feat: introducing the auth package (removing bascule and jwt dependency)

- removed bascule and jwt dependency (and related code) by introducing the `auth` package
- ancla will receive cred principal and partner IDs via context and not via bascule

Update mock.go

Author: denopink

auth/acquire.go

@@ -0,0 +1,10 @@
+// SPDX-FileCopyrightText: 2025 Comcast Cable Communications Management, LLC
+// SPDX-License-Identifier: Apache-2.0
+
+package auth
+
+// Acquirer acquires the credential for http request authorization headers.
+type Acquirer interface {
+	// Acquire gets a credential string.
+	Acquire() (string, error)
+}

auth/context.go

@@ -0,0 +1,32 @@
+// SPDX-FileCopyrightText: 2025 Comcast Cable Communications Management, LLC
+// SPDX-License-Identifier: Apache-2.0
+
+package auth
+
+import "context"
+
+type PartnerIDsKey struct{}
+
+type PrincipalKey struct{}
+
+// SetPrincipal adds the security principal to the context given, e.g. the user name or client id.
+func SetPrincipal(ctx context.Context, p string) context.Context {
+	return context.WithValue(ctx, PrincipalKey{}, p)
+}
+
+// GetPrincipal gets the security principal from the context provided.
+func GetPrincipal(ctx context.Context) (p string, ok bool) {
+	p, ok = ctx.Value(PrincipalKey{}).(string)
+	return
+}
+
+// SetPartnerIDs adds the list of partner IDs to the context given.
+func SetPartnerIDs(ctx context.Context, ids []string) context.Context {
+	return context.WithValue(ctx, PartnerIDsKey{}, ids)
+}
+
+// GetPartnerIDs gets the list of partner IDs from the context provided.
+func GetPartnerIDs(ctx context.Context) (ids []string, ok bool) {
+	ids, ok = ctx.Value(PartnerIDsKey{}).([]string)
+	return
+}

auth/mock.go

@@ -0,0 +1,17 @@
+// SPDX-FileCopyrightText: 2025 Comcast Cable Communications Management, LLC
+// SPDX-License-Identifier: Apache-2.0
+package auth
+
+import (
+	"github.com/stretchr/testify/mock"
+)
+
+type MockAquirer struct {
+	mock.Mock
+}
+
+func (m *MockAquirer) Acquire() (string, error) {
+	args := m.Called()
+
+	return args.String(0), args.Error(1)
+}

chrysom/basicClient.go

@@ -12,8 +12,8 @@ import (
 	"io"
 	"net/http"
 
+	"github.com/xmidt-org/ancla/auth"
 	"github.com/xmidt-org/ancla/model"
-	"github.com/xmidt-org/bascule/acquire"
 	"go.uber.org/zap"
 )
 
@@ -58,24 +58,18 @@ type BasicClientConfig struct {
 
 	// Auth provides the mechanism to add auth headers to outgoing requests.
 	// (Optional) If not provided, no auth headers are added.
-	Auth Auth
+	Auth auth.Acquirer
 }
 
 // BasicClient is the client used to make requests to Argus.
 type BasicClient struct {
 	client       *http.Client
-	auth         acquire.Acquirer
+	auth         auth.Acquirer
 	storeBaseURL string
 	bucket       string
 	getLogger    func(context.Context) *zap.Logger
 }
 
-// Auth contains authorization data for requests to Argus.
-type Auth struct {
-	JWT   acquire.RemoteBearerTokenAcquirerOptions
-	Basic string
-}
-
 type response struct {
 	Body             []byte
 	ArgusErrorHeader string
@@ -101,19 +95,13 @@ func NewBasicClient(config BasicClientConfig,
 		return nil, err
 	}
 
-	tokenAcquirer, err := buildTokenAcquirer(config.Auth)
-	if err != nil {
-		return nil, err
-	}
-	clientStore := &BasicClient{
+	return &BasicClient{
 		client:       config.HTTPClient,
-		auth:         tokenAcquirer,
+		auth:         config.Auth,
 		bucket:       config.Bucket,
 		storeBaseURL: config.Address + storeAPIPath,
 		getLogger:    getLogger,
-	}
-
-	return clientStore, nil
+	}, nil
 }
 
 // GetItems fetches all items that belong to a given owner.
@@ -213,32 +201,39 @@ func (c *BasicClient) sendRequest(ctx context.Context, owner, method, url string
 	if err != nil {
 		return response{}, fmt.Errorf(errWrappedFmt, errNewRequestFailure, err.Error())
 	}
-	err = acquire.AddAuth(r, c.auth)
-	if err != nil {
-		return response{}, fmt.Errorf(errWrappedFmt, ErrAuthAcquirerFailure, err.Error())
-	}
+
 	if len(owner) > 0 {
 		r.Header.Set(ItemOwnerHeaderKey, owner)
 	}
+
+	if c.auth != nil {
+		auth, err := c.auth.Acquire()
+		if err != nil {
+			return response{}, errors.Join(ErrAuthAcquirerFailure, err)
+		}
+
+		r.Header.Set("Authorization", auth)
+	}
+
 	resp, err := c.client.Do(r)
 	if err != nil {
 		return response{}, fmt.Errorf(errWrappedFmt, errDoRequestFailure, err.Error())
 	}
+
 	defer resp.Body.Close()
-	var sqResp = response{
+
+	sqResp := response{
 		Code:             resp.StatusCode,
 		ArgusErrorHeader: resp.Header.Get(XmidtErrorHeaderKey),
 	}
 	bodyBytes, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return sqResp, fmt.Errorf(errWrappedFmt, errReadingBodyFailure, err.Error())
 	}
+
 	sqResp.Body = bodyBytes
-	return sqResp, nil
-}
 
-func isEmpty(options acquire.RemoteBearerTokenAcquirerOptions) bool {
-	return len(options.AuthURL) < 1 || options.Buffer == 0 || options.Timeout == 0
+	return sqResp, nil
 }
 
 // translateNonSuccessStatusCode returns as specific error
@@ -254,15 +249,6 @@ func translateNonSuccessStatusCode(code int) error {
 	}
 }
 
-func buildTokenAcquirer(auth Auth) (acquire.Acquirer, error) {
-	if !isEmpty(auth.JWT) {
-		return acquire.NewRemoteBearerTokenAcquirer(auth.JWT)
-	} else if len(auth.Basic) > 0 {
-		return acquire.NewFixedAuthAcquirer(auth.Basic)
-	}
-	return &acquire.DefaultAcquirer{}, nil
-}
-
 func validateBasicConfig(config *BasicClientConfig) error {
 	if config.Address == "" {
 		return ErrAddressEmpty