From 341d0007020d86ccc5c1ef72f4b3effb4b5fe605 Mon Sep 17 00:00:00 2001
From: Andrew Denton <adenton@redhat.com>
Date: Tue, 25 Jul 2023 15:28:05 -0700
Subject: [PATCH] Basic validation implemented

---
 pkg/util/acrtoken/acrtoken.go                 |  2 +-
 pkg/util/acrtoken/acrtoken_test.go            | 37 ++++++++++----
 .../azureclient/azcontainerregistry/client.go |  3 +-
 .../azcontainerregistry/generate.go           |  6 +--
 .../azcontainerregistry.go                    | 51 +++++++++++++++++++
 5 files changed, 83 insertions(+), 16 deletions(-)
 create mode 100644 pkg/util/mocks/azureclient/azcontainerregistry/azcontainerregistry.go

diff --git a/pkg/util/acrtoken/acrtoken.go b/pkg/util/acrtoken/acrtoken.go
index 07ff9fdfef6..da65144230e 100644
--- a/pkg/util/acrtoken/acrtoken.go
+++ b/pkg/util/acrtoken/acrtoken.go
@@ -173,7 +173,7 @@ func (m *manager) ValidateToken(ctx context.Context, rp *api.RegistryProfile) er
 	if err != nil {
 		return err
 	}
-	if *t.Tag.Digest == "" {
+	if t.Tag == nil || *t.Tag.Digest == "" {
 		return fmt.Errorf("unable to validate token: %v", t)
 	}
 	return nil
diff --git a/pkg/util/acrtoken/acrtoken_test.go b/pkg/util/acrtoken/acrtoken_test.go
index bf43dfcda0b..c5e8748f835 100644
--- a/pkg/util/acrtoken/acrtoken_test.go
+++ b/pkg/util/acrtoken/acrtoken_test.go
@@ -11,6 +11,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	azsdk_acr "github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry"
 	mgmtcontainerregistry "github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/mgmt/2020-11-01-preview/containerregistry"
 	"github.com/Azure/go-autorest/autorest/azure"
 	"github.com/Azure/go-autorest/autorest/date"
@@ -19,7 +20,9 @@ import (
 	"github.com/golang/mock/gomock"
 
 	"github.com/Azure/ARO-RP/pkg/api"
+	"github.com/Azure/ARO-RP/pkg/env"
 	"github.com/Azure/ARO-RP/pkg/util/azureclient"
+	"github.com/Azure/ARO-RP/pkg/util/azureclient/azcontainerregistry"
 	"github.com/Azure/ARO-RP/pkg/util/clusterauthorizer"
 	mock_azcontainerregistry "github.com/Azure/ARO-RP/pkg/util/mocks/azureclient/azcontainerregistry"
 	mock_containerregistry "github.com/Azure/ARO-RP/pkg/util/mocks/azureclient/mgmt/containerregistry"
@@ -174,13 +177,13 @@ func TestRotateTokenPassword(t *testing.T) {
 			controller := gomock.NewController(t)
 			tokens := mock_containerregistry.NewMockTokensClient(controller)
 			registries := mock_containerregistry.NewMockRegistriesClient(controller)
-			acr := mock_azcontainerregistry.MockACRClient()
+			acr := mock_azcontainerregistry.NewMockACRClient(controller)
 
 			tokens.EXPECT().GetTokenProperties(ctx, "global", "arointsvc", tokenName).Return(fakeTokenProperties(&tt.currentTokenPasswords), nil)
 
 			registries.EXPECT().GenerateCredentials(ctx, "global", "arointsvc", generateCredentialsParameters(tt.wantRenewalName)).Return(fakeCredentialResult(), nil)
 
-			m := setupManager(controller, tokens, registries)
+			m := setupManager(controller, tokens, registries, acr)
 
 			registryProfile := api.RegistryProfile{
 				Username: tokenName,
@@ -207,23 +210,35 @@ func toDate(t time.Time) *date.Time {
 
 func setupManager(controller *gomock.Controller, tc *mock_containerregistry.MockTokensClient, rc *mock_containerregistry.MockRegistriesClient, azacr *mock_azcontainerregistry.MockACRClient) *manager {
 	const testACRDomain = "acrdomain.io"
+	const testImage = "aro"
+	const testTag = "unknown"
+	const testDigest = "sha256:12a4808c81ea16baf83f99559c7d94a7b3f2128b16dcfbd4f1bb87d505dda9cd"
 
-	env := mock_env.NewMockInterface(controller)
-	env.EXPECT().ACRResourceID().AnyTimes().Return(registryResourceID)
-	env.EXPECT().TenantID().AnyTimes().Return("tenantID")
-	env.EXPECT().Environment().AnyTimes().Return(&azureclient.AROEnvironment{
+	m_env := mock_env.NewMockInterface(controller)
+	m_env.EXPECT().ACRResourceID().AnyTimes().Return(registryResourceID)
+	m_env.EXPECT().TenantID().AnyTimes().Return("tenantID")
+	m_env.EXPECT().Environment().AnyTimes().Return(&azureclient.AROEnvironment{
 		Cloud: cloud.AzurePublic,
 	})
-	env.EXPECT().ACRDomain().AnyTimes().Return(testACRDomain)
+	m_env.EXPECT().ACRDomain().AnyTimes().Return(testACRDomain)
 	r, _ := azure.ParseResourceID(registryResourceID)
+	acr := mock_azcontainerregistry.NewMockACRClient(controller)
+	acr.EXPECT().GetTagProperties(context.TODO(), testImage, testTag, nil).AnyTimes().Return(azsdk_acr.ClientGetTagPropertiesResponse{
+		ArtifactTagProperties: azsdk_acr.ArtifactTagProperties{
+			Tag: &azsdk_acr.TagAttributes{
+				Name:   to.StringPtr(testImage),
+				Digest: to.StringPtr(testDigest),
+			},
+		},
+	}, nil)
 	return &manager{
-		env:        env,
+		env:        m_env,
 		r:          r,
 		tokens:     tc,
 		registries: rc,
-		// newAzAcrClient: func(endpoint string, tc azcore.TokenCredential, co *azcontainerregistry.ClientOptions) (*azcontainerregistry.ACRClient, error) {
-		// 	return &azcontainerregistry.ACRClient{}, nil
-		// },
+		newAzAcrClient: func(i env.Interface, s string, tc azcore.TokenCredential, co *azcontainerregistry.ClientOptions) (azcontainerregistry.ACRClient, error) {
+			return acr, nil
+		},
 		getTokenCredential: func(*azureclient.AROEnvironment, *clusterauthorizer.Credentials) (azcore.TokenCredential, error) {
 			return &tokenRequirements{
 				clientSecret:  "my-secret",
diff --git a/pkg/util/azureclient/azcontainerregistry/client.go b/pkg/util/azureclient/azcontainerregistry/client.go
index 1ca21edc136..c030be7c0b2 100644
--- a/pkg/util/azureclient/azcontainerregistry/client.go
+++ b/pkg/util/azureclient/azcontainerregistry/client.go
@@ -7,9 +7,10 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/Azure/ARO-RP/pkg/env"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry"
+
+	"github.com/Azure/ARO-RP/pkg/env"
 )
 
 type ClientOptions struct {
diff --git a/pkg/util/azureclient/azcontainerregistry/generate.go b/pkg/util/azureclient/azcontainerregistry/generate.go
index 4f08ca051a2..4b71a369a53 100644
--- a/pkg/util/azureclient/azcontainerregistry/generate.go
+++ b/pkg/util/azureclient/azcontainerregistry/generate.go
@@ -3,6 +3,6 @@ package azcontainerregistry
 // Copyright (c) Microsoft Corporation.
 // Licensed under the Apache License 2.0.
 
-//go:generate rm -rf ../../../../../mocks/azureclient/azcontainerregistry/$GOPACKAGE
-//go:generate go run ../../../../../vendor/github.com/golang/mock/mockgen -destination=../../../mocks/azureclient/azcontainerregistry/$GOPACKAGE/tokencredential.go -source=tokencredential.go
-//go:generate go run ../../../../../vendor/golang.org/x/tools/cmd/goimports -local=github.com/Azure/ARO-RP -e -w ../../../mocks/azureclient/azcontainerregistry/$GOPACKAGE/tokencredential.go
+//go:generate rm -rf ../../../util/mocks/azureclient/$GOPACKAGE
+//go:generate go run ../../../../vendor/github.com/golang/mock/mockgen -destination=../../../util/mocks/azureclient/$GOPACKAGE/$GOPACKAGE.go github.com/Azure/ARO-RP/pkg/util/azureclient/$GOPACKAGE ACRClient
+//go:generate go run ../../../../vendor/golang.org/x/tools/cmd/goimports -local=github.com/Azure/ARO-RP -e -w ../../../util/mocks/azureclient/$GOPACKAGE/$GOPACKAGE.go
diff --git a/pkg/util/mocks/azureclient/azcontainerregistry/azcontainerregistry.go b/pkg/util/mocks/azureclient/azcontainerregistry/azcontainerregistry.go
new file mode 100644
index 00000000000..1068f68d9dc
--- /dev/null
+++ b/pkg/util/mocks/azureclient/azcontainerregistry/azcontainerregistry.go
@@ -0,0 +1,51 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: github.com/Azure/ARO-RP/pkg/util/azureclient/azcontainerregistry (interfaces: ACRClient)
+
+// Package mock_azcontainerregistry is a generated GoMock package.
+package mock_azcontainerregistry
+
+import (
+	context "context"
+	reflect "reflect"
+
+	azcontainerregistry "github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry"
+	gomock "github.com/golang/mock/gomock"
+)
+
+// MockACRClient is a mock of ACRClient interface.
+type MockACRClient struct {
+	ctrl     *gomock.Controller
+	recorder *MockACRClientMockRecorder
+}
+
+// MockACRClientMockRecorder is the mock recorder for MockACRClient.
+type MockACRClientMockRecorder struct {
+	mock *MockACRClient
+}
+
+// NewMockACRClient creates a new mock instance.
+func NewMockACRClient(ctrl *gomock.Controller) *MockACRClient {
+	mock := &MockACRClient{ctrl: ctrl}
+	mock.recorder = &MockACRClientMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use.
+func (m *MockACRClient) EXPECT() *MockACRClientMockRecorder {
+	return m.recorder
+}
+
+// GetTagProperties mocks base method.
+func (m *MockACRClient) GetTagProperties(arg0 context.Context, arg1, arg2 string, arg3 *azcontainerregistry.ClientGetTagPropertiesOptions) (azcontainerregistry.ClientGetTagPropertiesResponse, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "GetTagProperties", arg0, arg1, arg2, arg3)
+	ret0, _ := ret[0].(azcontainerregistry.ClientGetTagPropertiesResponse)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetTagProperties indicates an expected call of GetTagProperties.
+func (mr *MockACRClientMockRecorder) GetTagProperties(arg0, arg1, arg2, arg3 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetTagProperties", reflect.TypeOf((*MockACRClient)(nil).GetTagProperties), arg0, arg1, arg2, arg3)
+}