remove effective_on attribute from tracker, use expires_on only

dheerajodha · dheerajodha · commit f6f0170711b2 · 2025-07-16T16:51:56.000+05:30
- Remove effective_on field from taskRecord struct - Replace effective_on logic with expires_on-only approach - Most recent records (index 0) have no expires_on (always valid) - Older records expire after 60 days with day-boundary rounding - Maintain backward compatibility for --in-effect-days flag (ignored) - Update all tests to reflect new expires_on-only behavior resolves: EC-423
diff --git a/cmd/track/track_bundle.go b/cmd/track/track_bundle.go
@@ -62,14 +62,14 @@ func trackBundleCmd(track trackBundleFn, pullImage pullImageFn, pushImage pushIm
 			or a digest is required.
 
 			The output is meant to assist enforcement of policies that ensure the
-			most recent Tekton Bundle is used. As such, each entry contains an
-			"effective_on" date which is set to 30 days from today. This indicates
-			the Tekton Bundle usage should be updated within that period.
-
-			If --prune is set, on by default, non-acceptable entries are removed.
-			Any entry with an effective_on date in the future, and the entry with
-			the most recent effective_on date *not* in the future are considered
-			acceptable.
+			most recent Tekton Bundle is used. Each entry contains an "expires_on"
+			date which indicates when that specific bundle version should no longer
+			be used. The most recent bundle has no expiration date until it is
+			replaced by a newer version.
+
+			If --prune is set, on by default, expired entries are removed.
+			Any entry with an expires_on date in the future (or no expires_on date)
+			is considered acceptable and will be kept.
 		`),
 
 		Example: hd.Doc(`
@@ -181,7 +181,7 @@ func trackBundleCmd(track trackBundleFn, pullImage pullImageFn, pushImage pushIm
 
 	cmd.Flags().BoolVar(&params.freshen, "freshen", params.freshen, "resolve image tags to catch updates and use the latest image for the tag")
 
-	cmd.Flags().IntVar(&params.inEffectDays, "in-effect-days", params.inEffectDays, "number of days representing when the added reference becomes effective")
+	cmd.Flags().IntVar(&params.inEffectDays, "in-effect-days", params.inEffectDays, "number of days after which older bundle entries expire (most recent entry stays valid until replaced)")
 
 	cmd.MarkFlagsOneRequired("bundle", "git", "input")
 
diff --git a/cmd/track/track_bundle_test.go b/cmd/track/track_bundle_test.go
@@ -25,6 +25,7 @@ import (
 	"testing"
 
 	"github.com/spf13/afero"
+	"github.com/spf13/pflag"
 	"github.com/stretchr/testify/assert"
 
 	"github.com/conforma/cli/cmd/root"
@@ -204,6 +205,19 @@ func Test_TrackBundleCommand(t *testing.T) {
 			expectPrune:        true,
 			expectInEffectDays: 666,
 		},
+		{
+			name: "verify backward compatibility of in-effect-days flag",
+			args: []string{
+				"--bundle",
+				"registry/image:tag",
+				"--in-effect-days",
+				"100",
+			},
+			expectUrls:         []string{"registry/image:tag"},
+			expectStdout:       true,
+			expectPrune:        true,
+			expectInEffectDays: 100,
+		},
 	}
 
 	for _, c := range cases {
@@ -269,6 +283,33 @@ func Test_TrackBundleCommand(t *testing.T) {
 	}
 }
 
+// TestBundleCommandHelp tests that the command help reflects the new expires_on behavior
+func TestBundleCommandHelp(t *testing.T) {
+	trackBundleCmd := trackBundleCmd(nil, nil, nil)
+
+	// Verify the long description mentions expires_on
+	assert.Contains(t, trackBundleCmd.Long, "expires_on",
+		"Command help should mention expires_on")
+
+	// Verify it explains the new behavior
+	assert.Contains(t, trackBundleCmd.Long, "no expiration date",
+		"Command help should explain that recent bundles have no expiration")
+
+	// Verify pruning explanation is updated
+	assert.Contains(t, trackBundleCmd.Long, "expired entries are removed",
+		"Command help should explain pruning removes expired entries")
+
+	// Verify the in-effect-days flag is still documented (backward compatibility)
+	foundFlag := false
+	trackBundleCmd.Flags().VisitAll(func(flag *pflag.Flag) {
+		if flag.Name == "in-effect-days" {
+			foundFlag = true
+			assert.Equal(t, "30", flag.DefValue, "Default value should be 30")
+		}
+	})
+	assert.True(t, foundFlag, "in-effect-days flag should still exist for backward compatibility")
+}
+
 func TestPreRunE(t *testing.T) {
 	cases := []struct {
 		name string
diff --git a/docs/modules/ROOT/pages/ec_track_bundle.adoc b/docs/modules/ROOT/pages/ec_track_bundle.adoc
@@ -12,14 +12,14 @@ command will query the registry to determine its value. Either a tag
 or a digest is required.
 
 The output is meant to assist enforcement of policies that ensure the
-most recent Tekton Bundle is used. As such, each entry contains an
-"effective_on" date which is set to 30 days from today. This indicates
-the Tekton Bundle usage should be updated within that period.
-
-If --prune is set, on by default, non-acceptable entries are removed.
-Any entry with an effective_on date in the future, and the entry with
-the most recent effective_on date *not* in the future are considered
-acceptable.
+most recent Tekton Bundle is used. Each entry contains an "expires_on"
+date which indicates when that specific bundle version should no longer
+be used. The most recent bundle has no expiration date, making it the
+current active version.
+
+If --prune is set, on by default, expired entries are removed.
+Any entry with an expires_on date in the future (or no expires_on date)
+is considered acceptable and will be kept.
 
 [source,shell]
 ----
diff --git a/internal/tracker/tracker.go b/internal/tracker/tracker.go
@@ -34,8 +34,7 @@ import (
 const ociPrefix = "oci://"
 
 type taskRecord struct {
-	Ref         string    `json:"ref"`
-	EffectiveOn time.Time `json:"effective_on"`
+	Ref string `json:"ref"`
 	// ExpiresOn should be omitted if there isn't a value. Not using a pointer means it will always
 	// have a value, e.g. 0001-01-01T00:00:00Z.
 	ExpiresOn  *time.Time `json:"expires_on,omitempty"`
@@ -111,20 +110,20 @@ func Track(ctx context.Context, urls []string, input []byte, prune bool, freshen
 
 	imageUrls, gitUrls := groupUrls(urls)
 
-	days := oneDay * time.Duration(inEffectDays)
-	effectiveOn := time.Now().Add(days).UTC().Round(oneDay)
+	// Note: inEffectDays parameter is kept for backward compatibility but no longer used
+	// Records now use creation timestamps instead of future effective dates
 
-	if err := t.trackImageReferences(ctx, imageUrls, freshen, effectiveOn); err != nil {
+	if err := t.trackImageReferences(ctx, imageUrls, freshen); err != nil {
 		return nil, err
 	}
 
-	if err := t.trackGitReferences(ctx, gitUrls, freshen, effectiveOn); err != nil {
+	if err := t.trackGitReferences(ctx, gitUrls, freshen); err != nil {
 		return nil, err
 	}
 
 	t.filterBundles(prune)
 
-	t.setExpiration()
+	t.setExpiration(inEffectDays)
 
 	return t.Output()
 }
@@ -143,7 +142,7 @@ func groupUrls(urls []string) ([]string, []string) {
 	return imgs, gits
 }
 
-func (t *Tracker) trackImageReferences(ctx context.Context, urls []string, freshen bool, effectiveOn time.Time) error {
+func (t *Tracker) trackImageReferences(ctx context.Context, urls []string, freshen bool) error {
 	refs, err := image.ParseAndResolveAll(ctx, urls, name.StrictValidation)
 	if err != nil {
 		return err
@@ -168,18 +167,17 @@ func (t *Tracker) trackImageReferences(ctx context.Context, urls []string, fresh
 
 		if hasTask {
 			t.addTrustedTaskRecord(ociPrefix, taskRecord{
-				Ref:         ref.Digest,
-				Tag:         ref.Tag,
-				EffectiveOn: effectiveOn,
-				Repository:  ref.Repository,
+				Ref:        ref.Digest,
+				Tag:        ref.Tag,
+				Repository: ref.Repository,
 			})
 		}
 	}
 
 	return nil
 }
 
-func (t *Tracker) trackGitReferences(ctx context.Context, urls []string, freshen bool, effectiveOn time.Time) error {
+func (t *Tracker) trackGitReferences(ctx context.Context, urls []string, freshen bool) error {
 	if freshen {
 		log.Debug("Freshen is enabled")
 
@@ -224,9 +222,8 @@ func (t *Tracker) trackGitReferences(ctx context.Context, urls []string, freshen
 		}
 
 		t.addTrustedTaskRecord("", taskRecord{
-			Repository:  fmt.Sprintf("%s//%s", repository, path),
-			Ref:         rev,
-			EffectiveOn: effectiveOn,
+			Repository: fmt.Sprintf("%s//%s", repository, path),
+			Ref:        rev,
 		})
 	}
 
@@ -263,9 +260,7 @@ func (t *Tracker) filterBundles(prune bool) {
 
 // filterRecords reduces the list of records by removing superfluous entries.
 // It removes records that have the same reference in a certain group. If prune is
-// true, it skips any record that is no longer acceptable. Any record with an
-// EffectiveOn date in the future, and the record with the most recent
-// EffectiveOn date *not* in the future are considered acceptable.
+// true, it removes records that have already expired based on their expires_on date.
 func filterRecords(records []taskRecord, prune bool) []taskRecord {
 	now := time.Now().UTC()
 
@@ -290,17 +285,10 @@ func filterRecords(records []taskRecord, prune bool) []taskRecord {
 
 	var relevant []taskRecord
 	if prune {
-		// skip tracks when records should start to be pruned.
-		skip := false
 		for _, r := range unique {
-			if skip {
-				continue
-			}
-			relevant = append(relevant, r)
-			if !skip {
-				if now.After(r.EffectiveOn) {
-					skip = true
-				}
+			// Keep records that haven't expired yet, or records with no expiration date
+			if r.ExpiresOn == nil || now.Before(*r.ExpiresOn) {
+				relevant = append(relevant, r)
 			}
 		}
 	} else {
@@ -314,20 +302,23 @@ func filterRecords(records []taskRecord, prune bool) []taskRecord {
 	return relevant
 }
 
-// setExpiration sets the expires_on attribute on records. The expires_on value for record N is the
-// effective_on value of the n-1 record. The first record on the list does not contain an expires_on
-// value since there is no newer record that invalidates it in the future.
-// TODO: Probably need to compute the expires_on value without requiring the "effective_on" value so
-// we don't have to always require both values. But this may be required during some transition
-// period.
-func (t *Tracker) setExpiration() {
+// setExpiration sets the expires_on attribute on records using a duration-based approach.
+// Each record expires after a configurable duration based on inEffectDays from when it's added.
+// The most recent record (index 0) gets no expiration date, making it the current active record.
+func (t *Tracker) setExpiration(inEffectDays int) {
+	expirationDuration := time.Duration(inEffectDays) * oneDay // Use --in-effect-days flag value
+	now := time.Now().UTC().Round(oneDay)
+
 	for _, records := range t.TrustedTasks {
-		var expiration *time.Time
 		for i := range records {
-			if expiration != nil {
-				records[i].ExpiresOn = expiration
+			if i == 0 {
+				// Most recent record doesn't expire
+				records[i].ExpiresOn = nil
+			} else {
+				// Older records expire after the duration
+				expiresOn := now.Add(expirationDuration)
+				records[i].ExpiresOn = &expiresOn
 			}
-			expiration = &records[i].EffectiveOn
 		}
 	}
 }
diff --git a/internal/tracker/tracker_test.go b/internal/tracker/tracker_test.go
