From 6f62b25c40ac81d39e813dba54aeafaa9551a4e7 Mon Sep 17 00:00:00 2001 From: Hidetake Iwata Date: Sat, 11 Jan 2025 16:44:56 +0900 Subject: [PATCH] Extract struct tokencache.Config (#1226) --- .../repository_mock/mock_Interface.go | 85 +++++++++---------- pkg/cmd/cmd_test.go | 17 +++- pkg/cmd/get_token.go | 12 +-- pkg/tokencache/repository/repository.go | 50 +++++------ pkg/tokencache/repository/repository_test.go | 13 ++- pkg/tokencache/types.go | 9 ++ pkg/usecases/credentialplugin/get_token.go | 19 ++--- .../credentialplugin/get_token_test.go | 44 ++++++---- 8 files changed, 139 insertions(+), 110 deletions(-) diff --git a/mocks/github.com/int128/kubelogin/pkg/tokencache/repository_mock/mock_Interface.go b/mocks/github.com/int128/kubelogin/pkg/tokencache/repository_mock/mock_Interface.go index 3e7d92c..61911c0 100644 --- a/mocks/github.com/int128/kubelogin/pkg/tokencache/repository_mock/mock_Interface.go +++ b/mocks/github.com/int128/kubelogin/pkg/tokencache/repository_mock/mock_Interface.go @@ -24,9 +24,9 @@ func (_m *MockInterface) EXPECT() *MockInterface_Expecter { return &MockInterface_Expecter{mock: &_m.Mock} } -// FindByKey provides a mock function with given fields: dir, storage, key -func (_m *MockInterface) FindByKey(dir string, storage tokencache.Storage, key tokencache.Key) (*oidc.TokenSet, error) { - ret := _m.Called(dir, storage, key) +// FindByKey provides a mock function with given fields: config, key +func (_m *MockInterface) FindByKey(config tokencache.Config, key tokencache.Key) (*oidc.TokenSet, error) { + ret := _m.Called(config, key) if len(ret) == 0 { panic("no return value specified for FindByKey") @@ -34,19 +34,19 @@ func (_m *MockInterface) FindByKey(dir string, storage tokencache.Storage, key t var r0 *oidc.TokenSet var r1 error - if rf, ok := ret.Get(0).(func(string, tokencache.Storage, tokencache.Key) (*oidc.TokenSet, error)); ok { - return rf(dir, storage, key) + if rf, ok := ret.Get(0).(func(tokencache.Config, tokencache.Key) (*oidc.TokenSet, error)); ok { + return rf(config, key) } - if rf, ok := ret.Get(0).(func(string, tokencache.Storage, tokencache.Key) *oidc.TokenSet); ok { - r0 = rf(dir, storage, key) + if rf, ok := ret.Get(0).(func(tokencache.Config, tokencache.Key) *oidc.TokenSet); ok { + r0 = rf(config, key) } else { if ret.Get(0) != nil { r0 = ret.Get(0).(*oidc.TokenSet) } } - if rf, ok := ret.Get(1).(func(string, tokencache.Storage, tokencache.Key) error); ok { - r1 = rf(dir, storage, key) + if rf, ok := ret.Get(1).(func(tokencache.Config, tokencache.Key) error); ok { + r1 = rf(config, key) } else { r1 = ret.Error(1) } @@ -60,16 +60,15 @@ type MockInterface_FindByKey_Call struct { } // FindByKey is a helper method to define mock.On call -// - dir string -// - storage tokencache.Storage +// - config tokencache.Config // - key tokencache.Key -func (_e *MockInterface_Expecter) FindByKey(dir interface{}, storage interface{}, key interface{}) *MockInterface_FindByKey_Call { - return &MockInterface_FindByKey_Call{Call: _e.mock.On("FindByKey", dir, storage, key)} +func (_e *MockInterface_Expecter) FindByKey(config interface{}, key interface{}) *MockInterface_FindByKey_Call { + return &MockInterface_FindByKey_Call{Call: _e.mock.On("FindByKey", config, key)} } -func (_c *MockInterface_FindByKey_Call) Run(run func(dir string, storage tokencache.Storage, key tokencache.Key)) *MockInterface_FindByKey_Call { +func (_c *MockInterface_FindByKey_Call) Run(run func(config tokencache.Config, key tokencache.Key)) *MockInterface_FindByKey_Call { _c.Call.Run(func(args mock.Arguments) { - run(args[0].(string), args[1].(tokencache.Storage), args[2].(tokencache.Key)) + run(args[0].(tokencache.Config), args[1].(tokencache.Key)) }) return _c } @@ -79,14 +78,14 @@ func (_c *MockInterface_FindByKey_Call) Return(_a0 *oidc.TokenSet, _a1 error) *M return _c } -func (_c *MockInterface_FindByKey_Call) RunAndReturn(run func(string, tokencache.Storage, tokencache.Key) (*oidc.TokenSet, error)) *MockInterface_FindByKey_Call { +func (_c *MockInterface_FindByKey_Call) RunAndReturn(run func(tokencache.Config, tokencache.Key) (*oidc.TokenSet, error)) *MockInterface_FindByKey_Call { _c.Call.Return(run) return _c } -// Lock provides a mock function with given fields: dir, storage, key -func (_m *MockInterface) Lock(dir string, storage tokencache.Storage, key tokencache.Key) (io.Closer, error) { - ret := _m.Called(dir, storage, key) +// Lock provides a mock function with given fields: config, key +func (_m *MockInterface) Lock(config tokencache.Config, key tokencache.Key) (io.Closer, error) { + ret := _m.Called(config, key) if len(ret) == 0 { panic("no return value specified for Lock") @@ -94,19 +93,19 @@ func (_m *MockInterface) Lock(dir string, storage tokencache.Storage, key tokenc var r0 io.Closer var r1 error - if rf, ok := ret.Get(0).(func(string, tokencache.Storage, tokencache.Key) (io.Closer, error)); ok { - return rf(dir, storage, key) + if rf, ok := ret.Get(0).(func(tokencache.Config, tokencache.Key) (io.Closer, error)); ok { + return rf(config, key) } - if rf, ok := ret.Get(0).(func(string, tokencache.Storage, tokencache.Key) io.Closer); ok { - r0 = rf(dir, storage, key) + if rf, ok := ret.Get(0).(func(tokencache.Config, tokencache.Key) io.Closer); ok { + r0 = rf(config, key) } else { if ret.Get(0) != nil { r0 = ret.Get(0).(io.Closer) } } - if rf, ok := ret.Get(1).(func(string, tokencache.Storage, tokencache.Key) error); ok { - r1 = rf(dir, storage, key) + if rf, ok := ret.Get(1).(func(tokencache.Config, tokencache.Key) error); ok { + r1 = rf(config, key) } else { r1 = ret.Error(1) } @@ -120,16 +119,15 @@ type MockInterface_Lock_Call struct { } // Lock is a helper method to define mock.On call -// - dir string -// - storage tokencache.Storage +// - config tokencache.Config // - key tokencache.Key -func (_e *MockInterface_Expecter) Lock(dir interface{}, storage interface{}, key interface{}) *MockInterface_Lock_Call { - return &MockInterface_Lock_Call{Call: _e.mock.On("Lock", dir, storage, key)} +func (_e *MockInterface_Expecter) Lock(config interface{}, key interface{}) *MockInterface_Lock_Call { + return &MockInterface_Lock_Call{Call: _e.mock.On("Lock", config, key)} } -func (_c *MockInterface_Lock_Call) Run(run func(dir string, storage tokencache.Storage, key tokencache.Key)) *MockInterface_Lock_Call { +func (_c *MockInterface_Lock_Call) Run(run func(config tokencache.Config, key tokencache.Key)) *MockInterface_Lock_Call { _c.Call.Run(func(args mock.Arguments) { - run(args[0].(string), args[1].(tokencache.Storage), args[2].(tokencache.Key)) + run(args[0].(tokencache.Config), args[1].(tokencache.Key)) }) return _c } @@ -139,22 +137,22 @@ func (_c *MockInterface_Lock_Call) Return(_a0 io.Closer, _a1 error) *MockInterfa return _c } -func (_c *MockInterface_Lock_Call) RunAndReturn(run func(string, tokencache.Storage, tokencache.Key) (io.Closer, error)) *MockInterface_Lock_Call { +func (_c *MockInterface_Lock_Call) RunAndReturn(run func(tokencache.Config, tokencache.Key) (io.Closer, error)) *MockInterface_Lock_Call { _c.Call.Return(run) return _c } -// Save provides a mock function with given fields: dir, storage, key, tokenSet -func (_m *MockInterface) Save(dir string, storage tokencache.Storage, key tokencache.Key, tokenSet oidc.TokenSet) error { - ret := _m.Called(dir, storage, key, tokenSet) +// Save provides a mock function with given fields: config, key, tokenSet +func (_m *MockInterface) Save(config tokencache.Config, key tokencache.Key, tokenSet oidc.TokenSet) error { + ret := _m.Called(config, key, tokenSet) if len(ret) == 0 { panic("no return value specified for Save") } var r0 error - if rf, ok := ret.Get(0).(func(string, tokencache.Storage, tokencache.Key, oidc.TokenSet) error); ok { - r0 = rf(dir, storage, key, tokenSet) + if rf, ok := ret.Get(0).(func(tokencache.Config, tokencache.Key, oidc.TokenSet) error); ok { + r0 = rf(config, key, tokenSet) } else { r0 = ret.Error(0) } @@ -168,17 +166,16 @@ type MockInterface_Save_Call struct { } // Save is a helper method to define mock.On call -// - dir string -// - storage tokencache.Storage +// - config tokencache.Config // - key tokencache.Key // - tokenSet oidc.TokenSet -func (_e *MockInterface_Expecter) Save(dir interface{}, storage interface{}, key interface{}, tokenSet interface{}) *MockInterface_Save_Call { - return &MockInterface_Save_Call{Call: _e.mock.On("Save", dir, storage, key, tokenSet)} +func (_e *MockInterface_Expecter) Save(config interface{}, key interface{}, tokenSet interface{}) *MockInterface_Save_Call { + return &MockInterface_Save_Call{Call: _e.mock.On("Save", config, key, tokenSet)} } -func (_c *MockInterface_Save_Call) Run(run func(dir string, storage tokencache.Storage, key tokencache.Key, tokenSet oidc.TokenSet)) *MockInterface_Save_Call { +func (_c *MockInterface_Save_Call) Run(run func(config tokencache.Config, key tokencache.Key, tokenSet oidc.TokenSet)) *MockInterface_Save_Call { _c.Call.Run(func(args mock.Arguments) { - run(args[0].(string), args[1].(tokencache.Storage), args[2].(tokencache.Key), args[3].(oidc.TokenSet)) + run(args[0].(tokencache.Config), args[1].(tokencache.Key), args[2].(oidc.TokenSet)) }) return _c } @@ -188,7 +185,7 @@ func (_c *MockInterface_Save_Call) Return(_a0 error) *MockInterface_Save_Call { return _c } -func (_c *MockInterface_Save_Call) RunAndReturn(run func(string, tokencache.Storage, tokencache.Key, oidc.TokenSet) error) *MockInterface_Save_Call { +func (_c *MockInterface_Save_Call) RunAndReturn(run func(tokencache.Config, tokencache.Key, oidc.TokenSet) error) *MockInterface_Save_Call { _c.Call.Return(run) return _c } diff --git a/pkg/cmd/cmd_test.go b/pkg/cmd/cmd_test.go index 78a956f..5e303d8 100644 --- a/pkg/cmd/cmd_test.go +++ b/pkg/cmd/cmd_test.go @@ -12,6 +12,7 @@ import ( "github.com/int128/kubelogin/pkg/oidc" "github.com/int128/kubelogin/pkg/testing/logger" "github.com/int128/kubelogin/pkg/tlsclientconfig" + "github.com/int128/kubelogin/pkg/tokencache" "github.com/int128/kubelogin/pkg/usecases/authentication" "github.com/int128/kubelogin/pkg/usecases/authentication/authcode" "github.com/int128/kubelogin/pkg/usecases/credentialplugin" @@ -113,11 +114,13 @@ func TestCmd_Run(t *testing.T) { "--oidc-client-id", "YOUR_CLIENT_ID", }, in: credentialplugin.Input{ - TokenCacheDir: filepath.Join(userHomeDir, ".kube/cache/oidc-login"), Provider: oidc.Provider{ IssuerURL: "https://issuer.example.com", ClientID: "YOUR_CLIENT_ID", }, + TokenCacheConfig: tokencache.Config{ + Directory: filepath.Join(userHomeDir, ".kube/cache/oidc-login"), + }, GrantOptionSet: authentication.GrantOptionSet{ AuthCodeBrowserOption: &authcode.BrowserOption{ BindAddress: defaultListenAddress, @@ -138,13 +141,15 @@ func TestCmd_Run(t *testing.T) { "-v1", }, in: credentialplugin.Input{ - TokenCacheDir: filepath.Join(userHomeDir, ".kube/cache/oidc-login"), Provider: oidc.Provider{ IssuerURL: "https://issuer.example.com", ClientID: "YOUR_CLIENT_ID", ClientSecret: "YOUR_CLIENT_SECRET", ExtraScopes: []string{"email", "profile"}, }, + TokenCacheConfig: tokencache.Config{ + Directory: filepath.Join(userHomeDir, ".kube/cache/oidc-login"), + }, GrantOptionSet: authentication.GrantOptionSet{ AuthCodeBrowserOption: &authcode.BrowserOption{ BindAddress: defaultListenAddress, @@ -162,12 +167,14 @@ func TestCmd_Run(t *testing.T) { "--oidc-use-access-token=true", }, in: credentialplugin.Input{ - TokenCacheDir: filepath.Join(userHomeDir, ".kube/cache/oidc-login"), Provider: oidc.Provider{ IssuerURL: "https://issuer.example.com", ClientID: "YOUR_CLIENT_ID", UseAccessToken: true, }, + TokenCacheConfig: tokencache.Config{ + Directory: filepath.Join(userHomeDir, ".kube/cache/oidc-login"), + }, GrantOptionSet: authentication.GrantOptionSet{ AuthCodeBrowserOption: &authcode.BrowserOption{ BindAddress: defaultListenAddress, @@ -188,11 +195,13 @@ func TestCmd_Run(t *testing.T) { "--token-cache-dir", "~/.kube/oidc-cache", }, in: credentialplugin.Input{ - TokenCacheDir: filepath.Join(userHomeDir, ".kube/oidc-cache"), Provider: oidc.Provider{ IssuerURL: "https://issuer.example.com", ClientID: "YOUR_CLIENT_ID", }, + TokenCacheConfig: tokencache.Config{ + Directory: filepath.Join(userHomeDir, ".kube/oidc-cache"), + }, GrantOptionSet: authentication.GrantOptionSet{ AuthCodeBrowserOption: &authcode.BrowserOption{ BindAddress: defaultListenAddress, diff --git a/pkg/cmd/get_token.go b/pkg/cmd/get_token.go index c6305c3..2ec5a9f 100644 --- a/pkg/cmd/get_token.go +++ b/pkg/cmd/get_token.go @@ -96,11 +96,13 @@ func (cmd *GetToken) New() *cobra.Command { UseAccessToken: o.UseAccessToken, ExtraScopes: o.ExtraScopes, }, - ForceRefresh: o.ForceRefresh, - TokenCacheDir: o.TokenCacheDir, - TokenCacheStorage: tokenStorage, - GrantOptionSet: grantOptionSet, - TLSClientConfig: o.tlsOptions.tlsClientConfig(), + ForceRefresh: o.ForceRefresh, + TokenCacheConfig: tokencache.Config{ + Directory: o.TokenCacheDir, + Storage: tokenStorage, + }, + GrantOptionSet: grantOptionSet, + TLSClientConfig: o.tlsOptions.tlsClientConfig(), } if err := cmd.GetToken.Do(c.Context(), in); err != nil { return fmt.Errorf("get-token: %w", err) diff --git a/pkg/tokencache/repository/repository.go b/pkg/tokencache/repository/repository.go index 9b9fedb..65bc3f5 100644 --- a/pkg/tokencache/repository/repository.go +++ b/pkg/tokencache/repository/repository.go @@ -25,9 +25,9 @@ var Set = wire.NewSet( ) type Interface interface { - FindByKey(dir string, storage tokencache.Storage, key tokencache.Key) (*oidc.TokenSet, error) - Save(dir string, storage tokencache.Storage, key tokencache.Key, tokenSet oidc.TokenSet) error - Lock(dir string, storage tokencache.Storage, key tokencache.Key) (io.Closer, error) + FindByKey(config tokencache.Config, key tokencache.Key) (*oidc.TokenSet, error) + Save(config tokencache.Config, key tokencache.Key, tokenSet oidc.TokenSet) error + Lock(config tokencache.Config, key tokencache.Key) (io.Closer, error) } type entity struct { @@ -47,33 +47,33 @@ const keyringService = "kubelogin" // keyringItemPrefix is used as the prefix in the keyring items. const keyringItemPrefix = "kubelogin/tokencache/" -func (r *Repository) FindByKey(dir string, storage tokencache.Storage, key tokencache.Key) (*oidc.TokenSet, error) { +func (r *Repository) FindByKey(config tokencache.Config, key tokencache.Key) (*oidc.TokenSet, error) { checksum, err := computeChecksum(key) if err != nil { return nil, fmt.Errorf("could not compute the key: %w", err) } - switch storage { + switch config.Storage { case tokencache.StorageAuto: t, err := readFromKeyring(checksum) if errors.Is(err, keyring.ErrUnsupportedPlatform) || errors.Is(err, keyring.ErrNotFound) { - return readFromFile(dir, checksum) + return readFromFile(config, checksum) } if err != nil { return nil, err } return t, nil case tokencache.StorageDisk: - return readFromFile(dir, checksum) + return readFromFile(config, checksum) case tokencache.StorageKeyring: return readFromKeyring(checksum) default: - return nil, fmt.Errorf("unknown storage mode: %v", storage) + return nil, fmt.Errorf("unknown storage mode: %v", config.Storage) } } -func readFromFile(dir, checksum string) (*oidc.TokenSet, error) { - p := filepath.Join(dir, checksum) +func readFromFile(config tokencache.Config, checksum string) (*oidc.TokenSet, error) { + p := filepath.Join(config.Directory, checksum) b, err := os.ReadFile(p) if err != nil { return nil, fmt.Errorf("could not open file %s: %w", p, err) @@ -110,37 +110,37 @@ func decodeKey(b []byte) (*oidc.TokenSet, error) { }, nil } -func (r *Repository) Save(dir string, storage tokencache.Storage, key tokencache.Key, tokenSet oidc.TokenSet) error { +func (r *Repository) Save(config tokencache.Config, key tokencache.Key, tokenSet oidc.TokenSet) error { checksum, err := computeChecksum(key) if err != nil { return fmt.Errorf("could not compute the key: %w", err) } - switch storage { + switch config.Storage { case tokencache.StorageAuto: if err := writeToKeyring(checksum, tokenSet); err != nil { if errors.Is(err, keyring.ErrUnsupportedPlatform) { - return writeToFile(dir, checksum, tokenSet) + return writeToFile(config, checksum, tokenSet) } return err } return nil case tokencache.StorageDisk: - return writeToFile(dir, checksum, tokenSet) + return writeToFile(config, checksum, tokenSet) case tokencache.StorageKeyring: return writeToKeyring(checksum, tokenSet) default: - return fmt.Errorf("unknown storage mode: %v", storage) + return fmt.Errorf("unknown storage mode: %v", config.Storage) } } -func writeToFile(dir, checksum string, tokenSet oidc.TokenSet) error { - p := filepath.Join(dir, checksum) +func writeToFile(config tokencache.Config, checksum string, tokenSet oidc.TokenSet) error { + p := filepath.Join(config.Directory, checksum) b, err := encodeKey(tokenSet) if err != nil { return fmt.Errorf("file %s: %w", p, err) } - if err := os.MkdirAll(dir, 0700); err != nil { - return fmt.Errorf("could not create directory %s: %w", dir, err) + if err := os.MkdirAll(config.Directory, 0700); err != nil { + return fmt.Errorf("could not create directory %s: %w", config.Directory, err) } if err := os.WriteFile(p, b, 0600); err != nil { return fmt.Errorf("could not create file %s: %w", p, err) @@ -160,23 +160,19 @@ func writeToKeyring(checksum string, tokenSet oidc.TokenSet) error { return nil } -func (r *Repository) Lock(tokenCacheDir string, storage tokencache.Storage, key tokencache.Key) (io.Closer, error) { +func (r *Repository) Lock(config tokencache.Config, key tokencache.Key) (io.Closer, error) { checksum, err := computeChecksum(key) if err != nil { return nil, fmt.Errorf("could not compute the key: %w", err) } // NOTE: Both keyring and disk storage types use files for locking // No sensitive data is stored in the lock file - return lockFile(tokenCacheDir, checksum) -} - -func lockFile(tokenCacheDir, checksum string) (io.Closer, error) { - if err := os.MkdirAll(tokenCacheDir, 0700); err != nil { - return nil, fmt.Errorf("could not create directory %s: %w", tokenCacheDir, err) + if err := os.MkdirAll(config.Directory, 0700); err != nil { + return nil, fmt.Errorf("could not create directory %s: %w", config.Directory, err) } // Do not lock the token cache file. // https://github.com/int128/kubelogin/issues/1144 - lockFilepath := filepath.Join(tokenCacheDir, checksum+".lock") + lockFilepath := filepath.Join(config.Directory, checksum+".lock") lockFile := flock.New(lockFilepath) if err := lockFile.Lock(); err != nil { return nil, fmt.Errorf("could not lock the cache file %s: %w", lockFilepath, err) diff --git a/pkg/tokencache/repository/repository_test.go b/pkg/tokencache/repository/repository_test.go index 353dbbd..dd060ed 100644 --- a/pkg/tokencache/repository/repository_test.go +++ b/pkg/tokencache/repository/repository_test.go @@ -16,6 +16,10 @@ func TestRepository_FindByKey(t *testing.T) { t.Run("Success", func(t *testing.T) { dir := t.TempDir() + config := tokencache.Config{ + Directory: dir, + Storage: tokencache.StorageDisk, + } key := tokencache.Key{ Provider: oidc.Provider{ IssuerURL: "YOUR_ISSUER", @@ -27,6 +31,7 @@ func TestRepository_FindByKey(t *testing.T) { CACertFilename: []string{"/path/to/cert"}, }, } + json := `{"id_token":"YOUR_ID_TOKEN","refresh_token":"YOUR_REFRESH_TOKEN"}` filename, err := computeChecksum(key) if err != nil { @@ -37,7 +42,7 @@ func TestRepository_FindByKey(t *testing.T) { t.Fatalf("could not write to the temp file: %s", err) } - got, err := r.FindByKey(dir, tokencache.StorageDisk, key) + got, err := r.FindByKey(config, key) if err != nil { t.Errorf("err wants nil but %+v", err) } @@ -53,6 +58,10 @@ func TestRepository_Save(t *testing.T) { t.Run("Success", func(t *testing.T) { dir := t.TempDir() + config := tokencache.Config{ + Directory: dir, + Storage: tokencache.StorageDisk, + } key := tokencache.Key{ Provider: oidc.Provider{ IssuerURL: "YOUR_ISSUER", @@ -65,7 +74,7 @@ func TestRepository_Save(t *testing.T) { }, } tokenSet := oidc.TokenSet{IDToken: "YOUR_ID_TOKEN", RefreshToken: "YOUR_REFRESH_TOKEN"} - if err := r.Save(dir, tokencache.StorageDisk, key, tokenSet); err != nil { + if err := r.Save(config, key, tokenSet); err != nil { t.Errorf("err wants nil but %+v", err) } diff --git a/pkg/tokencache/types.go b/pkg/tokencache/types.go index 6ece196..9b7d9dc 100644 --- a/pkg/tokencache/types.go +++ b/pkg/tokencache/types.go @@ -12,6 +12,15 @@ type Key struct { Username string } +// Config represents a configuration for the token cache. +type Config struct { + // Directory is a path to the directory to store a token cache. + // Note that a lock file is created into this directory even if the keyring is used. + Directory string + + Storage Storage +} + // Storage is an enum of different storage strategies. type Storage byte diff --git a/pkg/usecases/credentialplugin/get_token.go b/pkg/usecases/credentialplugin/get_token.go index 65d6fb8..1070688 100644 --- a/pkg/usecases/credentialplugin/get_token.go +++ b/pkg/usecases/credentialplugin/get_token.go @@ -31,12 +31,11 @@ type Interface interface { // Input represents an input DTO of the GetToken use-case. type Input struct { - Provider oidc.Provider - ForceRefresh bool - TokenCacheDir string - TokenCacheStorage tokencache.Storage - GrantOptionSet authentication.GrantOptionSet - TLSClientConfig tlsclientconfig.Config + Provider oidc.Provider + ForceRefresh bool + TokenCacheConfig tokencache.Config + GrantOptionSet authentication.GrantOptionSet + TLSClientConfig tlsclientconfig.Config } type GetToken struct { @@ -57,7 +56,7 @@ func (u *GetToken) Do(ctx context.Context, in Input) error { } u.Logger.V(1).Infof("credential plugin is called with apiVersion: %s", credentialPluginInput.ClientAuthenticationAPIVersion) - u.Logger.V(1).Infof("finding a token from cache directory %s", in.TokenCacheDir) + u.Logger.V(1).Infof("finding a token cache") tokenCacheKey := tokencache.Key{ Provider: in.Provider, TLSClientConfig: in.TLSClientConfig, @@ -67,7 +66,7 @@ func (u *GetToken) Do(ctx context.Context, in Input) error { } u.Logger.V(1).Infof("acquiring the lock of token cache") - lock, err := u.TokenCacheRepository.Lock(in.TokenCacheDir, in.TokenCacheStorage, tokenCacheKey) + lock, err := u.TokenCacheRepository.Lock(in.TokenCacheConfig, tokenCacheKey) if err != nil { return fmt.Errorf("could not lock the token cache: %w", err) } @@ -78,7 +77,7 @@ func (u *GetToken) Do(ctx context.Context, in Input) error { } }() - cachedTokenSet, err := u.TokenCacheRepository.FindByKey(in.TokenCacheDir, in.TokenCacheStorage, tokenCacheKey) + cachedTokenSet, err := u.TokenCacheRepository.FindByKey(in.TokenCacheConfig, tokenCacheKey) if err != nil { u.Logger.V(1).Infof("could not find a token cache: %s", err) } @@ -126,7 +125,7 @@ func (u *GetToken) Do(ctx context.Context, in Input) error { } u.Logger.V(1).Infof("you got a token: %s", idTokenClaims.Pretty) u.Logger.V(1).Infof("you got a valid token until %s", idTokenClaims.Expiry) - if err := u.TokenCacheRepository.Save(in.TokenCacheDir, in.TokenCacheStorage, tokenCacheKey, authenticationOutput.TokenSet); err != nil { + if err := u.TokenCacheRepository.Save(in.TokenCacheConfig, tokenCacheKey, authenticationOutput.TokenSet); err != nil { return fmt.Errorf("could not write the token cache: %w", err) } u.Logger.V(1).Infof("writing the token to client-go") diff --git a/pkg/usecases/credentialplugin/get_token_test.go b/pkg/usecases/credentialplugin/get_token_test.go index 26d75bc..eb57aab 100644 --- a/pkg/usecases/credentialplugin/get_token_test.go +++ b/pkg/usecases/credentialplugin/get_token_test.go @@ -64,8 +64,10 @@ func TestGetToken_Do(t *testing.T) { } ctx := context.TODO() in := Input{ - Provider: dummyProvider, - TokenCacheDir: "/path/to/token-cache", + Provider: dummyProvider, + TokenCacheConfig: tokencache.Config{ + Directory: "/path/to/token-cache", + }, GrantOptionSet: grantOptionSet, } mockAuthentication := authentication_mock.NewMockInterface(t) @@ -81,13 +83,13 @@ func TestGetToken_Do(t *testing.T) { Return(nil) mockRepository := repository_mock.NewMockInterface(t) mockRepository.EXPECT(). - Lock("/path/to/token-cache", tokencache.StorageAuto, tokenCacheKey). + Lock(in.TokenCacheConfig, tokenCacheKey). Return(mockCloser, nil) mockRepository.EXPECT(). - FindByKey("/path/to/token-cache", tokencache.StorageAuto, tokenCacheKey). + FindByKey(in.TokenCacheConfig, tokenCacheKey). Return(nil, errors.New("file not found")) mockRepository.EXPECT(). - Save("/path/to/token-cache", tokencache.StorageAuto, tokenCacheKey, issuedTokenSet). + Save(in.TokenCacheConfig, tokenCacheKey, issuedTokenSet). Return(nil) mockReader := reader_mock.NewMockInterface(t) mockReader.EXPECT(). @@ -125,8 +127,10 @@ func TestGetToken_Do(t *testing.T) { ctx := context.TODO() in := Input{ - Provider: dummyProvider, - TokenCacheDir: "/path/to/token-cache", + Provider: dummyProvider, + TokenCacheConfig: tokencache.Config{ + Directory: "/path/to/token-cache", + }, GrantOptionSet: grantOptionSet, } mockAuthentication := authentication_mock.NewMockInterface(t) @@ -142,13 +146,13 @@ func TestGetToken_Do(t *testing.T) { Return(nil) mockRepository := repository_mock.NewMockInterface(t) mockRepository.EXPECT(). - Lock("/path/to/token-cache", tokencache.StorageAuto, tokenCacheKey). + Lock(in.TokenCacheConfig, tokenCacheKey). Return(mockCloser, nil) mockRepository.EXPECT(). - FindByKey("/path/to/token-cache", tokencache.StorageAuto, tokenCacheKey). + FindByKey(in.TokenCacheConfig, tokenCacheKey). Return(nil, errors.New("file not found")) mockRepository.EXPECT(). - Save("/path/to/token-cache", tokencache.StorageAuto, tokenCacheKey, issuedTokenSet). + Save(in.TokenCacheConfig, tokenCacheKey, issuedTokenSet). Return(nil) mockReader := reader_mock.NewMockInterface(t) mockReader.EXPECT(). @@ -182,8 +186,10 @@ func TestGetToken_Do(t *testing.T) { ctx := context.TODO() in := Input{ - Provider: dummyProvider, - TokenCacheDir: "/path/to/token-cache", + Provider: dummyProvider, + TokenCacheConfig: tokencache.Config{ + Directory: "/path/to/token-cache", + }, GrantOptionSet: grantOptionSet, } mockCloser := io_mock.NewMockCloser(t) @@ -192,10 +198,10 @@ func TestGetToken_Do(t *testing.T) { Return(nil) mockRepository := repository_mock.NewMockInterface(t) mockRepository.EXPECT(). - Lock("/path/to/token-cache", tokencache.StorageAuto, tokenCacheKey). + Lock(in.TokenCacheConfig, tokenCacheKey). Return(mockCloser, nil) mockRepository.EXPECT(). - FindByKey("/path/to/token-cache", tokencache.StorageAuto, tokencache.Key{ + FindByKey(in.TokenCacheConfig, tokencache.Key{ Provider: oidc.Provider{ IssuerURL: "https://accounts.google.com", ClientID: "YOUR_CLIENT_ID", @@ -234,8 +240,10 @@ func TestGetToken_Do(t *testing.T) { } ctx := context.TODO() in := Input{ - Provider: dummyProvider, - TokenCacheDir: "/path/to/token-cache", + Provider: dummyProvider, + TokenCacheConfig: tokencache.Config{ + Directory: "/path/to/token-cache", + }, GrantOptionSet: grantOptionSet, } mockAuthentication := authentication_mock.NewMockInterface(t) @@ -251,10 +259,10 @@ func TestGetToken_Do(t *testing.T) { Return(nil) mockRepository := repository_mock.NewMockInterface(t) mockRepository.EXPECT(). - Lock("/path/to/token-cache", tokencache.StorageAuto, tokenCacheKey). + Lock(in.TokenCacheConfig, tokenCacheKey). Return(mockCloser, nil) mockRepository.EXPECT(). - FindByKey("/path/to/token-cache", tokencache.StorageAuto, tokencache.Key{ + FindByKey(in.TokenCacheConfig, tokencache.Key{ Provider: oidc.Provider{ IssuerURL: "https://accounts.google.com", ClientID: "YOUR_CLIENT_ID",