ARO-9263: Change expiry to the date the token was issued.

2024-09-16 17:34:36 +12:00 · 2024-09-16 17:34:36 +12:00 · 0fcfacc33c
--- a/pkg/api/admin/openshiftcluster.go
+++ b/pkg/api/admin/openshiftcluster.go
@ -502,7 +502,7 @@ const (
 type RegistryProfile struct {
 	Name     string     `json:"name,omitempty"`
 	Username string     `json:"username,omitempty"`
-	Expiry   *date.Time `json:"expiry,omitempty"`
+	IssueDate *date.Time `json:"issueDate,omitempty"`
 }

 // ArchitectureVersion represents an architecture version
--- a/pkg/api/admin/openshiftcluster_validatestatic_test.go
+++ b/pkg/api/admin/openshiftcluster_validatestatic_test.go
@ -630,7 +630,7 @@ func TestOpenShiftClusterStaticValidateDelta(t *testing.T) {
 			oc: func() *OpenShiftCluster {
 				return &OpenShiftCluster{
 					Properties: OpenShiftClusterProperties{
-						RegistryProfiles: []RegistryProfile{{Name: "test", Username: "testuser", Expiry: toDate(time.Now())}},
+						RegistryProfiles: []RegistryProfile{{Name: "test", Username: "testuser", IssueDate: toDate(time.Now())}},
 					},
 				}
 			},
@ -644,12 +644,12 @@ func TestOpenShiftClusterStaticValidateDelta(t *testing.T) {
 			oc: func() *OpenShiftCluster {
 				return &OpenShiftCluster{
 					Properties: OpenShiftClusterProperties{
-						RegistryProfiles: []RegistryProfile{{Name: "test", Username: "testuser", Expiry: toDate(time.Now())}},
+						RegistryProfiles: []RegistryProfile{{Name: "test", Username: "testuser", IssueDate: toDate(time.Now())}},
 					},
 				}
 			},
 			modify: func(oc *OpenShiftCluster) {
-				oc.Properties.RegistryProfiles[0].Expiry = toDate(time.Now().UTC().Add(time.Hour * 24 * 30))
+				oc.Properties.RegistryProfiles[0].IssueDate = toDate(time.Now().UTC().Add(time.Hour * 24 * 30))
 			},
 			wantErr: "400: PropertyChangeNotAllowed: properties.registryProfiles: Changing property 'properties.registryProfiles' is not allowed.",
 		},
--- a/pkg/api/openshiftcluster.go
+++ b/pkg/api/openshiftcluster.go
@ -788,7 +788,7 @@ type RegistryProfile struct {
 	Name     string       `json:"name,omitempty"`
 	Username string       `json:"username,omitempty"`
 	Password SecureString `json:"password,omitempty"`
-	Expiry   *date.Time   `json:"expiry,omitempty"`
+	IssueDate *date.Time   `json:"issueDate,omitempty"`
 }

 // Install represents an install process
--- a/pkg/cluster/acrtoken.go
+++ b/pkg/cluster/acrtoken.go
@ -7,6 +7,7 @@ import (
 	"context"
 	"time"

+	"github.com/Azure/go-autorest/autorest/date"
 	corev1 "k8s.io/api/core/v1"
 	kerrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -57,6 +58,7 @@ func (m *manager) ensureACRToken(ctx context.Context) error {
 		}

 		rp.Password = api.SecureString(password)
+		rp.IssueDate = &date.Time{Time: time.Now().UTC()}

 		m.doc, err = m.db.PatchWithLease(ctx, m.doc.Key, func(doc *api.OpenShiftClusterDocument) error {
 			token.PutRegistryProfile(doc.OpenShiftCluster, rp)
--- a/pkg/mimo/tasks/cluster/acrtoken_checker.go
+++ b/pkg/mimo/tasks/cluster/acrtoken_checker.go
@ -35,7 +35,7 @@ func EnsureACRTokenIsValid(ctx context.Context) error {
 	rp := manager.GetRegistryProfileFromSlice(registryProfiles)
 	if rp != nil {
 		var now = time.Now().UTC()
-		expiry := registryProfiles[0].Expiry
+		expiry := registryProfiles[0].IssueDate

 		switch {
 		case expiry == nil:
--- a/pkg/mimo/tasks/cluster/acrtoken_checker_test.go
+++ b/pkg/mimo/tasks/cluster/acrtoken_checker_test.go
@ -56,9 +56,9 @@ func TestEnsureACRToken(t *testing.T) {
 					Properties: api.OpenShiftClusterProperties{
 						RegistryProfiles: []*api.RegistryProfile{
 							{
-								Name:     registryName + ".azurecr.io",
-								Username: "testuser",
-								Expiry:   nil,
+								Name:      registryName + ".azurecr.io",
+								Username:  "testuser",
+								IssueDate: nil,
 							},
 						},
 					},
@ -74,14 +74,14 @@ func TestEnsureACRToken(t *testing.T) {
 					Properties: api.OpenShiftClusterProperties{
 						RegistryProfiles: []*api.RegistryProfile{
 							{
-								Name:     "arosvc.azurecr.io",
-								Username: "testuser",
-								Expiry:   &date.Time{Time: time.Date(2024, 1, 1, 0, 0, 0, 0, time.UTC)},
+								Name:      "arosvc.azurecr.io",
+								Username:  "testuser",
+								IssueDate: &date.Time{Time: time.Date(2024, 1, 1, 0, 0, 0, 0, time.UTC)},
 							},
 							{
-								Name:     "arointsvc.azurecr.io",
-								Username: "testuser",
-								Expiry:   &date.Time{Time: time.Date(2024, 1, 9, 0, 0, 0, 0, time.UTC)},
+								Name:      "arointsvc.azurecr.io",
+								Username:  "testuser",
+								IssueDate: &date.Time{Time: time.Date(2024, 1, 9, 0, 0, 0, 0, time.UTC)},
 							},
 						},
 					},
--- a/pkg/util/acrtoken/acrtoken.go
+++ b/pkg/util/acrtoken/acrtoken.go
@ -87,7 +87,7 @@ func (m *manager) NewRegistryProfile(oc *api.OpenShiftCluster) *api.RegistryProf
 	return &api.RegistryProfile{
 		Name:     fmt.Sprintf("%s.%s", m.r.ResourceName, m.env.Environment().ContainerRegistryDNSSuffix),
 		Username: "token-" + uuid.DefaultGenerator.Generate(),
-		Expiry:   &date.Time{Time: tokenExpiration},
+		IssueDate: &date.Time{Time: tokenExpiration},
 	}
 }

@ -169,7 +169,6 @@ func (m *manager) generateTokenPassword(ctx context.Context, passwordName mgmtco
 	creds, err := m.registries.GenerateCredentials(ctx, m.r.ResourceGroup, m.r.ResourceName, mgmtcontainerregistry.GenerateCredentialsParameters{
 		TokenID: to.StringPtr(m.env.ACRResourceID() + "/tokens/" + rp.Username),
 		Name:    passwordName,
-		Expiry:  rp.Expiry,
 	})
 	if err != nil {
 		return "", err
--- a/pkg/util/acrtoken/acrtoken_test.go
+++ b/pkg/util/acrtoken/acrtoken_test.go
@ -68,7 +68,7 @@ func TestEnsureTokenAndPassword(t *testing.T) {
 		tokens:     tokens,
 	}

-	password, err := m.EnsureTokenAndPassword(ctx, &api.RegistryProfile{Username: tokenName, Expiry: &date.Time{Time: tokenExpiration}})
+	password, err := m.EnsureTokenAndPassword(ctx, &api.RegistryProfile{Username: tokenName, IssueDate: &date.Time{Time: tokenExpiration}})
 	if err != nil {
 		t.Fatal(err)
 	}