getUsernameAndPassword gets a username (kargo) and password (installation access token) for the given app/client ID, installation ID, PEM-encoded GitHub App private key, and repo URL.
( ctx context.Context, appOrClientID string, installationID int64, encodedPrivateKey string, repoURL string, )
| 142 | // access token) for the given app/client ID, installation ID, PEM-encoded |
| 143 | // GitHub App private key, and repo URL. |
| 144 | func (p *AppCredentialProvider) getUsernameAndPassword( |
| 145 | ctx context.Context, |
| 146 | appOrClientID string, |
| 147 | installationID int64, |
| 148 | encodedPrivateKey string, |
| 149 | repoURL string, |
| 150 | ) (*credentials.Credentials, error) { |
| 151 | cacheKey := p.tokenCacheKey( |
| 152 | appOrClientID, |
| 153 | installationID, |
| 154 | encodedPrivateKey, |
| 155 | repoURL, |
| 156 | ) |
| 157 | |
| 158 | logger := logging.LoggerFromContext(ctx).WithValues( |
| 159 | "provider", "githubApp", |
| 160 | "repoURL", repoURL, |
| 161 | ) |
| 162 | |
| 163 | // Check the cache for the token |
| 164 | if entry, exists := p.tokenCache.Get(cacheKey); exists { |
| 165 | logger.Debug("installation access token cache hit") |
| 166 | return &credentials.Credentials{ |
| 167 | Username: accessTokenUsername, |
| 168 | Password: entry.(string), // nolint: forcetypeassert |
| 169 | }, nil |
| 170 | } |
| 171 | logger.Debug("installation access token cache miss") |
| 172 | |
| 173 | // Cache miss, get a new token |
| 174 | token, err := p.getAccessTokenFn( |
| 175 | appOrClientID, |
| 176 | installationID, |
| 177 | encodedPrivateKey, |
| 178 | repoURL, |
| 179 | ) |
| 180 | if err != nil { |
| 181 | return nil, fmt.Errorf("error getting installation access token: %w", err) |
| 182 | } |
| 183 | logger.Debug("obtained new installation access token") |
| 184 | |
| 185 | ttl := credentials.CalculateCacheTTL(token.Expiry, tokenCacheExpiryMargin) |
| 186 | logger.Debug( |
| 187 | "caching installation access token", |
| 188 | "expiry", token.Expiry, |
| 189 | "ttl", ttl, |
| 190 | ) |
| 191 | p.tokenCache.Set(cacheKey, token.AccessToken, ttl) |
| 192 | |
| 193 | return &credentials.Credentials{ |
| 194 | Username: accessTokenUsername, |
| 195 | Password: token.AccessToken, |
| 196 | }, nil |
| 197 | } |
| 198 | |
| 199 | // getAccessToken gets an installation access token for the given app/client ID, |
| 200 | // installation ID, PEM-encoded GitHub App private key, and repo URL. |