addressing comments

Signed-off-by: Vishwanath Hiremath <[email protected]>

pkg/rp/util/authclient/awsirsa.go

@@ -41,16 +41,19 @@ type awsIRSA struct {
 	roleARN string
 }
 
+// NewAwsIRSA creates a new awsIRSA instance.
 func NewAwsIRSA(roleARN string) AuthClient {
 	return &awsIRSA{roleARN: roleARN}
 }
 
+// GetAuthClient retrieves an authenticated client for accessing remote client for interacting with an Amazon ECR registry using AWS IRSA.
 func (b *awsIRSA) GetAuthClient(ctx context.Context, templatePath string) (remote.Client, error) {
 	registryHost, err := getRegistryHostname(templatePath)
 	if err != nil {
 		return nil, err
 	}
 
+	// Determine the AWS region for the ECR registry based on the registry hostname.
 	region, err := getECRRegion(registryHost)
 	if err != nil {
 		return nil, err
@@ -62,6 +65,7 @@ func (b *awsIRSA) GetAuthClient(ctx context.Context, templatePath string) (remot
 		return nil, errors.New("first error : " + err.Error())
 	}
 
+	// Create a credentials cache using the Web Identity Role Provider for AWS STS.
 	credsCache := aws.NewCredentialsCache(stscreds.NewWebIdentityRoleProvider(
 		sts.NewFromConfig(awscfg),
 		b.roleARN,
@@ -89,12 +93,14 @@ func (b *awsIRSA) GetAuthClient(ctx context.Context, templatePath string) (remot
 		return nil, fmt.Errorf("no authorization data found")
 	}
 
+	// Decode the authorization token from base64 encoding.
 	authData := authTokenOutput.AuthorizationData[0]
 	authToken, err := base64.StdEncoding.DecodeString(*authData.AuthorizationToken)
 	if err != nil {
 		return nil, fmt.Errorf("failed to decode authorization token: %w", err)
 	}
 
+	// Split the decoded token into username and password.
 	creds := strings.SplitN(string(authToken), ":", 2)
 	if len(creds) != 2 {
 		return nil, fmt.Errorf("malformed authorization token")

pkg/rp/util/registry.go

@@ -136,6 +136,8 @@ func parsePath(path string) (repository string, tag string, err error) {
 	return
 }
 
+// GetRegistrySecrets retrieves secret data based on the recipe configuration and template path.
+// It matches the secretstore resource ID associated with the template path in recipe configuration to the secretstore resource id in the secrets data.
 func GetRegistrySecrets(definition recipes.Configuration, templatePath string, secrets map[string]recipes.SecretData) (recipes.SecretData, error) {
 	parsedURL, err := url.Parse("https://" + templatePath)
 	if err != nil {

pkg/rp/util/registry_test.go

@@ -44,6 +44,7 @@ func Test_GetRegistrySecrets(t *testing.T) {
 		templatePath string
 		secrets      map[string]recipes.SecretData
 		exp          recipes.SecretData
+		err          string
 	}{
 		{
 			definition: recipes.Configuration{
@@ -96,10 +97,43 @@ func Test_GetRegistrySecrets(t *testing.T) {
 			},
 			exp: recipes.SecretData{},
 		},
+		{
+			definition: recipes.Configuration{
+				RecipeConfig: datamodel.RecipeConfigProperties{
+					Bicep: datamodel.BicepConfigProperties{
+						Authentication: map[string]datamodel.RegistrySecretConfig{
+							"test.azurecr.io": {
+								Secret: "/planes/radius/local/resourcegroups/default/providers/Applications.Core/secretStores/acr",
+							},
+							"123456789012.dkr.ecr.us-west-2.amazonaws.com": {
+								Secret: "/planes/radius/local/resourcegroups/default/providers/Applications.Core/secretStores/ecr",
+							},
+						},
+					},
+				},
+			},
+			templatePath: "test.azu recr.io/test-private-registry:latest",
+			secrets: map[string]recipes.SecretData{
+				"/planes/radius/local/resourcegroups/default/providers/Applications.Core/secretStores/acr": {
+					Type: "basicAuthentication",
+					Data: map[string]string{
+						"username": "test-username",
+						"password": "test-password",
+					},
+				},
+			},
+			exp: recipes.SecretData{},
+			err: "invalid character \" \" in host name",
+		},
 	}
 	for _, tc := range testset {
 		secrets, err := GetRegistrySecrets(tc.definition, tc.templatePath, tc.secrets)
-		require.NoError(t, err)
-		require.Equal(t, secrets, tc.exp)
+		if tc.err != "" {
+			require.Error(t, err)
+			require.Contains(t, err.Error(), tc.err)
+		} else {
+			require.NoError(t, err)
+			require.Equal(t, secrets, tc.exp)
+		}
 	}
 }