improve credentials provider

Author: ndyakov

credentials_provider.go

@@ -1,3 +1,6 @@
+// Package entraid provides a credentials provider that manages token retrieval and notifies listeners
+// of token updates. It implements the auth.StreamingCredentialsProvider interface and is designed
+// for use with the Redis authentication system.
 package entraid
 
 import (
@@ -14,19 +17,20 @@ var _ auth.StreamingCredentialsProvider = (*entraidCredentialsProvider)(nil)
 
 // entraidCredentialsProvider is a struct that implements the StreamingCredentialsProvider interface.
 type entraidCredentialsProvider struct {
-	options CredentialsProviderOptions
+	options CredentialsProviderOptions // Configuration options for the provider.
 
-	tokenManager       manager.TokenManager
-	cancelTokenManager manager.CancelFunc
+	tokenManager       manager.TokenManager // Manages token retrieval.
+	cancelTokenManager manager.CancelFunc   // Function to cancel the token manager.
 
 	// listeners is a slice of listeners that are notified when the token manager receives a new token.
-	listeners []auth.CredentialsListener
+	listeners []auth.CredentialsListener // Slice of listeners notified on token updates.
 
 	// rwLock is a mutex that is used to synchronize access to the listeners slice.
-	rwLock sync.RWMutex
+	rwLock sync.RWMutex // Mutex for synchronizing access to the listeners slice.
 }
 
 // onTokenNext is a method that is called when the token manager receives a new token.
+// It notifies all registered listeners with the new token.
 func (e *entraidCredentialsProvider) onTokenNext(t *token.Token) {
 	e.rwLock.RLock()
 	defer e.rwLock.RUnlock()
@@ -37,7 +41,7 @@ func (e *entraidCredentialsProvider) onTokenNext(t *token.Token) {
 }
 
 // onTokenError is a method that is called when the token manager encounters an error.
-// It notifies all listeners with the error.
+// It notifies all registered listeners with the error.
 func (e *entraidCredentialsProvider) onTokenError(err error) {
 	e.rwLock.RLock()
 	defer e.rwLock.RUnlock()
@@ -48,11 +52,18 @@ func (e *entraidCredentialsProvider) onTokenError(err error) {
 	}
 }
 
-// Subscribe subscribes to the credentials provider and returns a channel that will receive updates.
-// The first response is blocking, then data will notify the listener.
-// The listener will be notified with the credentials when they are available.
-// The listener will be notified with an error if there is an error obtaining the credentials.
-// The caller can cancel the subscription by calling the cancel function which is the second return value.
+// Subscribe subscribes a listener to the credentials provider.
+// It returns the current credentials, a cancel function to unsubscribe, and an error if the subscription fails.
+//
+// Parameters:
+// - listener: The listener that will receive updates about token changes.
+//
+// Returns:
+// - auth.Credentials: The current credentials for the listener.
+// - auth.CancelProviderFunc: A function that can be called to unsubscribe the listener.
+// - error: An error if the subscription fails, such as if the token cannot be retrieved.
+//
+// Note: If the listener is already subscribed, it will not receive duplicate notifications.
 func (e *entraidCredentialsProvider) Subscribe(listener auth.CredentialsListener) (auth.Credentials, auth.CancelProviderFunc, error) {
 	e.rwLock.Lock()
 	// Check if the listener is already in the list of listeners.
@@ -83,17 +94,20 @@ func (e *entraidCredentialsProvider) Subscribe(listener auth.CredentialsListener
 		// Remove the listener from the list of listeners.
 		e.rwLock.Lock()
 		defer e.rwLock.Unlock()
+
 		for i, l := range e.listeners {
 			if l == listener {
 				e.listeners = append(e.listeners[:i], e.listeners[i+1:]...)
 				break
 			}
 		}
+
+		// Clear the listeners slice if it's empty
 		if len(e.listeners) == 0 {
+			e.listeners = make([]auth.CredentialsListener, 0)
 			if e.cancelTokenManager != nil {
 				defer func() {
 					e.cancelTokenManager = nil
-					e.listeners = nil
 				}()
 				return e.cancelTokenManager()
 			}
@@ -104,21 +118,21 @@ func (e *entraidCredentialsProvider) Subscribe(listener auth.CredentialsListener
 	return token, cancel, nil
 }
 
-// NewCredentialsProvider creates a new credentials provider.
-// It takes a TokenManager and CredentialProviderOptions as arguments and returns a StreamingCredentialsProvider interface.
-// The TokenManager is used to obtain the token, and the CredentialProviderOptions contains options for the credentials provider.
-// The credentials provider is responsible for managing the credentials and refreshing them when necessary.
-// It returns an error if the token manager cannot be started.
+// NewCredentialsProvider creates a new credentials provider with the specified token manager and options.
+// It returns a StreamingCredentialsProvider interface and an error if the token manager cannot be started.
+//
+// Parameters:
+// - tokenManager: The TokenManager used to obtain tokens.
+// - options: Options for configuring the credentials provider.
 //
-// This function is typically used when you need to create a custom credentials provider with a specific token manager.
-// For most use cases, it's recommended to use the type-specific constructors:
-// - NewManagedIdentityCredentialsProvider for managed identity authentication
-// - NewConfidentialCredentialsProvider for client secret or certificate authentication
-// - NewDefaultAzureCredentialsProvider for default Azure identity authentication
+// Returns:
+// - auth.StreamingCredentialsProvider: The newly created credentials provider.
+// - error: An error if the token manager cannot be started.
 func NewCredentialsProvider(tokenManager manager.TokenManager, options CredentialsProviderOptions) (auth.StreamingCredentialsProvider, error) {
 	cp := &entraidCredentialsProvider{
 		tokenManager: tokenManager,
 		options:      options,
+		listeners:    make([]auth.CredentialsListener, 0),
 	}
 	cancelTokenManager, err := cp.tokenManager.Start(tokenListenerFromCP(cp))
 	if err != nil {