add few more tests

Author: ndyakov

.github/workflows/codeql.yml

@@ -1,3 +1,4 @@
+#file: noinspection GrazieInspection,GrazieInspection
 # For most projects, this workflow file will not need changing; you simply need
 # to commit it to your repository.
 #
@@ -55,6 +56,7 @@ jobs:
         # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
         # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
         # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    # noinspection GrazieInspection,GrazieInspection
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4

.golangci.yml

@@ -0,0 +1,5 @@
+version: 2
+linters:
+  disable:
+    - depguard
+

confidential_identity_provider.go

@@ -6,7 +6,7 @@ import (
 	"crypto/x509"
 	"fmt"
 
-	confidential "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
+	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
 )
 
 // ConfidentialIdentityProviderOptions represents the options for the confidential identity provider.

credentials_provider.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"sync"
 
-	auth "github.com/redis/go-redis/v9/auth"
+	"github.com/redis/go-redis/v9/auth"
 )
 
 // entraidCredentialsProvider implements the auth.StreamingCredentialsProvider interface.

entraid_test.go

@@ -1,6 +1,8 @@
 package entraid
 
 import (
+	"net"
+
 	"github.com/stretchr/testify/mock"
 )
 
@@ -17,3 +19,26 @@ func (m *mockIdentityProvider) RequestToken() (IdentityProviderResponse, error)
 
 // Ensure mockIdentityProvider implements the IdentityProvider interface
 var _ IdentityProvider = (*mockIdentityProvider)(nil)
+
+type mockError struct {
+	// Mock implementation of the network error
+	error
+	isTimeout   bool
+	isTemporary bool
+}
+
+func (m *mockError) Timeout() bool {
+	return m.isTimeout
+}
+func (m *mockError) Temporary() bool {
+	return m.isTemporary
+}
+func (m *mockError) Unwrap() error {
+	return m.error
+}
+
+func (m *mockError) Is(err error) bool {
+	return m.error == err
+}
+
+var _ net.Error = (*mockError)(nil)

qodana.yaml

@@ -0,0 +1,29 @@
+#-------------------------------------------------------------------------------#
+#               Qodana analysis is configured by qodana.yaml file               #
+#             https://www.jetbrains.com/help/qodana/qodana-yaml.html            #
+#-------------------------------------------------------------------------------#
+version: "1.0"
+
+#Specify inspection profile for code analysis
+profile:
+  name: qodana.starter
+
+#Enable inspections
+#include:
+#  - name: <SomeEnabledInspectionId>
+
+#Disable inspections
+#exclude:
+#  - name: <SomeDisabledInspectionId>
+#    paths:
+#      - <path/where/not/run/inspection>
+
+#Execute shell command before Qodana execution (Applied in CI/CD pipeline)
+#bootstrap: sh ./prepare-qodana.sh
+
+#Install IDE plugins before Qodana execution (Applied in CI/CD pipeline)
+#plugins:
+#  - id: <plugin.id> #(plugin id can be found at https://plugins.jetbrains.com)
+
+#Specify Qodana linter for analysis (Applied in CI/CD pipeline)
+linter: jetbrains/qodana-go:2024.3

token_manager.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"
 	"net"
+	"os"
 	"sync"
 	"time"
 
@@ -21,23 +22,20 @@ type TokenManagerOptions struct {
 	//
 	// default: 0.7
 	ExpirationRefreshRatio float64
-
 	// LowerRefreshBoundMs is the lower bound for the refresh time in milliseconds.
 	// Represents the minimum time in milliseconds before token expiration to trigger a refresh, in milliseconds.
 	// This value sets a fixed lower bound for when a token refresh should occur, regardless
 	// of the token's total lifetime.
 	//
 	// default: 0 ms (no lower bound, refresh based on ExpirationRefreshRatio)
 	LowerRefreshBoundMs int64
-
 	// IdentityProviderResponseParser is a function that parses the IdentityProviderResponse.
 	// The function takes the response and based on its type returns the populated Token object.
 	// If this function is not provided, the default implementation will be used.
 	//
 	// required: true
 	// default: defaultIdentityProviderResponseParser
 	IdentityProviderResponseParser IdentityProviderResponseParserFunc
-
 	// RetryOptions is a struct that contains the options for retrying the token request.
 	// It contains the maximum number of attempts, initial delay, maximum delay, and backoff multiplier.
 	//
@@ -83,7 +81,7 @@ type TokenManager interface {
 }
 
 // defaultIdentityProviderResponseParser is a function that parses the token and returns the username and password.
-var defaultIdentityProviderResponseParser = func(response IdentityProviderResponse) (*Token, error) {
+var defaultIdentityProviderResponseParser IdentityProviderResponseParserFunc = func(response IdentityProviderResponse) (*Token, error) {
 	var username, password, rawToken string
 	var expiresOn time.Time
 	if response == nil {
@@ -253,7 +251,7 @@ func (e *entraidTokenManager) GetToken() (*Token, error) {
 // cancelFunc is a function that cancels the token manager.
 type cancelFunc func() error
 
-// TokenListener is a interface that contains the methods for receiving updates from the token manager.
+// TokenListener is an interface that contains the methods for receiving updates from the token manager.
 // The token manager will call the listener's OnTokenNext method with the updated token.
 // If an error occurs, the token manager will call the listener's OnTokenError method with the error.
 type TokenListener interface {
@@ -371,16 +369,18 @@ func (e *entraidTokenManager) Close() error {
 // defaultRetryableFunc is a function that checks if the error is retryable.
 // It takes an error as an argument and returns a boolean value.
 // The function checks if the error is a net.Error and if it is a timeout or temporary error.
-var defaultRetryableFunc = func(err error) bool {
+var defaultIsRetryable func(err error) bool = func(err error) bool {
 	var netErr net.Error
 	if err == nil {
 		return true
 	}
 
+	// nolint:staticcheck // SA1019 deprecated netErr.Temporary
 	if ok := errors.As(err, &netErr); ok {
-		return netErr.Timeout()
+		return netErr.Timeout() || netErr.Temporary()
 	}
-	return false
+
+	return errors.Is(err, os.ErrDeadlineExceeded)
 }
 
 // defaultRetryOptionsOr returns the default retry options if the provided options are not set.
@@ -389,7 +389,7 @@ var defaultRetryableFunc = func(err error) bool {
 // The values can be overridden by the user.
 func defaultRetryOptionsOr(retryOptions RetryOptions) RetryOptions {
 	if retryOptions.IsRetryable == nil {
-		retryOptions.IsRetryable = defaultRetryableFunc
+		retryOptions.IsRetryable = defaultIsRetryable
 	}
 
 	if retryOptions.MaxAttempts <= 0 {

token_manager_test.go

@@ -1,10 +1,13 @@
 package entraid
 
 import (
+	"fmt"
+	"os"
 	"reflect"
 	"runtime"
 	"testing"
 
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -67,11 +70,63 @@ func TestTokenManagerWithOptions(t *testing.T) {
 		assert.True(t, ok)
 		assert.Equal(t, DefaultExpirationRefreshRatio, tm.expirationRefreshRatio)
 		assert.NotNil(t, tm.retryOptions.IsRetryable)
-		assertFuncNameMatches(t, tm.retryOptions.IsRetryable, defaultRetryableFunc)
+		assertFuncNameMatches(t, tm.retryOptions.IsRetryable, defaultIsRetryable)
 		assert.Equal(t, DefaultRetryOptionsMaxAttempts, tm.retryOptions.MaxAttempts)
 		assert.Equal(t, DefaultRetryOptionsInitialDelayMs, tm.retryOptions.InitialDelayMs)
 		assert.Equal(t, DefaultRetryOptionsMaxDelayMs, tm.retryOptions.MaxDelayMs)
 		assert.Equal(t, DefaultRetryOptionsBackoffMultiplier, tm.retryOptions.BackoffMultiplier)
+	})
+}
+
+func TestDefaultIdentityProviderResponseParserOr(t *testing.T) {
+	t.Parallel()
+	var f IdentityProviderResponseParserFunc = func(response IdentityProviderResponse) (*Token, error) {
+		return nil, nil
+	}
+
+	result := defaultIdentityProviderResponseParserOr(f)
+	assert.NotNil(t, result)
+	assertFuncNameMatches(t, result, f)
+
+	defaultFunc := defaultIdentityProviderResponseParserOr(nil)
+	assert.NotNil(t, defaultFunc)
+	assertFuncNameMatches(t, defaultFunc, defaultIdentityProviderResponseParser)
+}
+
+func TestDefaultIsRetryable(t *testing.T) {
+	t.Parallel()
+	// with network error timeout
+	t.Run("Non-Retryable Error", func(t *testing.T) {
+		err := &azcore.ResponseError{
+			StatusCode: 500,
+		}
+		is := defaultIsRetryable(err)
+		assert.False(t, is)
+	})
+
+	t.Run("Nil Error", func(t *testing.T) {
+		var err error
+		is := defaultIsRetryable(err)
+		assert.True(t, is)
+
+		is = defaultIsRetryable(nil)
+		assert.True(t, is)
+	})
+
+	t.Run("Retryable Error with Timeout", func(t *testing.T) {
+		err := &mockError{isTimeout: true}
+		result := defaultIsRetryable(err)
+		assert.True(t, result)
+	})
+	t.Run("Retryable Error with Temporary", func(t *testing.T) {
+		err := &mockError{isTemporary: true}
+		result := defaultIsRetryable(err)
+		assert.True(t, result)
+	})
 
+	t.Run("Retryable Error with err parent of os.ErrDeadlineExceeded", func(t *testing.T) {
+		err := fmt.Errorf("timeout: %w", os.ErrDeadlineExceeded)
+		res := defaultIsRetryable(err)
+		assert.True(t, res)
 	})
 }