com>

oci/auth/aws/auth.go

@@ -79,7 +79,7 @@ func (c *Client) WithConfig(cfg *aws.Config) {
 // be the case if it's running in EKS, and may need additional setup
 // otherwise (visit https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/
 // as a starting point).
-func (c *Client) getLoginAuth(ctx context.Context, awsEcrRegion string) (authn.AuthConfig, *time.Time, error) {
+func (c *Client) getLoginAuth(ctx context.Context, awsEcrRegion string) (authn.AuthConfig, time.Time, error) {
 	var authConfig authn.AuthConfig
 	var cfg aws.Config
 
@@ -91,7 +91,7 @@ func (c *Client) getLoginAuth(ctx context.Context, awsEcrRegion string) (authn.A
 		cfg, err = config.LoadDefaultConfig(ctx, config.WithRegion(awsEcrRegion))
 		if err != nil {
 			c.mu.Unlock()
-			return authConfig, nil, fmt.Errorf("failed to load default configuration: %w", err)
+			return authConfig, time.Time{}, fmt.Errorf("failed to load default configuration: %w", err)
 		}
 		c.config = &cfg
 	}
@@ -102,52 +102,56 @@ func (c *Client) getLoginAuth(ctx context.Context, awsEcrRegion string) (authn.A
 	// pass nil input.
 	ecrToken, err := ecrService.GetAuthorizationToken(ctx, nil)
 	if err != nil {
-		return authConfig, nil, err
+		return authConfig, time.Time{}, err
 	}
 
 	// Validate the authorization data.
 	if len(ecrToken.AuthorizationData) == 0 {
-		return authConfig, nil, errors.New("no authorization data")
+		return authConfig, time.Time{}, errors.New("no authorization data")
 	}
 	if ecrToken.AuthorizationData[0].AuthorizationToken == nil {
-		return authConfig, nil, fmt.Errorf("no authorization token")
+		return authConfig, time.Time{}, fmt.Errorf("no authorization token")
 	}
 	token, err := base64.StdEncoding.DecodeString(*ecrToken.AuthorizationData[0].AuthorizationToken)
 	if err != nil {
-		return authConfig, nil, err
+		return authConfig, time.Time{}, err
 	}
 
 	tokenSplit := strings.Split(string(token), ":")
 	// Validate the tokens.
 	if len(tokenSplit) != 2 {
-		return authConfig, nil, fmt.Errorf("invalid authorization token, expected the token to have two parts separated by ':', got %d parts", len(tokenSplit))
+		return authConfig, time.Time{}, fmt.Errorf("invalid authorization token, expected the token to have two parts separated by ':', got %d parts", len(tokenSplit))
 	}
 	authConfig = authn.AuthConfig{
 		Username: tokenSplit[0],
 		Password: tokenSplit[1],
 	}
-	return authConfig, ecrToken.AuthorizationData[0].ExpiresAt, nil
+	expiresAt := ecrToken.AuthorizationData[0].ExpiresAt
+	if expiresAt == nil {
+		expiresAt = &time.Time{}
+	}
+	return authConfig, *expiresAt, nil
 }
 
 // LoginWithExpiry attempts to get the authentication material for ECR.
 // It returns the authentication material and the expiry time of the token.
-func (c *Client) LoginWithExpiry(ctx context.Context, autoLogin bool, image string) (authn.Authenticator, *time.Time, error) {
+func (c *Client) LoginWithExpiry(ctx context.Context, autoLogin bool, image string) (authn.Authenticator, time.Time, error) {
 	if autoLogin {
 		log.FromContext(ctx).Info("logging in to AWS ECR for " + image)
 		_, awsEcrRegion, ok := ParseRegistry(image)
 		if !ok {
-			return nil, nil, errors.New("failed to parse AWS ECR image, invalid ECR image")
+			return nil, time.Time{}, errors.New("failed to parse AWS ECR image, invalid ECR image")
 		}
 
 		authConfig, expiresAt, err := c.getLoginAuth(ctx, awsEcrRegion)
 		if err != nil {
-			return nil, nil, err
+			return nil, time.Time{}, err
 		}
 
 		auth := authn.FromConfig(authConfig)
 		return auth, expiresAt, nil
 	}
-	return nil, nil, fmt.Errorf("ECR authentication failed: %w", oci.ErrUnconfiguredProvider)
+	return nil, time.Time{}, fmt.Errorf("ECR authentication failed: %w", oci.ErrUnconfiguredProvider)
 }
 
 // Login attempts to get the authentication material for ECR.
@@ -156,25 +160,20 @@ func (c *Client) Login(ctx context.Context, autoLogin bool, image string) (authn
 	return auth, err
 }
 
-// OIDCLoginWithExpiry attempts to get the authentication material for ECR.
-// It returns the authentication material and the expiry time of the token.
-func (c *Client) OIDCLoginWithExpiry(ctx context.Context, registryURL string) (authn.Authenticator, *time.Time, error) {
+// OIDCLogin attempts to get the authentication material for ECR.
+//
+// Deprecated: Use LoginWithExpiry instead.
+func (c *Client) OIDCLogin(ctx context.Context, registryURL string) (authn.Authenticator, error) {
 	_, awsEcrRegion, ok := ParseRegistry(registryURL)
 	if !ok {
-		return nil, nil, errors.New("failed to parse AWS ECR image, invalid ECR image")
+		return nil, errors.New("failed to parse AWS ECR image, invalid ECR image")
 	}
 
-	authConfig, expiresAt, err := c.getLoginAuth(ctx, awsEcrRegion)
+	authConfig, _, err := c.getLoginAuth(ctx, awsEcrRegion)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
 	auth := authn.FromConfig(authConfig)
-	return auth, expiresAt, nil
-}
-
-// OIDCLogin attempts to get the authentication material for ECR.
-func (c *Client) OIDCLogin(ctx context.Context, registryURL string) (authn.Authenticator, error) {
-	auth, _, err := c.OIDCLoginWithExpiry(ctx, registryURL)
-	return auth, err
+	return auth, nil
 }

oci/auth/aws/auth_test.go

@@ -18,9 +18,11 @@ package aws
 
 import (
 	"context"
+	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"testing"
+	"time"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/credentials"
@@ -99,6 +101,7 @@ func TestParseRegistry(t *testing.T) {
 }
 
 func TestGetLoginAuth(t *testing.T) {
+	authorizationData := fmt.Sprintf(`{"authorizationData": [{"authorizationToken": "c29tZS1rZXk6c29tZS1zZWNyZXQ=","expiresAt": %d}]}`, time.Now().Add(1*time.Hour).Unix())
 	tests := []struct {
 		name           string
 		responseBody   []byte
@@ -108,15 +111,9 @@ func TestGetLoginAuth(t *testing.T) {
 	}{
 		{
 			// NOTE: The authorizationToken is base64 encoded.
-			name: "success",
-			responseBody: []byte(`{
-	"authorizationData": [
-		{
-			"authorizationToken": "c29tZS1rZXk6c29tZS1zZWNyZXQ="
-		}
-	]
-}`),
-			statusCode: http.StatusOK,
+			name:         "success",
+			responseBody: []byte(authorizationData),
+			statusCode:   http.StatusOK,
 			wantAuthConfig: authn.AuthConfig{
 				Username: "some-key",
 				Password: "some-secret",
@@ -183,8 +180,11 @@ func TestGetLoginAuth(t *testing.T) {
 			cfg.Credentials = credentials.NewStaticCredentialsProvider("x", "y", "z")
 			ec.WithConfig(cfg)
 
-			a, _, err := ec.getLoginAuth(context.TODO(), "us-east-1")
+			a, expiresAt, err := ec.getLoginAuth(context.TODO(), "us-east-1")
 			g.Expect(err != nil).To(Equal(tt.wantErr))
+			if !tt.wantErr {
+				g.Expect(expiresAt).To(BeTemporally("~", time.Now().Add(1*time.Hour), time.Second))
+			}
 			if tt.statusCode == http.StatusOK {
 				g.Expect(a).To(Equal(tt.wantAuthConfig))
 			}

oci/auth/azure/auth.go

@@ -36,7 +36,7 @@ import (
 
 // Default cache expiration time in seconds for ACR refresh token.
 // TODO @souleb: This is copied from https://github.com/Azure/msi-acrpull/blob/0ca921a7740e561c7204d9c3b3b55c4e0b9bd7b9/pkg/authorizer/token_retriever.go#L21C2-L21C39
-// as it not provided by the Azure SDK. See with the Azure SDK team to see if there is a better way to get this value.
+// as it is not provided by the Azure SDK. Check with the Azure SDK team to see if there is a better way to get this value.
 const defaultCacheExpirationInSeconds = 600
 
 // Client is an Azure ACR client which can log into the registry and return
@@ -66,7 +66,7 @@ func (c *Client) WithScheme(scheme string) *Client {
 // getLoginAuth returns authentication for ACR. The details needed for authentication
 // are gotten from environment variable so there is no need to mount a host path.
 // The endpoint is the registry server and will be queried for OAuth authorization token.
-func (c *Client) getLoginAuth(ctx context.Context, registryURL string) (authn.AuthConfig, *time.Time, error) {
+func (c *Client) getLoginAuth(ctx context.Context, registryURL string) (authn.AuthConfig, time.Time, error) {
 	var authConfig authn.AuthConfig
 
 	// Use default credentials if no token credential is provided.
@@ -75,7 +75,7 @@ func (c *Client) getLoginAuth(ctx context.Context, registryURL string) (authn.Au
 	if c.credential == nil {
 		cred, err := azidentity.NewDefaultAzureCredential(nil)
 		if err != nil {
-			return authConfig, nil, err
+			return authConfig, time.Time{}, err
 		}
 		c.credential = cred
 	}
@@ -86,14 +86,14 @@ func (c *Client) getLoginAuth(ctx context.Context, registryURL string) (authn.Au
 		Scopes: []string{configurationEnvironment.Services[cloud.ResourceManager].Endpoint + "/" + ".default"},
 	})
 	if err != nil {
-		return authConfig, nil, err
+		return authConfig, time.Time{}, err
 	}
 
 	// Obtain ACR access token using exchanger.
 	ex := newExchanger(registryURL)
 	accessToken, err := ex.ExchangeACRAccessToken(string(armToken.Token))
 	if err != nil {
-		return authConfig, nil, fmt.Errorf("error exchanging token: %w", err)
+		return authConfig, time.Time{}, fmt.Errorf("error exchanging token: %w", err)
 	}
 
 	expiresAt := time.Now().Add(defaultCacheExpirationInSeconds * time.Second)
@@ -103,7 +103,7 @@ func (c *Client) getLoginAuth(ctx context.Context, registryURL string) (authn.Au
 		// See documentation: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli#az-acr-login-with---expose-token
 		Username: "00000000-0000-0000-0000-000000000000",
 		Password: accessToken,
-	}, &expiresAt, nil
+	}, expiresAt, nil
 }
 
 // getCloudConfiguration returns the cloud configuration based on the registry URL.
@@ -133,7 +133,7 @@ func ValidHost(host string) bool {
 // LoginWithExpiry attempts to get the authentication material for ACR.
 // It returns the authentication material and the expiry time of the token.
 // The caller can ensure that the passed image is a valid ACR image using ValidHost().
-func (c *Client) LoginWithExpiry(ctx context.Context, autoLogin bool, image string, ref name.Reference) (authn.Authenticator, *time.Time, error) {
+func (c *Client) LoginWithExpiry(ctx context.Context, autoLogin bool, image string, ref name.Reference) (authn.Authenticator, time.Time, error) {
 	if autoLogin {
 		log.FromContext(ctx).Info("logging in to Azure ACR for " + image)
 		// get registry host from image
@@ -142,13 +142,13 @@ func (c *Client) LoginWithExpiry(ctx context.Context, autoLogin bool, image stri
 		authConfig, expiresAt, err := c.getLoginAuth(ctx, endpoint)
 		if err != nil {
 			log.FromContext(ctx).Info("error logging into ACR " + err.Error())
-			return nil, nil, err
+			return nil, time.Time{}, err
 		}
 
 		auth := authn.FromConfig(authConfig)
 		return auth, expiresAt, nil
 	}
-	return nil, nil, fmt.Errorf("ACR authentication failed: %w", oci.ErrUnconfiguredProvider)
+	return nil, time.Time{}, fmt.Errorf("ACR authentication failed: %w", oci.ErrUnconfiguredProvider)
 }
 
 // Login attempts to get the authentication material for ACR. The caller can
@@ -158,27 +158,19 @@ func (c *Client) Login(ctx context.Context, autoLogin bool, image string, ref na
 	return auth, err
 }
 
-// OIDCLoginWithExpiry attempts to get an Authenticator for the provided ACR registry URL endpoint.
-// It returns the Authenticator and the expiry time of the token.
+// OIDCLogin attempts to get an Authenticator for the provided ACR registry URL endpoint.
 //
 // If you want to construct an Authenticator based on an image reference,
 // you may want to use Login instead.
-func (c *Client) OIDCLoginWithExpiry(ctx context.Context, registryUrl string) (authn.Authenticator, *time.Time, error) {
-	authConfig, expiresAt, err := c.getLoginAuth(ctx, registryUrl)
+//
+// Deprecated: Use LoginWithExpiry instead.
+func (c *Client) OIDCLogin(ctx context.Context, registryUrl string) (authn.Authenticator, error) {
+	authConfig, _, err := c.getLoginAuth(ctx, registryUrl)
 	if err != nil {
 		log.FromContext(ctx).Info("error logging into ACR " + err.Error())
-		return nil, nil, err
+		return nil, err
 	}
 
 	auth := authn.FromConfig(authConfig)
-	return auth, expiresAt, nil
-}
-
-// OIDCLogin attempts to get an Authenticator for the provided ACR registry URL endpoint.
-//
-// If you want to construct an Authenticator based on an image reference,
-// you may want to use Login instead.
-func (c *Client) OIDCLogin(ctx context.Context, registryUrl string) (authn.Authenticator, error) {
-	auth, _, err := c.OIDCLoginWithExpiry(ctx, registryUrl)
-	return auth, err
+	return auth, nil
 }

oci/auth/azure/auth_test.go

@@ -24,6 +24,7 @@ import (
 	"net/url"
 	"path"
 	"testing"
+	"time"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
@@ -84,8 +85,11 @@ func TestGetAzureLoginAuth(t *testing.T) {
 				WithTokenCredential(tt.tokenCredential).
 				WithScheme("http")
 
-			auth, _, err := c.getLoginAuth(context.TODO(), srv.URL)
+			auth, expiresAt, err := c.getLoginAuth(context.TODO(), srv.URL)
 			g.Expect(err != nil).To(Equal(tt.wantErr))
+			if !tt.wantErr {
+				g.Expect(expiresAt).To(BeTemporally("~", time.Now().Add(defaultCacheExpirationInSeconds*time.Second), time.Second))
+			}
 			if tt.statusCode == http.StatusOK {
 				g.Expect(auth).To(Equal(tt.wantAuthConfig))
 			}