From df138b969b0b4bdc9d6613ddd1e29170d2dc34af Mon Sep 17 00:00:00 2001
From: Suruthi-G-K <shruthi.suruthi@gmail.com>
Date: Thu, 16 Mar 2023 20:56:30 +0100
Subject: [PATCH 1/6] Add support for Trusted Profile authentication

Signed-off-by: Suruthi Ganesan Kalavathy <shruthi.suruthi@gmail.com>
---
 .../trusted_profile_credentials_provider.go   | 167 ++++++++++++++
 go.mod                                        |   1 +
 go.sum                                        | 215 +++++++++++++++++-
 3 files changed, 381 insertions(+), 2 deletions(-)
 create mode 100644 aws/credentials/ibmiam/trusted_profile_credentials_provider.go

diff --git a/aws/credentials/ibmiam/trusted_profile_credentials_provider.go b/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
new file mode 100644
index 00000000..47176db1
--- /dev/null
+++ b/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
@@ -0,0 +1,167 @@
+package ibmiam
+
+import (
+	"github.com/IBM/go-sdk-core/v5/core"
+	"github.com/IBM/ibm-cos-sdk-go/aws"
+	"github.com/IBM/ibm-cos-sdk-go/aws/awserr"
+	"github.com/IBM/ibm-cos-sdk-go/aws/credentials"
+	"github.com/IBM/ibm-cos-sdk-go/aws/credentials/ibmiam/token"
+)
+
+const TrustedProfileProviderName = "TrustedProfileProviderNameIBM"
+
+// TrustedProfileProvider Struct
+type TrustedProfileProvider struct {
+	// Name of Provider
+	providerName string
+
+	// Type of Provider - SharedCred, SharedConfig, etc.
+	providerType string
+
+	// Authenticator implements an IAM-based authentication schema
+	authenticator *core.ContainerAuthenticator
+
+	// Error
+	ErrorStatus error
+
+	// Logger attributes
+	logger   aws.Logger
+	logLevel *aws.LogLevelType
+}
+
+// NewTrustedProfileProvider allows the creation of a custom IBM IAM Provider
+// Parameters:
+//
+//	Provider Name
+//	AWS Config
+//	Trusted Profile Name
+//	Compute Resource Token File Path
+//	IBM IAM Authentication Server Endpoint
+//	Service Instance ID
+//
+// Returns:
+//
+//	TrustedProfileProvider
+func NewTrustedProfileProvider(providerName string, config *aws.Config, trustedProfileName, crTokenFilePath,
+	authEndPoint string) *TrustedProfileProvider {
+	provider := new(TrustedProfileProvider)
+
+	provider.providerName = providerName
+	provider.providerType = "oauth"
+
+	logLevel := aws.LogLevel(aws.LogOff)
+	if config != nil && config.LogLevel != nil && config.Logger != nil {
+		logLevel = config.LogLevel
+		provider.logger = config.Logger
+	}
+	provider.logLevel = logLevel
+
+	if crTokenFilePath == "" {
+		provider.ErrorStatus = awserr.New("crTokenFilePathNotFound", "CR token file path not found", nil)
+		if provider.logLevel.Matches(aws.LogDebug) {
+			provider.logger.Log(debugLog, "<IBM IAM PROVIDER BUILD>", provider.ErrorStatus)
+		}
+
+		return provider
+	}
+
+	if trustedProfileName == "" {
+		provider.ErrorStatus = awserr.New("trustedProfileNameNotFound", "Trusted Profile name not found", nil)
+		if provider.logLevel.Matches(aws.LogDebug) {
+			provider.logger.Log(debugLog, "<IBM IAM PROVIDER BUILD>", provider.ErrorStatus)
+		}
+
+		return provider
+	}
+
+	if authEndPoint == "" {
+		authEndPoint = defaultAuthEndPoint
+		if provider.logLevel.Matches(aws.LogDebug) {
+			provider.logger.Log(debugLog, "<IBM IAM PROVIDER BUILD>", "using default auth endpoint", authEndPoint)
+		}
+	}
+
+	authenticator, err := core.NewContainerAuthenticatorBuilder().
+		SetIAMProfileName(trustedProfileName).
+		SetCRTokenFilename(crTokenFilePath).
+		SetURL("").
+		Build()
+	if err != nil {
+		provider.ErrorStatus = awserr.New("errCreatingAuthenticatorClient", "cannot setup new Authenticator client", err)
+		if provider.logLevel.Matches(aws.LogDebug) {
+			provider.logger.Log(debugLog, "<IBM IAM PROVIDER BUILD>", provider.ErrorStatus)
+		}
+
+		return provider
+	}
+
+	provider.authenticator = authenticator
+
+	return provider
+}
+
+// IsValid ...
+// Returns:
+//
+//	Provider validation - boolean
+func (p *TrustedProfileProvider) IsValid() bool {
+	return nil == p.ErrorStatus
+}
+
+// Retrieve ...
+// Returns:
+//
+//	Credential values
+//	Error
+func (p *TrustedProfileProvider) Retrieve() (credentials.Value, error) {
+	if p.ErrorStatus != nil {
+		if p.logLevel.Matches(aws.LogDebug) {
+			p.logger.Log(debugLog, ibmiamProviderLog, p.providerName, p.ErrorStatus)
+		}
+		return credentials.Value{ProviderName: p.providerName}, p.ErrorStatus
+	}
+
+	tokenValue, err := p.authenticator.RequestToken()
+	if err != nil {
+		var returnErr error
+		if p.logLevel.Matches(aws.LogDebug) {
+			p.logger.Log(debugLog, ibmiamProviderLog, p.providerName, "ERROR ON GET token", err)
+			returnErr = awserr.New("TokenManagerRetrieveError", "error retrieving the token", err)
+		} else {
+			returnErr = awserr.New("TokenManagerRetrieveError", "error retrieving the token", nil)
+		}
+		return credentials.Value{}, returnErr
+	}
+	if p.logLevel.Matches(aws.LogDebug) {
+		p.logger.Log(debugLog, ibmiamProviderLog, p.providerName, "GET TOKEN", tokenValue)
+	}
+
+	token := token.Token{
+		AccessToken:  tokenValue.AccessToken,
+		RefreshToken: tokenValue.RefreshToken,
+		TokenType:    tokenValue.TokenType,
+		ExpiresIn:    tokenValue.ExpiresIn,
+		Expiration:   tokenValue.Expiration,
+	}
+
+	return credentials.Value{Token: token, ProviderName: p.providerName, ProviderType: p.providerType}, nil
+}
+
+// IsExpired ...
+//
+//	TrustedProfileProvider expired or not - boolean
+func (p *TrustedProfileProvider) IsExpired() bool {
+	return true
+}
+
+// NewTPProvider constructor of the IBM IAM provider that uses trusted profile and CR token passed directly
+// Returns: NewTrustedProfileProvider (AWS type)
+func NewTPProvider(config *aws.Config, authEndPoint, trusterProfileName, crTokenFilePath string) *TrustedProfileProvider {
+	return NewTrustedProfileProvider(TrustedProfileProviderName, config, trusterProfileName, crTokenFilePath, authEndPoint)
+}
+
+// NewTrustedProfileCredentials constructor for IBM IAM that uses IAM credentials passed in
+// Returns: credentials.NewCredentials(NewTPProvider()) (AWS type)
+func NewTrustedProfileCredentials(config *aws.Config, authEndPoint, trusterProfileName, crTokenFilePath string) *credentials.Credentials {
+	return credentials.NewCredentials(NewTPProvider(config, authEndPoint, trusterProfileName, crTokenFilePath))
+}
diff --git a/go.mod b/go.mod
index 3d77dee6..3954ed78 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,7 @@
 module github.com/IBM/ibm-cos-sdk-go
 
 require (
+	github.com/IBM/go-sdk-core/v5 v5.13.1
 	github.com/jmespath/go-jmespath v0.4.0
 	github.com/pkg/errors v0.9.1
 	github.com/stretchr/testify v1.8.2
diff --git a/go.sum b/go.sum
index 3959273f..f44b5151 100644
--- a/go.sum
+++ b/go.sum
@@ -1,61 +1,272 @@
+github.com/IBM/go-sdk-core/v5 v5.13.1 h1:zD6p3t1whAlRJo/VBmE69c8RcH9LCHL1n0/sO1MWlpw=
+github.com/IBM/go-sdk-core/v5 v5.13.1/go.mod h1:pVkN7IGmsSdmR1ZCU4E/cLcCclqRKMYgg7ya+O2Mk6g=
+github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
+github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
+github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
+github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
+github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
+github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc=
+github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk=
+github.com/go-openapi/strfmt v0.21.3 h1:xwhj5X6CjXEZZHMWy1zKJxvW9AfHC9pkyUjLvHtKG7o=
+github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.11.2 h1:q3SHpufmypg+erIExEKUmsgmhDTyhcJ38oeKGACXohU=
+github.com/go-playground/validator/v10 v10.11.2/go.mod h1:NieE624vt4SCTJtD87arVLvdmjPAeV8BQlHtMnw9D7s=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI=
+github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
+github.com/hashicorp/go-retryablehttp v0.7.2 h1:AcYqCvkpalPnPF2pn0KamgwamS42TqUDDYFRKq/RAd0=
+github.com/hashicorp/go-retryablehttp v0.7.2/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
+github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
+github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
+github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
+github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
+github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
+github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
+github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
+github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
+github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
+github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
+github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU=
+github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk=
+github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0=
+github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo=
+github.com/onsi/ginkgo/v2 v2.5.0/go.mod h1:Luc4sArBICYCS8THh8v3i3i5CuSZO+RaQRaJoeNwomw=
+github.com/onsi/ginkgo/v2 v2.7.0/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo=
+github.com/onsi/ginkgo/v2 v2.8.1 h1:xFTEVwOFa1D/Ty24Ws1npBWkDYEV9BqZrsDxVrVkrrU=
+github.com/onsi/ginkgo/v2 v2.8.1/go.mod h1:N1/NbDngAFcSLdyZ+/aYTYGSlq9qMCS/cNKGJjy+csc=
+github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
+github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
+github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo=
+github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc=
+github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM=
+github.com/onsi/gomega v1.24.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg=
+github.com/onsi/gomega v1.24.1/go.mod h1:3AOiACssS3/MajrniINInwbfOOtfZvplPzuRSmvt1jM=
+github.com/onsi/gomega v1.26.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM=
+github.com/onsi/gomega v1.27.1 h1:rfztXRbg6nv/5f+Raen9RcGoSecHIFgBBLQK3Wdj754=
+github.com/onsi/gomega v1.27.1/go.mod h1:aHX5xOykVYzWOV4WqQy0sy8BQptgukenXpCXfadcIAw=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
+github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
+github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
+github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
+github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
+github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
+github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8=
+go.mongodb.org/mongo-driver v1.11.2 h1:+1v2rDQUWNcGW7/7E0Jvdz51V38XXxJfhzbV17aNHCw=
+go.mongodb.org/mongo-driver v1.11.2/go.mod h1:s7p5vEtfbeR1gYi6pnj3c3/urpbLv2T5Sfd6Rp2HBB8=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE=
+golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
+golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
+golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
+golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
+golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
+golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

From 2bc78eb6ca8b3a05d3f7f1ac5a9f899a6e7f6451 Mon Sep 17 00:00:00 2001
From: Suruthi Ganesan Kalavathy <shruthi.suruthi@gmail.com>
Date: Fri, 17 Mar 2023 18:17:11 +0530
Subject: [PATCH 2/6] Add unit test case

Signed-off-by: Suruthi Ganesan Kalavathy <shruthi.suruthi@gmail.com>
---
 aws/credentials/ibmiam/providers_test.go      | 54 +++++++++++++------
 .../trusted_profile_credentials_provider.go   |  2 +-
 2 files changed, 38 insertions(+), 18 deletions(-)

diff --git a/aws/credentials/ibmiam/providers_test.go b/aws/credentials/ibmiam/providers_test.go
index 6b07ace4..982ab6eb 100644
--- a/aws/credentials/ibmiam/providers_test.go
+++ b/aws/credentials/ibmiam/providers_test.go
@@ -22,6 +22,10 @@ const (
 	serviceinstanceid = "sii"
 	// IBM IAM Authentication Server Endpoint
 	authendpoint = "aep"
+	// trustedProfileName
+	trustedProfileName = "test-trusted-profile"
+	// crTokenFilePath
+	crTokenFilePath = "/tmp/token"
 )
 
 // Mock Token Manager
@@ -35,13 +39,14 @@ type tokenManagerMock struct {
 
 // Mock Token Manager Using GET Function
 // Returns:
-//		Token object that has following
-//		- Access Token
-//		- Refresh Token
-//		- Token Type
-//		- Expires in (terms of seconds)
-//		- Expiration time
-//		Error object
+//
+//	Token object that has following
+//	- Access Token
+//	- Refresh Token
+//	- Token Type
+//	- Expires in (terms of seconds)
+//	- Expiration time
+//	Error object
 func (tmm *tokenManagerMock) Get() (*token.Token, error) {
 	return &token.Token{
 		AccessToken:  "A",
@@ -69,15 +74,18 @@ func (tmm *tokenManagerMock) StartBackgroundRefresh() {
 
 // Mock Token Manager Constructor
 // Parameters:
-//		AWS Config
-//		IBM IAM API Key
-//		IBM IAM Authentication Server Endpoint
-//		Advisory Refresh Timeout
-//		Manadatory Refresh Timeout
-//		Timer
-//		Token Manager Client Do Operation
+//
+//	AWS Config
+//	IBM IAM API Key
+//	IBM IAM Authentication Server Endpoint
+//	Advisory Refresh Timeout
+//	Manadatory Refresh Timeout
+//	Timer
+//	Token Manager Client Do Operation
+//
 // Returns:
-//		Mock Token Manager with API KEY and IBM IAM Authentication Server Endpoint
+//
+//	Mock Token Manager with API KEY and IBM IAM Authentication Server Endpoint
 func newTMMock(_ *aws.Config, apiKey string, authEndPoint string, _,
 	_ func(time.Duration) time.Duration, _ func() time.Time,
 	_ tokenmanager.IBMClientDo) tokenmanager.API {
@@ -108,6 +116,16 @@ func TestStaticApiKey(t *testing.T) {
 	assert.Equal(t, tk.ServiceInstanceID, serviceinstanceid, "e4")
 }
 
+// Test Trusted Profile Authentication using cr token
+func TestTrustedProfile(t *testing.T) {
+	prov := NewTrustedProfileProvider(TrustedProfileProviderName, &aws.Config{}, trustedProfileName, crTokenFilePath, authendpoint)
+
+	assert.Equal(t, trustedProfileName, prov.authenticator.IAMProfileName, "trusted profile name did not match")
+	assert.Equal(t, authendpoint, prov.authenticator.URL, "auth endpoint did not match")
+	assert.Equal(t, crTokenFilePath, prov.authenticator.CRTokenFilename, "cr token filepath did not match")
+	assert.Equal(t, TrustedProfileProviderName, prov.providerName, "provider name did not match")
+}
+
 // Test Environment Variable Provider with IBM IAM API Key
 func TestEnvApiKey(t *testing.T) {
 	os.Setenv("IBM_API_KEY_ID", apikey)
@@ -127,9 +145,11 @@ func TestEnvApiKey(t *testing.T) {
 }
 
 // Create an INI variable with IBM IAM credentials with three profiles:
+//
 //	-Default with IBM IAM credentials
 //	-Shared Credentials with IBM IAM credentials
 //	-Shared Config with IBM IAM credentials
+//
 // Each one has API Key, Service Instance ID, IBM IAM Authentication Endpoint
 var iniContent = `
 [default]
@@ -266,7 +286,6 @@ func TestSharedCredProfileApiKey(t *testing.T) {
 	assert.Equal(t, serviceinstanceid+"CRED", tk.ServiceInstanceID, "e4")
 }
 
-//
 // Mock Token Manager Two
 // Uses the first mock of token manager
 type tokenManagerMock2 struct {
@@ -281,7 +300,8 @@ func (tmm *tokenManagerMock2) Get() (*token.Token, error) {
 
 // Mock Token Manager Two Constructor
 // Returns:
-//		Mock Token Manager with IBM IAM Authentication Server Endpoint
+//
+//	Mock Token Manager with IBM IAM Authentication Server Endpoint
 func newTMMock2(_ *aws.Config, init func() (*token.Token, error), authEndPoint string, _,
 	_ func(time.Duration) time.Duration, _ func() time.Time,
 	_ tokenmanager.IBMClientDo) tokenmanager.API {
diff --git a/aws/credentials/ibmiam/trusted_profile_credentials_provider.go b/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
index 47176db1..820dcb0d 100644
--- a/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
+++ b/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
@@ -84,7 +84,7 @@ func NewTrustedProfileProvider(providerName string, config *aws.Config, trustedP
 	authenticator, err := core.NewContainerAuthenticatorBuilder().
 		SetIAMProfileName(trustedProfileName).
 		SetCRTokenFilename(crTokenFilePath).
-		SetURL("").
+		SetURL(authEndPoint).
 		Build()
 	if err != nil {
 		provider.ErrorStatus = awserr.New("errCreatingAuthenticatorClient", "cannot setup new Authenticator client", err)

From 8112659f71baf7e972cf7ed7fc1ff9479e8dccbb Mon Sep 17 00:00:00 2001
From: Suruthi Ganesan Kalavathy <shruthi.suruthi@gmail.com>
Date: Fri, 17 Mar 2023 18:48:10 +0530
Subject: [PATCH 3/6] Add support for trusted profile ID

Co-authored-by: shahulsonhal <shahulsonhal@gmail.com>
Signed-off-by: Suruthi Ganesan Kalavathy <shruthi.suruthi@gmail.com>
---
 aws/credentials/ibmiam/providers_test.go      |  5 ++++-
 .../trusted_profile_credentials_provider.go   | 21 ++++++++++---------
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/aws/credentials/ibmiam/providers_test.go b/aws/credentials/ibmiam/providers_test.go
index 982ab6eb..e2d58a7f 100644
--- a/aws/credentials/ibmiam/providers_test.go
+++ b/aws/credentials/ibmiam/providers_test.go
@@ -24,6 +24,8 @@ const (
 	authendpoint = "aep"
 	// trustedProfileName
 	trustedProfileName = "test-trusted-profile"
+	// trustedProfileID
+	trustedProfileID = "test-trusted-profile-id"
 	// crTokenFilePath
 	crTokenFilePath = "/tmp/token"
 )
@@ -118,9 +120,10 @@ func TestStaticApiKey(t *testing.T) {
 
 // Test Trusted Profile Authentication using cr token
 func TestTrustedProfile(t *testing.T) {
-	prov := NewTrustedProfileProvider(TrustedProfileProviderName, &aws.Config{}, trustedProfileName, crTokenFilePath, authendpoint)
+	prov := NewTrustedProfileProvider(TrustedProfileProviderName, &aws.Config{}, trustedProfileName, trustedProfileID, crTokenFilePath, authendpoint)
 
 	assert.Equal(t, trustedProfileName, prov.authenticator.IAMProfileName, "trusted profile name did not match")
+	assert.Equal(t, trustedProfileID, prov.authenticator.IAMProfileID, "trusted profile ID did not match")
 	assert.Equal(t, authendpoint, prov.authenticator.URL, "auth endpoint did not match")
 	assert.Equal(t, crTokenFilePath, prov.authenticator.CRTokenFilename, "cr token filepath did not match")
 	assert.Equal(t, TrustedProfileProviderName, prov.providerName, "provider name did not match")
diff --git a/aws/credentials/ibmiam/trusted_profile_credentials_provider.go b/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
index 820dcb0d..84154283 100644
--- a/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
+++ b/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
@@ -42,7 +42,7 @@ type TrustedProfileProvider struct {
 // Returns:
 //
 //	TrustedProfileProvider
-func NewTrustedProfileProvider(providerName string, config *aws.Config, trustedProfileName, crTokenFilePath,
+func NewTrustedProfileProvider(providerName string, config *aws.Config, trustedProfileName, trustedProfileID, crTokenFilePath,
 	authEndPoint string) *TrustedProfileProvider {
 	provider := new(TrustedProfileProvider)
 
@@ -65,8 +65,8 @@ func NewTrustedProfileProvider(providerName string, config *aws.Config, trustedP
 		return provider
 	}
 
-	if trustedProfileName == "" {
-		provider.ErrorStatus = awserr.New("trustedProfileNameNotFound", "Trusted Profile name not found", nil)
+	if trustedProfileName == "" && trustedProfileID == "" {
+		provider.ErrorStatus = awserr.New("trustedProfileNotFound", "Trusted profile name or id not found", nil)
 		if provider.logLevel.Matches(aws.LogDebug) {
 			provider.logger.Log(debugLog, "<IBM IAM PROVIDER BUILD>", provider.ErrorStatus)
 		}
@@ -83,6 +83,7 @@ func NewTrustedProfileProvider(providerName string, config *aws.Config, trustedP
 
 	authenticator, err := core.NewContainerAuthenticatorBuilder().
 		SetIAMProfileName(trustedProfileName).
+		SetIAMProfileID(trustedProfileID).
 		SetCRTokenFilename(crTokenFilePath).
 		SetURL(authEndPoint).
 		Build()
@@ -103,7 +104,7 @@ func NewTrustedProfileProvider(providerName string, config *aws.Config, trustedP
 // IsValid ...
 // Returns:
 //
-//	Provider validation - boolean
+//	TrustedProfileProvider validation - boolean
 func (p *TrustedProfileProvider) IsValid() bool {
 	return nil == p.ErrorStatus
 }
@@ -126,9 +127,9 @@ func (p *TrustedProfileProvider) Retrieve() (credentials.Value, error) {
 		var returnErr error
 		if p.logLevel.Matches(aws.LogDebug) {
 			p.logger.Log(debugLog, ibmiamProviderLog, p.providerName, "ERROR ON GET token", err)
-			returnErr = awserr.New("TokenManagerRetrieveError", "error retrieving the token", err)
+			returnErr = awserr.New("TokenRetrieveError", "error retrieving the token", err)
 		} else {
-			returnErr = awserr.New("TokenManagerRetrieveError", "error retrieving the token", nil)
+			returnErr = awserr.New("TokenRetrieveError", "error retrieving the token", nil)
 		}
 		return credentials.Value{}, returnErr
 	}
@@ -156,12 +157,12 @@ func (p *TrustedProfileProvider) IsExpired() bool {
 
 // NewTPProvider constructor of the IBM IAM provider that uses trusted profile and CR token passed directly
 // Returns: NewTrustedProfileProvider (AWS type)
-func NewTPProvider(config *aws.Config, authEndPoint, trusterProfileName, crTokenFilePath string) *TrustedProfileProvider {
-	return NewTrustedProfileProvider(TrustedProfileProviderName, config, trusterProfileName, crTokenFilePath, authEndPoint)
+func NewTPProvider(config *aws.Config, authEndPoint, trusterProfileName, trustedProfileID, crTokenFilePath string) *TrustedProfileProvider {
+	return NewTrustedProfileProvider(TrustedProfileProviderName, config, trusterProfileName, trustedProfileID, crTokenFilePath, authEndPoint)
 }
 
 // NewTrustedProfileCredentials constructor for IBM IAM that uses IAM credentials passed in
 // Returns: credentials.NewCredentials(NewTPProvider()) (AWS type)
-func NewTrustedProfileCredentials(config *aws.Config, authEndPoint, trusterProfileName, crTokenFilePath string) *credentials.Credentials {
-	return credentials.NewCredentials(NewTPProvider(config, authEndPoint, trusterProfileName, crTokenFilePath))
+func NewTrustedProfileCredentials(config *aws.Config, authEndPoint, trusterProfileName, trustedProfileID, crTokenFilePath string) *credentials.Credentials {
+	return credentials.NewCredentials(NewTPProvider(config, authEndPoint, trusterProfileName, trustedProfileID, crTokenFilePath))
 }

From bb8f7689af4c33a405fa5177fc91cb88089b3e56 Mon Sep 17 00:00:00 2001
From: shahulsonhal <shahulsonhal@gmail.com>
Date: Fri, 17 Mar 2023 15:17:06 +0100
Subject: [PATCH 4/6] Remove logging token value

Signed-off-by: shahulsonhal <shahulsonhal@gmail.com>
---
 .../trusted_profile_credentials_provider.go     | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/aws/credentials/ibmiam/trusted_profile_credentials_provider.go b/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
index 84154283..553b2329 100644
--- a/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
+++ b/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
@@ -133,19 +133,12 @@ func (p *TrustedProfileProvider) Retrieve() (credentials.Value, error) {
 		}
 		return credentials.Value{}, returnErr
 	}
-	if p.logLevel.Matches(aws.LogDebug) {
-		p.logger.Log(debugLog, ibmiamProviderLog, p.providerName, "GET TOKEN", tokenValue)
-	}
-
-	token := token.Token{
-		AccessToken:  tokenValue.AccessToken,
-		RefreshToken: tokenValue.RefreshToken,
-		TokenType:    tokenValue.TokenType,
-		ExpiresIn:    tokenValue.ExpiresIn,
-		Expiration:   tokenValue.Expiration,
-	}
 
-	return credentials.Value{Token: token, ProviderName: p.providerName, ProviderType: p.providerType}, nil
+	return credentials.Value{
+		Token:        token.Token(*tokenValue),
+		ProviderName: p.providerName,
+		ProviderType: p.providerType,
+	}, nil
 }
 
 // IsExpired ...

From 783a3b441b88b940a759c2148e4399606d30e3ea Mon Sep 17 00:00:00 2001
From: shahulsonhal <shahulsonhal@gmail.com>
Date: Mon, 20 Mar 2023 14:39:44 +0100
Subject: [PATCH 5/6] Fetch trusted profile token only if it is expired

- Update retrieve function to fetch token only if it is expired.
  Replaced `RequestToken` with `GetToken` function.
- Add test case for trusted profile retrieve function

Co-authored-by: Suruthi-G-K <shruthi.suruthi@gmail.com>
Signed-off-by: shahulsonhal <shahulsonhal@gmail.com>
---
 aws/credentials/ibmiam/providers_test.go      | 49 +++++++++++++++++--
 .../trusted_profile_credentials_provider.go   | 13 +++--
 2 files changed, 54 insertions(+), 8 deletions(-)

diff --git a/aws/credentials/ibmiam/providers_test.go b/aws/credentials/ibmiam/providers_test.go
index e2d58a7f..1761a8ee 100644
--- a/aws/credentials/ibmiam/providers_test.go
+++ b/aws/credentials/ibmiam/providers_test.go
@@ -1,8 +1,11 @@
 package ibmiam
 
 import (
+	"encoding/json"
 	"fmt"
 	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
 	"os"
 	"testing"
 	"time"
@@ -11,6 +14,7 @@ import (
 	"github.com/IBM/ibm-cos-sdk-go/aws/credentials/ibmiam/token"
 	"github.com/IBM/ibm-cos-sdk-go/aws/credentials/ibmiam/tokenmanager"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 const (
@@ -26,8 +30,6 @@ const (
 	trustedProfileName = "test-trusted-profile"
 	// trustedProfileID
 	trustedProfileID = "test-trusted-profile-id"
-	// crTokenFilePath
-	crTokenFilePath = "/tmp/token"
 )
 
 // Mock Token Manager
@@ -120,13 +122,50 @@ func TestStaticApiKey(t *testing.T) {
 
 // Test Trusted Profile Authentication using cr token
 func TestTrustedProfile(t *testing.T) {
-	prov := NewTrustedProfileProvider(TrustedProfileProviderName, &aws.Config{}, trustedProfileName, trustedProfileID, crTokenFilePath, authendpoint)
+	testToken := "test"
+
+	authServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		token := token.Token{
+			AccessToken:  testToken,
+			RefreshToken: "not-supported",
+			TokenType:    tokenType,
+			ExpiresIn:    int64((time.Hour * 24).Seconds()),
+			Expiration:   time.Now().Add(time.Hour * 24).Unix(),
+		}
+
+		data, err := json.Marshal(token)
+		require.NoError(t, err)
+
+		w.WriteHeader(http.StatusAccepted)
+		_, err = w.Write(data)
+		require.NoError(t, err)
+	}))
+
+	file, err := ioutil.TempFile(os.TempDir(), "crtoken")
+	require.NoError(t, err)
+	fmt.Println(file.Name())
+	defer os.Remove(file.Name())
+
+	_, err = file.Write([]byte("test cr token"))
+	require.NoError(t, err)
+	defer file.Close()
+
+	prov := NewTrustedProfileProvider(TrustedProfileProviderName, &aws.Config{}, trustedProfileName,
+		trustedProfileID, file.Name(), authServer.URL)
 
 	assert.Equal(t, trustedProfileName, prov.authenticator.IAMProfileName, "trusted profile name did not match")
 	assert.Equal(t, trustedProfileID, prov.authenticator.IAMProfileID, "trusted profile ID did not match")
-	assert.Equal(t, authendpoint, prov.authenticator.URL, "auth endpoint did not match")
-	assert.Equal(t, crTokenFilePath, prov.authenticator.CRTokenFilename, "cr token filepath did not match")
+	assert.Equal(t, authServer.URL, prov.authenticator.URL, "auth endpoint did not match")
+	assert.Equal(t, file.Name(), prov.authenticator.CRTokenFilename, "cr token filepath did not match")
 	assert.Equal(t, TrustedProfileProviderName, prov.providerName, "provider name did not match")
+
+	cred, err := prov.Retrieve()
+	require.NoError(t, err)
+
+	assert.Equal(t, testToken, cred.AccessToken)
+	assert.Equal(t, tokenType, cred.TokenType)
+	assert.Equal(t, TrustedProfileProviderName, prov.providerName)
+	assert.Equal(t, "oauth", prov.providerType)
 }
 
 // Test Environment Variable Provider with IBM IAM API Key
diff --git a/aws/credentials/ibmiam/trusted_profile_credentials_provider.go b/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
index 553b2329..41486f40 100644
--- a/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
+++ b/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
@@ -8,9 +8,13 @@ import (
 	"github.com/IBM/ibm-cos-sdk-go/aws/credentials/ibmiam/token"
 )
 
-const TrustedProfileProviderName = "TrustedProfileProviderNameIBM"
+const (
+	TrustedProfileProviderName = "TrustedProfileProviderNameIBM"
+	tokenType                  = "Bearer"
+)
 
 // TrustedProfileProvider Struct
+// This implements Provider interface
 type TrustedProfileProvider struct {
 	// Name of Provider
 	providerName string
@@ -122,7 +126,7 @@ func (p *TrustedProfileProvider) Retrieve() (credentials.Value, error) {
 		return credentials.Value{ProviderName: p.providerName}, p.ErrorStatus
 	}
 
-	tokenValue, err := p.authenticator.RequestToken()
+	tokenValue, err := p.authenticator.GetToken()
 	if err != nil {
 		var returnErr error
 		if p.logLevel.Matches(aws.LogDebug) {
@@ -135,7 +139,10 @@ func (p *TrustedProfileProvider) Retrieve() (credentials.Value, error) {
 	}
 
 	return credentials.Value{
-		Token:        token.Token(*tokenValue),
+		Token: token.Token{
+			AccessToken: tokenValue,
+			TokenType:   tokenType,
+		},
 		ProviderName: p.providerName,
 		ProviderType: p.providerType,
 	}, nil

From 7b793c2a8b254882864e017a4dce4d2341908c59 Mon Sep 17 00:00:00 2001
From: shahulsonhal <shahulsonhal@gmail.com>
Date: Mon, 20 Mar 2023 16:47:15 +0100
Subject: [PATCH 6/6] Address review comments

Signed-off-by: shahulsonhal <shahulsonhal@gmail.com>
---
 aws/credentials/ibmiam/providers_test.go      | 40 ++++++++-----------
 .../trusted_profile_credentials_provider.go   |  7 +++-
 2 files changed, 21 insertions(+), 26 deletions(-)

diff --git a/aws/credentials/ibmiam/providers_test.go b/aws/credentials/ibmiam/providers_test.go
index 1761a8ee..9e0dab21 100644
--- a/aws/credentials/ibmiam/providers_test.go
+++ b/aws/credentials/ibmiam/providers_test.go
@@ -43,14 +43,13 @@ type tokenManagerMock struct {
 
 // Mock Token Manager Using GET Function
 // Returns:
-//
-//	Token object that has following
-//	- Access Token
-//	- Refresh Token
-//	- Token Type
-//	- Expires in (terms of seconds)
-//	- Expiration time
-//	Error object
+//		Token object that has following
+//		- Access Token
+//		- Refresh Token
+//		- Token Type
+//		- Expires in (terms of seconds)
+//		- Expiration time
+//		Error object
 func (tmm *tokenManagerMock) Get() (*token.Token, error) {
 	return &token.Token{
 		AccessToken:  "A",
@@ -78,18 +77,15 @@ func (tmm *tokenManagerMock) StartBackgroundRefresh() {
 
 // Mock Token Manager Constructor
 // Parameters:
-//
-//	AWS Config
-//	IBM IAM API Key
-//	IBM IAM Authentication Server Endpoint
-//	Advisory Refresh Timeout
-//	Manadatory Refresh Timeout
-//	Timer
-//	Token Manager Client Do Operation
-//
+//		AWS Config
+//		IBM IAM API Key
+//		IBM IAM Authentication Server Endpoint
+//		Advisory Refresh Timeout
+//		Manadatory Refresh Timeout
+//		Timer
+//		Token Manager Client Do Operation
 // Returns:
-//
-//	Mock Token Manager with API KEY and IBM IAM Authentication Server Endpoint
+//		Mock Token Manager with API KEY and IBM IAM Authentication Server Endpoint
 func newTMMock(_ *aws.Config, apiKey string, authEndPoint string, _,
 	_ func(time.Duration) time.Duration, _ func() time.Time,
 	_ tokenmanager.IBMClientDo) tokenmanager.API {
@@ -143,7 +139,6 @@ func TestTrustedProfile(t *testing.T) {
 
 	file, err := ioutil.TempFile(os.TempDir(), "crtoken")
 	require.NoError(t, err)
-	fmt.Println(file.Name())
 	defer os.Remove(file.Name())
 
 	_, err = file.Write([]byte("test cr token"))
@@ -187,11 +182,9 @@ func TestEnvApiKey(t *testing.T) {
 }
 
 // Create an INI variable with IBM IAM credentials with three profiles:
-//
 //	-Default with IBM IAM credentials
 //	-Shared Credentials with IBM IAM credentials
 //	-Shared Config with IBM IAM credentials
-//
 // Each one has API Key, Service Instance ID, IBM IAM Authentication Endpoint
 var iniContent = `
 [default]
@@ -342,8 +335,7 @@ func (tmm *tokenManagerMock2) Get() (*token.Token, error) {
 
 // Mock Token Manager Two Constructor
 // Returns:
-//
-//	Mock Token Manager with IBM IAM Authentication Server Endpoint
+//		Mock Token Manager with IBM IAM Authentication Server Endpoint
 func newTMMock2(_ *aws.Config, init func() (*token.Token, error), authEndPoint string, _,
 	_ func(time.Duration) time.Duration, _ func() time.Time,
 	_ tokenmanager.IBMClientDo) tokenmanager.API {
diff --git a/aws/credentials/ibmiam/trusted_profile_credentials_provider.go b/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
index 41486f40..e1ffbf7d 100644
--- a/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
+++ b/aws/credentials/ibmiam/trusted_profile_credentials_provider.go
@@ -39,9 +39,9 @@ type TrustedProfileProvider struct {
 //	Provider Name
 //	AWS Config
 //	Trusted Profile Name
+//	Trusted Profile ID
 //	Compute Resource Token File Path
 //	IBM IAM Authentication Server Endpoint
-//	Service Instance ID
 //
 // Returns:
 //
@@ -150,7 +150,10 @@ func (p *TrustedProfileProvider) Retrieve() (credentials.Value, error) {
 
 // IsExpired ...
 //
-//	TrustedProfileProvider expired or not - boolean
+// TrustedProfileProvider expired or not - boolean
+// The GetToken function in Retrieve method is checking whether the token is expired
+// or not before making the call to the server. Here we are skipping the expiry check
+// since the token variable in authenticator is not an exported variable.
 func (p *TrustedProfileProvider) IsExpired() bool {
 	return true
 }