From b2790ee8bc60e1338fb73d6825770f3168dbdc1c Mon Sep 17 00:00:00 2001
From: Paolo Di Tommaso <paolo.ditommaso@gmail.com>
Date: Fri, 12 Jul 2024 19:13:05 +0200
Subject: [PATCH] Simplify credentials lookup

Signed-off-by: Paolo Di Tommaso <paolo.ditommaso@gmail.com>
---
 .../auth/RegistryCredentialsProvider.groovy   | 26 +++++++++++++++++++
 .../wave/core/RegistryProxyService.groovy     |  4 +--
 .../ContainerInspectServiceImpl.groovy        | 12 +++------
 3 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/src/main/groovy/io/seqera/wave/auth/RegistryCredentialsProvider.groovy b/src/main/groovy/io/seqera/wave/auth/RegistryCredentialsProvider.groovy
index 325c9aa04..1bc6134e5 100644
--- a/src/main/groovy/io/seqera/wave/auth/RegistryCredentialsProvider.groovy
+++ b/src/main/groovy/io/seqera/wave/auth/RegistryCredentialsProvider.groovy
@@ -40,6 +40,15 @@ interface RegistryCredentialsProvider {
      */
     RegistryCredentials getDefaultCredentials(String registry)
 
+    /**
+     * Provides the default credentials for the specified container
+     *
+     * @param container
+     *      A container name e.g. docker.io/library/ubuntu.
+     * @return
+     *      A {@link RegistryCredentials} object holding the credentials for the specified container or {@code null}
+     *      if not credentials can be found
+     */
     RegistryCredentials getDefaultCredentials(ContainerPath container)
 
     /**
@@ -56,4 +65,21 @@ interface RegistryCredentialsProvider {
      */
     RegistryCredentials getUserCredentials(ContainerPath container, PlatformId identity)
 
+    /**
+     * Provides the credentials for the specified container. When the platform identity is provider
+     * this is equivalent to #getUserCredentials.
+     *
+     * @param container
+     *      A container name e.g. docker.io/library/ubuntu.
+     * @param identity
+     *      The platform identity of the user submitting the request
+     * @return
+     *      A {@link RegistryCredentials} object holding the credentials for the specified container or {@code null}
+     *      if not credentials can be found
+     */
+    default RegistryCredentials getCredentials(ContainerPath container, PlatformId identity) {
+        return !identity
+                ? getDefaultCredentials(container)
+                : getUserCredentials(container, identity)
+    }
 }
diff --git a/src/main/groovy/io/seqera/wave/core/RegistryProxyService.groovy b/src/main/groovy/io/seqera/wave/core/RegistryProxyService.groovy
index da1f75db3..3ecd517c1 100644
--- a/src/main/groovy/io/seqera/wave/core/RegistryProxyService.groovy
+++ b/src/main/groovy/io/seqera/wave/core/RegistryProxyService.groovy
@@ -107,9 +107,7 @@ class RegistryProxyService {
     }
 
     protected RegistryCredentials getCredentials(RoutePath route) {
-        final result = !route.identity
-                ? credentialsProvider.getDefaultCredentials(route)
-                : credentialsProvider.getUserCredentials(route, route.identity)
+        final result = credentialsProvider.getCredentials(route, route.identity)
         log.debug "Credentials for route path=${route.targetContainer}; identity=${route.identity} => ${result}"
         return result
     }
diff --git a/src/main/groovy/io/seqera/wave/service/inspect/ContainerInspectServiceImpl.groovy b/src/main/groovy/io/seqera/wave/service/inspect/ContainerInspectServiceImpl.groovy
index 862b3bc30..ddf868bcb 100644
--- a/src/main/groovy/io/seqera/wave/service/inspect/ContainerInspectServiceImpl.groovy
+++ b/src/main/groovy/io/seqera/wave/service/inspect/ContainerInspectServiceImpl.groovy
@@ -105,9 +105,7 @@ class ContainerInspectServiceImpl implements ContainerInspectService {
                 // skip this index host because it has already be added to the list
                 continue
             }
-            final creds = !identity
-                    ? credentialsProvider.getDefaultCredentials(path)
-                    : credentialsProvider.getUserCredentials(path, identity)
+            final creds = credentialsProvider.getCredentials(path, identity)
             log.debug "Build credentials for repository: $repo => $creds"
             if( !creds ) {
                 // skip this host because there are no credentials
@@ -177,9 +175,7 @@ class ContainerInspectServiceImpl implements ContainerInspectService {
             else if( item instanceof InspectRepository ) {
                 final path = ContainerCoordinates.parse(item.getImage())
 
-                final creds = !identity
-                        ? credentialsProvider.getDefaultCredentials(path)
-                        : credentialsProvider.getUserCredentials(path, identity)
+                final creds = credentialsProvider.getCredentials(path, identity)
                 log.debug "Config credentials for repository: ${item.getImage()} => $creds"
 
                 final entry = fetchConfig0(path, creds).config?.entrypoint
@@ -219,9 +215,7 @@ class ContainerInspectServiceImpl implements ContainerInspectService {
     ContainerSpec containerSpec(String containerImage, PlatformId identity) {
         final path = ContainerCoordinates.parse(containerImage)
 
-        final creds = !identity
-                ? credentialsProvider.getDefaultCredentials(path)
-                : credentialsProvider.getUserCredentials(path, identity)
+        final creds = credentialsProvider.getCredentials(path, identity)
         log.debug "Inspect credentials for repository: ${containerImage} => $creds"
 
         final client = client0(path, creds)