Delete credentials refresh status check

This is not required for every credentials helper, thus doesn't make sense to check for. Each external credshelper can have their own manual authentication checks.
bazelbuild · Sep 10, 2024 · b001ff9 · b001ff9
1 parent 13abc90
commit b001ff9
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 48 deletions.
diff --git a/go/pkg/credshelper/credshelper.go b/go/pkg/credshelper/credshelper.go
@@ -76,7 +76,6 @@ func (r *reusableCmd) Digest() digest.Digest {
 
 // Credentials provides auth functionalities using an external credentials helper
 type Credentials struct {
-	refreshExp     time.Time
 	tokenSource    *grpcOauth.TokenSource
 	credsHelperCmd *reusableCmd
 }
@@ -100,14 +99,6 @@ func (c *Credentials) TokenSource() *grpcOauth.TokenSource {
 	return c.tokenSource
 }
 
-// RefreshStatus checks refresh expiry of credentials in case a manual refresh is required.
-func (c *Credentials) RefreshStatus() error {
-	if !c.refreshExp.IsZero() && c.refreshExp.Before(nowFn()) {
-		return fmt.Errorf("credentials cannot be refreshed automatically, manual re-authentication required")
-	}
-	return nil
-}
-
 // Token retrieves an oauth2 token from the external tokensource.
 func (ts *externalTokenSource) Token() (*oauth2.Token, error) {
 	if ts == nil {
@@ -157,7 +148,6 @@ func NewExternalCredentials(credshelper string, credshelperArgs []string) (*Cred
 	}
 	c := &Credentials{
 		credsHelperCmd: credsHelperCmd,
-		refreshExp:     credsOut.rexp,
 	}
 	baseTS := &externalTokenSource{
 		credsHelperCmd: credsHelperCmd,
@@ -202,10 +192,9 @@ func runCredsHelperCmd(credsHelperCmd *reusableCmd) (*credshelperOutput, error)
 
 // JSONOut is the struct to record the json output from the credshelper.
 type JSONOut struct {
-	Token         string            `json:"token"`
-	Headers       map[string]string `json:"headers"`
-	Expiry        string            `json:"expiry"`
-	RefreshExpiry string            `json:"refresh_expiry"`
+	Token   string            `json:"token"`
+	Headers map[string]string `json:"headers"`
+	Expiry  string            `json:"expiry"`
 }
 
 func parseTokenExpiryFromOutput(out string) (*credshelperOutput, error) {
@@ -226,13 +215,6 @@ func parseTokenExpiryFromOutput(out string) (*credshelperOutput, error) {
 		}
 		credsOut.tk.Expiry = expiry
 	}
-	if jsonOut.RefreshExpiry != "" {
-		rexpiry, err := time.Parse(time.UnixDate, jsonOut.RefreshExpiry)
-		if err != nil {
-			return nil, fmt.Errorf("invalid refresh expiry format: %v (Expected time.UnixDate format)", jsonOut.RefreshExpiry)
-		}
-		credsOut.rexp = rexpiry
-	}
 	return credsOut, nil
 }
 

diff --git a/go/pkg/credshelper/credshelper_test.go b/go/pkg/credshelper/credshelper_test.go
@@ -25,7 +25,7 @@ func TestExternalToken(t *testing.T) {
 		if err != nil {
 			t.Fatalf("Unable to create temporary file: %v", err)
 		}
-		chJSON := fmt.Sprintf(`{"headers":{"hdr":"val"},"token":"%v","expiry":"%s","refresh_expiry":""}`, tk, exp)
+		chJSON := fmt.Sprintf(`{"headers":{"hdr":"val"},"token":"%v","expiry":"%s"}`, tk, exp)
 		if _, err := tf.Write([]byte(chJSON)); err != nil {
 			t.Fatalf("Unable to write to file %v: %v", tf.Name(), err)
 		}
@@ -37,7 +37,7 @@ func TestExternalToken(t *testing.T) {
 		}
 	} else {
 		credshelper = "echo"
-		credshelperArgs = []string{fmt.Sprintf(`{"headers":{"hdr":"val"},"token":"%v","expiry":"%s","refresh_expiry":""}`, tk, exp)}
+		credshelperArgs = []string{fmt.Sprintf(`{"headers":{"hdr":"val"},"token":"%v","expiry":"%s"}`, tk, exp)}
 	}
 
 	credsHelperCmd := newReusableCmd(credshelper, credshelperArgs)
@@ -104,7 +104,7 @@ func writeTokenFile(t *testing.T, path, token string, expiry time.Time) {
 		t.Fatalf("Unable to open file %v: %v", path, err)
 	}
 	defer f.Close()
-	chJSON := fmt.Sprintf(`{"headers":{"hdr":"val"},"token":"%v","expiry":"%s","refresh_expiry":""}`, token, expiry.Format(time.UnixDate))
+	chJSON := fmt.Sprintf(`{"headers":{"hdr":"val"},"token":"%v","expiry":"%s"}`, token, expiry.Format(time.UnixDate))
 	if _, err := f.Write([]byte(chJSON)); err != nil {
 		t.Fatalf("Unable to write to file %v: %v", f.Name(), err)
 	}
@@ -122,26 +122,22 @@ func TestNewExternalCredentials(t *testing.T) {
 		credshelperOut string
 	}{{
 		name:           "No Headers",
-		credshelperOut: fmt.Sprintf(`{"token":"%v","expiry":"","refresh_expiry":""}`, testToken),
+		credshelperOut: fmt.Sprintf(`{"token":"%v","expiry":""}`, testToken),
 	}, {
 		name:           "No Token",
 		wantErr:        true,
-		credshelperOut: `{"headers":{"hdr":"val"},"token":"","expiry":"","refresh_expiry":""}`,
+		credshelperOut: `{"headers":{"hdr":"val"},"token":"","expiry":""}`,
 	}, {
 		name:           "Credshelper Command Passed - No Expiry",
-		credshelperOut: fmt.Sprintf(`{"headers":{"hdr":"val"},"token":"%v","expiry":"","refresh_expiry":""}`, testToken),
+		credshelperOut: fmt.Sprintf(`{"headers":{"hdr":"val"},"token":"%v","expiry":""}`, testToken),
 	}, {
 		name:           "Credshelper Command Passed - Expiry",
 		checkExp:       true,
-		credshelperOut: fmt.Sprintf(`{"headers":{"hdr":"val"},"token":"%v","expiry":"%v","refresh_expiry":""}`, testToken, unixExp),
-	}, {
-		name:           "Credshelper Command Passed - Refresh Expiry",
-		checkExp:       true,
-		credshelperOut: fmt.Sprintf(`{"headers":{"hdr":"val"},"token":"%v","expiry":"%v","refresh_expiry":"%v"}`, testToken, unixExp, unixExp),
+		credshelperOut: fmt.Sprintf(`{"headers":{"hdr":"val"},"token":"%v","expiry":"%v"}`, testToken, unixExp),
 	}, {
 		name:           "Wrong Expiry Format",
 		wantErr:        true,
-		credshelperOut: fmt.Sprintf(`{"headers":{"hdr":"val"},"token":"%v","expiry":"%v", "refresh_expiry":"%v"}`, testToken, expStr, expStr),
+		credshelperOut: fmt.Sprintf(`{"headers":{"hdr":"val"},"token":"%v","expiry":"%v"}`, testToken, expStr, expStr),
 	}}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
@@ -282,21 +278,6 @@ func TestGetRequestMetadata(t *testing.T) {
 	}
 }
 
-func TestRefreshStatus(t *testing.T) {
-	c := Credentials{refreshExp: time.Time{}}
-	if err := c.RefreshStatus(); err != nil {
-		t.Errorf("RefreshStatus returned an error when refreshExpiry is zero")
-	}
-	c.refreshExp = time.Now().Add(time.Hour)
-	if err := c.RefreshStatus(); err != nil {
-		t.Errorf("RefreshStatus returned an error when refreshExpiry has not passed")
-	}
-	c.refreshExp = time.Now().Add(-time.Hour)
-	if err := c.RefreshStatus(); err == nil {
-		t.Errorf("RefreshStatus did not return an error when refreshExpiry when it has passed")
-	}
-}
-
 func TestReusableCmd(t *testing.T) {
 	binary := "echo"
 	args := []string{"hello"}