feat: support alibaba cloud rrsa store auth provider

[DahuK]

Description

What this PR does / why we need it:

Support using Alibaba Cloud RAM Roles for Service Accounts(RRSA) to pull artifacts from a private Alibaba Cloud Container Registry (ACR) with an ACR specific auth token.

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):

Fixes #

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Helm Chart Change (any edit/addition/update that is necessary for changes merged to the main branch)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration

• basic unit test cases to create/enable/provide alibabacloud acr basic auth provider

In addition, I have local built the testing image contains the changes in this PR，and tested in the Alibaba Cloud ACK cluster to verify fetch the signature metadata of a private images in the Aliababa Cloud ACR repository by using the store authProvider based on the new RRSA configuration. The more instructions will be added in the subsequent document PR.

Checklist:

• Does the affected code have corresponding tests?
• Are the changes documented, not just with inline documentation, but also with conceptual documentation such as an overview of a new feature, or task-based documentation like a tutorial? Consider if this change should be announced on your project blog.
• Does this introduce breaking changes that would require an announcement or bumping the major version?
• Do all new files have appropriate license header?

Post Merge Requirements

• MAINTAINERS: manually trigger the "Publish Package" workflow after merging any PR that indicates Helm Chart Change

[codecov]

Codecov Report

Attention: Patch coverage is 87.60331% with 15 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
.../authprovider/alibabacloud/alibabacloudacrbasic.go	86.23%	11 Missing and 4 partials ⚠️

Files with missing lines	Coverage Δ
...kg/common/oras/authprovider/alibabacloud/helper.go	100.00% <100.00%> (ø)
...kg/common/oras/authprovider/authproviderfactory.go	62.85% <ø> (ø)
pkg/referrerstore/oras/oras.go	73.91% <ø> (-6.22%)	⬇️
.../authprovider/alibabacloud/alibabacloudacrbasic.go	86.23% <86.23%> (ø)

... and 28 files with indirect coverage changes

[susanshi]

Hi @DahuK ,
thanks so much for adding the alibaba auth provider. The group of us have discussed during the PR review meeting, and here are the notes:

• we are aiming for unit test coverage at 80%, would it be possible to add more coverage for alibabacloudacrauthtypes.go and alibabacloudacrbasic.go
• maybe as a sperate PR, are you looking to add e2e test similar to azure-test.bats
• also as a seperate PR, might be good to add to auth provider docs at supported auth providers

[susanshi]

Hi @DahuK ,please also review the lint report and resolve the merge conflict. let us know if you have any questions

[DahuK]

Hi @DahuK , thanks so much for adding the alibaba auth provider. The group of us have discussed during the PR review meeting, and here are the notes:

• we are aiming for unit test coverage at 80%, would it be possible to add more coverage for alibabacloudacrauthtypes.go and alibabacloudacrbasic.go
• maybe as a sperate PR, are you looking to add e2e test similar to azure-test.bats
• also as a seperate PR, might be good to add to auth provider docs at supported auth providers

Thanks your reviewing and sorry for the late response!

• I have added some ut for the coverage
• For company compliance policies we may not be able to provide our credentials as accesskey/secret, however we may be able to add some e2e bats for local testing in another PR
• Yes, I will add the provider docs this weekend in another PR

[binbin-li]

left some minor comments, lgtm overall

[susanshi]

thanks for the update! left some clarification questions

[susanshi]

Hi @DahuK , thanks for the latest updates, the change looks good. Please resolve the latest go.mod conflicts , this PR is almost ready to merge. @junczhu , @binbin-li please take a look if conversation should be resolved. thanks all

[binbin-li]

lgtm, thanks for adding support for alibaba and unit tests!

[binbin-li]

@DahuK the PR is good to go, could you sign the commit following it: https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits

[DahuK]

@DahuK the PR is good to go, could you sign the commit following it: https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits

Thanks! the commit is signed.