move NewCredential to configuration

Signed-off-by: Terry Howe <terrylhowe@gmail.com>

Author: TerryHowe

registry/remote/credentials/file_store.go

@@ -68,7 +68,7 @@ func (fs *FileStore) Get(_ context.Context, serverAddress string) (properties.Cr
 	if err != nil {
 		return properties.EmptyCredential, err
 	}
-	return NewCredential(authCfg)
+	return authCfg.Credential()
 }
 
 // Put saves credentials into the store for the given server address.
@@ -100,22 +100,3 @@ func validateCredentialFormat(cred properties.Credential) error {
 	}
 	return nil
 }
-
-// NewCredential creates a CredentialFunc based on authCfg.
-func NewCredential(authCfg configuration.AuthConfig) (properties.Credential, error) {
-	cred := properties.Credential{
-		Username:     authCfg.Username,
-		Password:     authCfg.Password,
-		RefreshToken: authCfg.IdentityToken,
-		AccessToken:  authCfg.RegistryToken,
-	}
-	if authCfg.Auth != "" {
-		var err error
-		// override username and password
-		cred.Username, cred.Password, err = authCfg.DecodeAuth()
-		if err != nil {
-			return properties.EmptyCredential, fmt.Errorf("failed to decode auth field: %w: %v", configuration.ErrInvalidConfigFormat, err)
-		}
-	}
-	return cred, nil
-}

registry/remote/credentials/memory_store.go

@@ -50,7 +50,7 @@ func NewMemoryStoreFromDockerConfig(c []byte) (Store, error) {
 	for addr, auth := range cfg.Auths {
 		// Normalize the auth key to hostname.
 		hostname := configuration.ToHostname(addr)
-		cred, err := NewCredential(auth)
+		cred, err := auth.Credential()
 		if err != nil {
 			return nil, err
 		}

registry/remote/internal/configuration/authconfig.go

@@ -74,3 +74,22 @@ func (ac AuthConfig) DecodeAuth() (username string, password string, err error)
 	}
 	return username, password, nil
 }
+
+// Credential creates a Credential based on authCfg.
+func (ac AuthConfig) Credential() (properties.Credential, error) {
+	cred := properties.Credential{
+		Username:     ac.Username,
+		Password:     ac.Password,
+		RefreshToken: ac.IdentityToken,
+		AccessToken:  ac.RegistryToken,
+	}
+	if ac.Auth != "" {
+		var err error
+		// override username and password
+		cred.Username, cred.Password, err = ac.DecodeAuth()
+		if err != nil {
+			return properties.EmptyCredential, fmt.Errorf("failed to decode auth field: %w: %v", ErrInvalidConfigFormat, err)
+		}
+	}
+	return cred, nil
+}

registry/remote/internal/configuration/authconfig_test.go

@@ -15,7 +15,11 @@ limitations under the License.
 
 package configuration
 
-import "testing"
+import (
+	"testing"
+
+	"oras.land/oras-go/v2/registry/remote/properties"
+)
 
 func Test_EncodeAuth(t *testing.T) {
 	tests := []struct {
@@ -121,3 +125,136 @@ func TestAuthConfig_DecodeAuth(t *testing.T) {
 		})
 	}
 }
+
+func TestCredential(t *testing.T) {
+	tests := []struct {
+		name    string
+		authCfg AuthConfig
+		want    properties.Credential
+		wantErr bool
+	}{
+		{
+			name: "Username and password",
+			authCfg: AuthConfig{
+				Username: "username",
+				Password: "password",
+			},
+			want: properties.Credential{
+				Username: "username",
+				Password: "password",
+			},
+		},
+		{
+			name: "Identity token",
+			authCfg: AuthConfig{
+				IdentityToken: "identity_token",
+			},
+			want: properties.Credential{
+				RefreshToken: "identity_token",
+			},
+		},
+		{
+			name: "Registry token",
+			authCfg: AuthConfig{
+				RegistryToken: "registry_token",
+			},
+			want: properties.Credential{
+				AccessToken: "registry_token",
+			},
+		},
+		{
+			name: "All fields",
+			authCfg: AuthConfig{
+				Username:      "username",
+				Password:      "password",
+				IdentityToken: "identity_token",
+				RegistryToken: "registry_token",
+			},
+			want: properties.Credential{
+				Username:     "username",
+				Password:     "password",
+				RefreshToken: "identity_token",
+				AccessToken:  "registry_token",
+			},
+		},
+		{
+			name:    "Empty auth config",
+			authCfg: AuthConfig{},
+			want:    properties.Credential{},
+		},
+		{
+			name: "Auth field overrides username and password",
+			authCfg: AuthConfig{
+				Auth:     "dXNlcm5hbWU6cGFzc3dvcmQ=", // username:password
+				Username: "old_username",
+				Password: "old_password",
+			},
+			want: properties.Credential{
+				Username: "username",
+				Password: "password",
+			},
+		},
+		{
+			name: "Auth field with identity and registry tokens",
+			authCfg: AuthConfig{
+				Auth:          "dXNlcm5hbWU6cGFzc3dvcmQ=", // username:password
+				IdentityToken: "identity_token",
+				RegistryToken: "registry_token",
+			},
+			want: properties.Credential{
+				Username:     "username",
+				Password:     "password",
+				RefreshToken: "identity_token",
+				AccessToken:  "registry_token",
+			},
+		},
+		{
+			name: "Invalid auth field",
+			authCfg: AuthConfig{
+				Auth: "invalid_base64!@#",
+			},
+			want:    properties.EmptyCredential,
+			wantErr: true,
+		},
+		{
+			name: "Auth field bad format",
+			authCfg: AuthConfig{
+				Auth: "d2hhdGV2ZXI=", // whatever (no colon)
+			},
+			want:    properties.EmptyCredential,
+			wantErr: true,
+		},
+		{
+			name: "Auth field username only",
+			authCfg: AuthConfig{
+				Auth: "dXNlcm5hbWU6", // username:
+			},
+			want: properties.Credential{
+				Username: "username",
+				Password: "",
+			},
+		},
+		{
+			name: "Auth field password only",
+			authCfg: AuthConfig{
+				Auth: "OnBhc3N3b3Jk", // :password
+			},
+			want: properties.Credential{
+				Username: "",
+				Password: "password",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := tt.authCfg.Credential()
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Credential() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("Credential() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}