Upgrade fluxcd/pkg auth, oci, git and git/gogit

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

cmd/flux/build_artifact.go

@@ -26,7 +26,7 @@ import (
 
 	"github.com/spf13/cobra"
 
-	oci "github.com/fluxcd/pkg/oci/client"
+	"github.com/fluxcd/pkg/oci"
 	"github.com/fluxcd/pkg/sourceignore"
 )
 

cmd/flux/diff_artifact.go

@@ -21,7 +21,7 @@ import (
 	"fmt"
 	"os"
 
-	oci "github.com/fluxcd/pkg/oci/client"
+	"github.com/fluxcd/pkg/oci"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/spf13/cobra"
@@ -102,12 +102,7 @@ func diffArtifactCmdRun(cmd *cobra.Command, args []string) error {
 
 	if diffArtifactArgs.provider.String() != sourcev1.GenericOCIProvider {
 		logger.Actionf("logging in to registry with provider credentials")
-		ociProvider, err := diffArtifactArgs.provider.ToOCIProvider()
+		if err := ociClient.LoginWithProvider(ctx, url, diffArtifactArgs.provider.String()); err != nil {
-		if err != nil {
-			return fmt.Errorf("provider not supported: %w", err)
-		}
-
-		if err := ociClient.LoginWithProvider(ctx, url, ociProvider); err != nil {
 			return fmt.Errorf("error during login with provider: %w", err)
 		}
 	}

cmd/flux/list_artifact.go

@@ -23,7 +23,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/spf13/cobra"
 
-	oci "github.com/fluxcd/pkg/oci/client"
+	"github.com/fluxcd/pkg/oci"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 
 	"github.com/fluxcd/flux2/v2/internal/flags"
@@ -98,12 +98,7 @@ func listArtifactsCmdRun(cmd *cobra.Command, args []string) error {
 
 	if listArtifactArgs.provider.String() != sourcev1.GenericOCIProvider {
 		logger.Actionf("logging in to registry with provider credentials")
-		ociProvider, err := listArtifactArgs.provider.ToOCIProvider()
+		if err := ociClient.LoginWithProvider(ctx, url, listArtifactArgs.provider.String()); err != nil {
-		if err != nil {
-			return fmt.Errorf("provider not supported: %w", err)
-		}
-
-		if err := ociClient.LoginWithProvider(ctx, url, ociProvider); err != nil {
 			return fmt.Errorf("error during login with provider: %w", err)
 		}
 	}

cmd/flux/pull_artifact.go

@@ -27,7 +27,7 @@ import (
 
 	"github.com/fluxcd/flux2/v2/internal/flags"
 
-	oci "github.com/fluxcd/pkg/oci/client"
+	"github.com/fluxcd/pkg/oci"
 )
 
 var pullArtifactCmd = &cobra.Command{
@@ -103,12 +103,7 @@ func pullArtifactCmdRun(cmd *cobra.Command, args []string) error {
 
 	if pullArtifactArgs.provider.String() != sourcev1.GenericOCIProvider {
 		logger.Actionf("logging in to registry with provider credentials")
-		ociProvider, err := pullArtifactArgs.provider.ToOCIProvider()
+		if err := ociClient.LoginWithProvider(ctx, url, pullArtifactArgs.provider.String()); err != nil {
-		if err != nil {
-			return fmt.Errorf("provider not supported: %w", err)
-		}
-
-		if err := ociClient.LoginWithProvider(ctx, url, ociProvider); err != nil {
 			return fmt.Errorf("error during login with provider: %w", err)
 		}
 	}

cmd/flux/push_artifact.go

@@ -33,9 +33,8 @@ import (
 	"github.com/spf13/cobra"
 	"sigs.k8s.io/yaml"
 
+	authutils "github.com/fluxcd/pkg/auth/utils"
 	"github.com/fluxcd/pkg/oci"
-	"github.com/fluxcd/pkg/oci/auth/login"
-	"github.com/fluxcd/pkg/oci/client"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 
 	"github.com/fluxcd/flux2/v2/internal/flags"
@@ -161,7 +160,7 @@ func pushArtifactCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("invalid path %q", pushArtifactArgs.path)
 	}
 
-	url, err := client.ParseArtifactURL(ociURL)
+	url, err := oci.ParseArtifactURL(ociURL)
 	if err != nil {
 		return err
 	}
@@ -200,7 +199,7 @@ func pushArtifactCmdRun(cmd *cobra.Command, args []string) error {
 		logs.Warn.SetOutput(os.Stderr)
 	}
 
-	meta := client.Metadata{
+	meta := oci.Metadata{
 		Source:      pushArtifactArgs.source,
 		Revision:    pushArtifactArgs.revision,
 		Annotations: annotations,
@@ -214,29 +213,24 @@ func pushArtifactCmdRun(cmd *cobra.Command, args []string) error {
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
 
-	var auth authn.Authenticator
+	var authenticator authn.Authenticator
-	opts := client.DefaultOptions()
+	opts := oci.DefaultOptions()
 	if pushArtifactArgs.provider.String() == sourcev1.GenericOCIProvider && pushArtifactArgs.creds != "" {
 		logger.Actionf("logging in to registry with credentials")
-		auth, err = client.GetAuthFromCredentials(pushArtifactArgs.creds)
+		authenticator, err = oci.GetAuthFromCredentials(pushArtifactArgs.creds)
 		if err != nil {
 			return fmt.Errorf("could not login with credentials: %w", err)
 		}
-		opts = append(opts, crane.WithAuth(auth))
+		opts = append(opts, crane.WithAuth(authenticator))
 	}
 
 	if pushArtifactArgs.provider.String() != sourcev1.GenericOCIProvider {
 		logger.Actionf("logging in to registry with provider credentials")
-		ociProvider, err := pushArtifactArgs.provider.ToOCIProvider()
+		authenticator, err = authutils.GetArtifactRegistryCredentials(ctx, pushArtifactArgs.provider.String(), url)
-		if err != nil {
-			return fmt.Errorf("provider not supported: %w", err)
-		}
-
-		auth, err = login.NewManager().Login(ctx, url, ref, getProviderLoginOption(ociProvider))
 		if err != nil {
 			return fmt.Errorf("error during login with provider: %w", err)
 		}
-		opts = append(opts, crane.WithAuth(auth))
+		opts = append(opts, crane.WithAuth(authenticator))
 	}
 
 	if rootArgs.timeout != 0 {
@@ -251,17 +245,17 @@ func pushArtifactCmdRun(cmd *cobra.Command, args []string) error {
 			Cap:   rootArgs.timeout,
 		}
 
-		if auth == nil {
+		if authenticator == nil {
-			auth, err = authn.DefaultKeychain.Resolve(ref.Context())
+			authenticator, err = authn.DefaultKeychain.Resolve(ref.Context())
 			if err != nil {
 				return err
 			}
 		}
-		transportOpts, err := client.WithRetryTransport(ctx, ref, auth, backoff, []string{ref.Context().Scope(transport.PushScope)})
+		transportOpts, err := oci.WithRetryTransport(ctx, ref, authenticator, backoff, []string{ref.Context().Scope(transport.PushScope)})
 		if err != nil {
 			return fmt.Errorf("error setting up transport: %w", err)
 		}
-		opts = append(opts, transportOpts, client.WithRetryBackOff(backoff))
+		opts = append(opts, transportOpts, oci.WithRetryBackOff(backoff))
 	}
 
 	if pushArtifactArgs.output == "" {
@@ -272,10 +266,10 @@ func pushArtifactCmdRun(cmd *cobra.Command, args []string) error {
 		opts = append(opts, crane.Insecure)
 	}
 
-	ociClient := client.NewClient(opts)
+	ociClient := oci.NewClient(opts)
 	digestURL, err := ociClient.Push(ctx, url, path,
-		client.WithPushMetadata(meta),
+		oci.WithPushMetadata(meta),
-		client.WithPushIgnorePaths(pushArtifactArgs.ignorePaths...),
+		oci.WithPushIgnorePaths(pushArtifactArgs.ignorePaths...),
 	)
 	if err != nil {
 		return fmt.Errorf("pushing artifact failed: %w", err)
@@ -323,16 +317,3 @@ func pushArtifactCmdRun(cmd *cobra.Command, args []string) error {
 
 	return nil
 }
-
-func getProviderLoginOption(provider oci.Provider) login.ProviderOptions {
-	var opts login.ProviderOptions
-	switch provider {
-	case oci.ProviderAzure:
-		opts.AzureAutoLogin = true
-	case oci.ProviderAWS:
-		opts.AwsAutoLogin = true
-	case oci.ProviderGCP:
-		opts.GcpAutoLogin = true
-	}
-	return opts
-}

cmd/flux/tag_artifact.go

@@ -22,7 +22,7 @@ import (
 
 	"github.com/spf13/cobra"
 
-	oci "github.com/fluxcd/pkg/oci/client"
+	"github.com/fluxcd/pkg/oci"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 
 	"github.com/fluxcd/flux2/v2/internal/flags"
@@ -89,12 +89,7 @@ func tagArtifactCmdRun(cmd *cobra.Command, args []string) error {
 
 	if tagArtifactArgs.provider.String() != sourcev1.GenericOCIProvider {
 		logger.Actionf("logging in to registry with provider credentials")
-		ociProvider, err := tagArtifactArgs.provider.ToOCIProvider()
+		if err := ociClient.LoginWithProvider(ctx, url, tagArtifactArgs.provider.String()); err != nil {
-		if err != nil {
-			return fmt.Errorf("provider not supported: %w", err)
-		}
-
-		if err := ociClient.LoginWithProvider(ctx, url, ociProvider); err != nil {
 			return fmt.Errorf("error during login with provider: %w", err)
 		}
 	}

go.mod

@@ -19,12 +19,13 @@ require (
 	github.com/fluxcd/notification-controller/api v1.5.0
 	github.com/fluxcd/pkg/apis/event v0.17.0
 	github.com/fluxcd/pkg/apis/meta v1.11.0
+	github.com/fluxcd/pkg/auth v0.12.0
 	github.com/fluxcd/pkg/chartutil v1.3.0
 	github.com/fluxcd/pkg/envsubst v1.4.0
-	github.com/fluxcd/pkg/git v0.27.0
+	github.com/fluxcd/pkg/git v0.29.0
-	github.com/fluxcd/pkg/git/gogit v0.27.0
+	github.com/fluxcd/pkg/git/gogit v0.31.0
 	github.com/fluxcd/pkg/kustomize v1.17.0
-	github.com/fluxcd/pkg/oci v0.46.0
+	github.com/fluxcd/pkg/oci v0.48.0
 	github.com/fluxcd/pkg/runtime v0.59.0
 	github.com/fluxcd/pkg/sourceignore v0.12.0
 	github.com/fluxcd/pkg/ssa v0.46.0
@@ -65,6 +66,7 @@ require (
 )
 
 require (
+	cloud.google.com/go/compute/metadata v0.6.0 // indirect
 	code.gitea.io/sdk/gitea v0.21.0 // indirect
 	dario.cat/mergo v1.0.1 // indirect
 	github.com/42wim/httpsig v1.2.2 // indirect
@@ -120,8 +122,7 @@ require (
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fluxcd/pkg/apis/acl v0.7.0 // indirect
 	github.com/fluxcd/pkg/apis/kustomize v1.10.0 // indirect
-	github.com/fluxcd/pkg/auth v0.10.0 // indirect
+	github.com/fluxcd/pkg/cache v0.9.0 // indirect
-	github.com/fluxcd/pkg/cache v0.8.0 // indirect
 	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.8.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect

go.sum

@@ -1,3 +1,5 @@
+cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
+cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg=
 code.gitea.io/sdk/gitea v0.21.0 h1:69n6oz6kEVHRo1+APQQyizkhrZrLsTLXey9142pfkD4=
 code.gitea.io/sdk/gitea v0.21.0/go.mod h1:tnBjVhuKJCn8ibdyyhvUyxrR1Ca2KHEoTWoukNhXQPA=
 dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
@@ -105,6 +107,8 @@ github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ
 github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
 github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRccTampEyKpjpOnS3CyiV1Ebr8=
 github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU=
+github.com/coreos/go-oidc/v3 v3.14.1 h1:9ePWwfdwC4QKRlCXsJGou56adA/owXczOzwKdOumLqk=
+github.com/coreos/go-oidc/v3 v3.14.1/go.mod h1:HaZ3szPaZ0e4r6ebqvsLWlk2Tn+aejfmrfah6hnSYEU=
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0=
@@ -175,24 +179,24 @@ github.com/fluxcd/pkg/apis/kustomize v1.10.0 h1:47EeSzkQvlQZdH92vHMe2lK2iR8aOSEJ
 github.com/fluxcd/pkg/apis/kustomize v1.10.0/go.mod h1:UsqMV4sqNa1Yg0pmTsdkHRJr7bafBOENIJoAN+3ezaQ=
 github.com/fluxcd/pkg/apis/meta v1.11.0 h1:h8q95k6ZEK1HCfsLkt8Np3i6ktb6ZzcWJ6hg++oc9w0=
 github.com/fluxcd/pkg/apis/meta v1.11.0/go.mod h1:+son1Va60x2eiDcTwd7lcctbI6C+K3gM7R+ULmEq1SI=
-github.com/fluxcd/pkg/auth v0.10.0 h1:acvokI08SVwZwYMMtlUqglZCPPSJKMvvFZ/3zRwWsLI=
+github.com/fluxcd/pkg/auth v0.12.0 h1:35o0ziYMLZVgJwNvJBGsv/wd903B2fMagcrnm1ptUjc=
-github.com/fluxcd/pkg/auth v0.10.0/go.mod h1:Fpzdo9QOpmWRs60s/frxy1sFb+XGN2WNDIty5aJjnbY=
+github.com/fluxcd/pkg/auth v0.12.0/go.mod h1:gQD2VT5OhIR1E8ZTEsTaho3bDQZidr9P10smH/awcew=
-github.com/fluxcd/pkg/cache v0.8.0 h1:juNNGmJ2qKK16oLgX3mFA20kyo+LcfPwIBjt9KGG+S4=
+github.com/fluxcd/pkg/cache v0.9.0 h1:EGKfOLMG3fOwWnH/4Axl5xd425mxoQbZzlZoLfd8PDk=
-github.com/fluxcd/pkg/cache v0.8.0/go.mod h1:jMwabjWfsC5lW8hE7NM3wtGNwSJ38Javx6EKbEi7INU=
+github.com/fluxcd/pkg/cache v0.9.0/go.mod h1:jMwabjWfsC5lW8hE7NM3wtGNwSJ38Javx6EKbEi7INU=
 github.com/fluxcd/pkg/chartutil v1.3.0 h1:Zoc+AIyKL4YU4PaLL/iGv9VRLujeWT2Mvj4BLGFGKlg=
 github.com/fluxcd/pkg/chartutil v1.3.0/go.mod h1:O7eIdk0wgejua/8ikabfMFmwPv5mSDbHgZCyfTnL06U=
 github.com/fluxcd/pkg/envsubst v1.4.0 h1:pYsb6wrmXOSfHXuXQHaaBBMt3LumhgCb8SMdBNAwV/U=
 github.com/fluxcd/pkg/envsubst v1.4.0/go.mod h1:zSDFO3Wawi+vI2NPxsMQp+EkIsz/85MNg/s1Wzmqt+s=
-github.com/fluxcd/pkg/git v0.27.0 h1:/IHNNKQY2eopq3xWjUpvx6F3WmH2RqWQ3gmRyeBfcUg=
+github.com/fluxcd/pkg/git v0.29.0 h1:MHQ4F53e6Xt8a/POkd/fiChgysnd/XqiuK7vOWXAXLk=
-github.com/fluxcd/pkg/git v0.27.0/go.mod h1:s0EFqP4jTKkUq0z/jSlsIhnIAl6HvPTnucrkSqRxE5Q=
+github.com/fluxcd/pkg/git v0.29.0/go.mod h1:Ygn+LfrK6Ok+85uiq6s3NWG5LcHS4KY7mzES2JDJsGY=
-github.com/fluxcd/pkg/git/gogit v0.27.0 h1:JIlOHd3z8JWfe+Vnjz2dwBnF5faq9jjVhLqH1HhjxWU=
+github.com/fluxcd/pkg/git/gogit v0.31.0 h1:A56cmtgJBkWAj+gXSOdhPMQVTx0VF91S0PUaqpMXN4g=
-github.com/fluxcd/pkg/git/gogit v0.27.0/go.mod h1:Jq7B+JKlZmKDlYk1CAVr2wfJJMLPlY8pK18g7UY7MaE=
+github.com/fluxcd/pkg/git/gogit v0.31.0/go.mod h1:ya8z22xTvAAdW12HycxKYv4S+G+lqu5Kx/LyO/jWz8Y=
 github.com/fluxcd/pkg/gittestserver v0.17.0 h1:JlBvWZQTDOI+np5Z+084m3DkeAH1hMusEybyRUDF63k=
 github.com/fluxcd/pkg/gittestserver v0.17.0/go.mod h1:E/40EmLoXcMqd6gLuLDC9F6KJxqHVGbBBeMNKk5XdxU=
 github.com/fluxcd/pkg/kustomize v1.17.0 h1:tLL8KvxHqTTZug3Q8TLvIbLC/ygEedOqdBock1r+Wiw=
 github.com/fluxcd/pkg/kustomize v1.17.0/go.mod h1:BxdXD7Fmfa63PIZRe2aP6KpDh2aXUfO7Yd/ljwhagPI=
-github.com/fluxcd/pkg/oci v0.46.0 h1:0AoCvP5YyRi6kPWu5ZTexzfTUXLomqYretwcWW7qpVU=
+github.com/fluxcd/pkg/oci v0.48.0 h1:iSK4JDM0nx9plSlOGx2aI4td6aQdV/awrfXK/bzI35I=
-github.com/fluxcd/pkg/oci v0.46.0/go.mod h1:Nt9WWbtVq9SST+ItKcTctRJ4BrK5va3wQvn1CEGI7XY=
+github.com/fluxcd/pkg/oci v0.48.0/go.mod h1:rnUC8EOpzQp4rugpmopYFMnG3+CR1wqEV3356gHUtSY=
 github.com/fluxcd/pkg/runtime v0.59.0 h1:3OrFkMJB39NcQ2vhhoxqls59sQVSn8U+thhyLbsQoA4=
 github.com/fluxcd/pkg/runtime v0.59.0/go.mod h1:MFbfyNyyoYRgPxpdwC9/dCOkzo7Yxhu/cQ9NKyhvqc0=
 github.com/fluxcd/pkg/sourceignore v0.12.0 h1:jCIe6d50rQ3wdXPF0+PhhqN0XrTRIq3upMomPelI8Mw=
@@ -227,6 +231,8 @@ github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMj
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
 github.com/go-git/go-git/v5 v5.16.0 h1:k3kuOEpkc0DeY7xlL6NaaNg39xdgQbtH5mwCafHO9AQ=
 github.com/go-git/go-git/v5 v5.16.0/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
+github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=
+github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-ldap/ldap/v3 v3.4.10 h1:ot/iwPOhfpNVgB1o+AVXljizWZ9JTp7YF5oeyONmcJU=
 github.com/go-ldap/ldap/v3 v3.4.10/go.mod h1:JXh4Uxgi40P6E9rdsYqpUtbW46D9UTjJ9QSwGRznplY=

internal/flags/source_oci_provider.go

@@ -21,7 +21,6 @@ import (
 	"strings"
 
 	"github.com/fluxcd/flux2/v2/internal/utils"
-	"github.com/fluxcd/pkg/oci"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
 )
 
@@ -32,13 +31,6 @@ var supportedSourceOCIProviders = []string{
 	sourcev1.GoogleOCIProvider,
 }
 
-var sourceOCIProvidersToOCIProvider = map[string]oci.Provider{
-	sourcev1.GenericOCIProvider: oci.ProviderGeneric,
-	sourcev1.AmazonOCIProvider:  oci.ProviderAWS,
-	sourcev1.AzureOCIProvider:   oci.ProviderAzure,
-	sourcev1.GoogleOCIProvider:  oci.ProviderGCP,
-}
-
 type SourceOCIProvider string
 
 func (p *SourceOCIProvider) String() string {
@@ -68,12 +60,3 @@ func (p *SourceOCIProvider) Description() string {
 		strings.Join(supportedSourceOCIProviders, ", "),
 	)
 }
-
-func (p *SourceOCIProvider) ToOCIProvider() (oci.Provider, error) {
-	value, ok := sourceOCIProvidersToOCIProvider[p.String()]
-	if !ok {
-		return 0, fmt.Errorf("no mapping between source OCI provider %s and OCI provider", p.String())
-	}
-
-	return value, nil
-}