Remove deprecated auto-login flags

Remove support for deprecated auto-login controller flags:
- --aws-autologin-for-ecr
- --gcp-autologin-for-gcr
- --azure-autologin-for-acr

These flags have been deprecated since v0.25.0 and users should
migrate to using the .spec.provider field in ImageRepository objects.

The following changes are made:
- Remove flag definitions and variables from main.go
- Remove DeprecatedLoginOpts field from ImageRepositoryReconciler
- Remove deprecated login options handling from registry options
- Clean up unused imports (errors, aws, azure, gcp packages)
- Clarify switch statement logic for provider auto-login

Breaking change: Auto-login flags no longer work and will cause
the controller to fail with "flag provided but not defined" error.
Users must update their ImageRepository objects to use .spec.provider.

Signed-off-by: cappyzawa <[email protected]>

Author: cappyzawa

internal/controller/imagerepository_controller.go

@@ -111,8 +111,7 @@ type ImageRepositoryReconciler struct {
 		DatabaseWriter
 		DatabaseReader
 	}
-	DeprecatedLoginOpts []auth.Provider
-	AuthOptionsGetter   *registry.AuthOptionsGetter
+	AuthOptionsGetter *registry.AuthOptionsGetter
 
 	patchOptions []patch.Option
 }
@@ -270,7 +269,7 @@ func (r *ImageRepositoryReconciler) reconcile(ctx context.Context, sp *patch.Ser
 		Namespace: obj.GetNamespace(),
 		Operation: cache.OperationReconcile,
 	}
-	opts, err := r.AuthOptionsGetter.GetOptions(ctx, obj, involvedObject, r.DeprecatedLoginOpts...)
+	opts, err := r.AuthOptionsGetter.GetOptions(ctx, obj, involvedObject)
 	if err != nil {
 		e := fmt.Errorf("failed to configure authentication options: %w", err)
 		conditions.MarkFalse(obj, meta.ReadyCondition, imagev1.AuthenticationFailedReason, "%s", e)

internal/registry/options.go

@@ -57,7 +57,7 @@ type AuthOptionsGetter struct {
 }
 
 func (r *AuthOptionsGetter) GetOptions(ctx context.Context, repo *imagev1.ImageRepository,
-	involvedObject *cache.InvolvedObject, deprecatedLoginOpts ...auth.Provider) ([]remote.Option, error) {
+	involvedObject *cache.InvolvedObject) ([]remote.Option, error) {
 	timeout := repo.GetTimeout()
 	ctx, cancel := context.WithTimeout(ctx, timeout)
 	defer cancel()
@@ -104,9 +104,10 @@ func (r *AuthOptionsGetter) GetOptions(ctx context.Context, repo *imagev1.ImageR
 		if proxyURL != nil {
 			opts = append(opts, auth.WithProxyURL(*proxyURL))
 		}
+		// Auto-login is only supported for specific cloud providers
 		switch provider := repo.GetProvider(); provider {
 		case aws.ProviderName, azure.ProviderName, gcp.ProviderName:
-			// Support new features (service account and cache) only for non-deprecated code paths.
+			// Cloud provider auto-login with service account and cache support
 			if repo.Spec.ServiceAccountName != "" {
 				serviceAccount := client.ObjectKey{
 					Name:      repo.Spec.ServiceAccountName,
@@ -118,15 +119,10 @@ func (r *AuthOptionsGetter) GetOptions(ctx context.Context, repo *imagev1.ImageR
 				opts = append(opts, auth.WithCache(*r.TokenCache, *involvedObject))
 			}
 			authenticator, authErr = authutils.GetArtifactRegistryCredentials(ctx, provider, repo.Spec.Image, opts...)
+		case "generic":
+			// No auto-login for generic provider
 		default:
-			// Handle deprecated auto-login controller flags.
-			for _, provider := range deprecatedLoginOpts {
-				if _, err := provider.ParseArtifactRepository(repo.Spec.Image); err == nil {
-					authenticator, authErr = authutils.GetArtifactRegistryCredentials(ctx,
-						provider.GetName(), repo.Spec.Image, opts...)
-					break
-				}
-			}
+			// Unknown provider - no auto-login (maintains backward compatibility)
 		}
 	}
 	if authErr != nil {

main.go

@@ -17,7 +17,6 @@ limitations under the License.
 package main
 
 import (
-	"errors"
 	"fmt"
 	"os"
 	"time"
@@ -38,9 +37,6 @@ import (
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 
 	"github.com/fluxcd/pkg/auth"
-	"github.com/fluxcd/pkg/auth/aws"
-	"github.com/fluxcd/pkg/auth/azure"
-	"github.com/fluxcd/pkg/auth/gcp"
 	pkgcache "github.com/fluxcd/pkg/cache"
 	"github.com/fluxcd/pkg/runtime/acl"
 	"github.com/fluxcd/pkg/runtime/client"
@@ -96,9 +92,6 @@ func main() {
 		storageValueLogFileSize int64
 		gcInterval              uint16 // max value is 65535 minutes (~ 45 days) which is well under the maximum time.Duration
 		concurrent              int
-		awsAutoLogin            bool
-		gcpAutoLogin            bool
-		azureAutoLogin          bool
 		aclOptions              acl.Options
 		rateLimiterOptions      helper.RateLimiterOptions
 		featureGates            feathelper.FeatureGates
@@ -113,11 +106,6 @@ func main() {
 	flag.Uint16Var(&gcInterval, "gc-interval", 10, "The number of minutes to wait between garbage collections. 0 disables the garbage collector.")
 	flag.IntVar(&concurrent, "concurrent", 4, "The number of concurrent resource reconciles.")
 
-	// NOTE: Deprecated flags.
-	flag.BoolVar(&awsAutoLogin, "aws-autologin-for-ecr", false, "(AWS) Attempt to get credentials for images in Elastic Container Registry, when no secret is referenced")
-	flag.BoolVar(&gcpAutoLogin, "gcp-autologin-for-gcr", false, "(GCP) Attempt to get credentials for images in Google Container Registry, when no secret is referenced")
-	flag.BoolVar(&azureAutoLogin, "azure-autologin-for-acr", false, "(Azure) Attempt to get credentials for images in Azure Container Registry, when no secret is referenced")
-
 	clientOptions.BindFlags(flag.CommandLine)
 	logOptions.BindFlags(flag.CommandLine)
 	leaderElectionOptions.BindFlags(flag.CommandLine)
@@ -131,12 +119,6 @@ func main() {
 
 	logger.SetLogger(logger.NewLogger(logOptions))
 
-	if awsAutoLogin || gcpAutoLogin || azureAutoLogin {
-		setupLog.Error(errors.New("use of deprecated flags"),
-			"autologin flags have been deprecated. These flags will be removed in a future release."+
-				" Please update the respective ImageRepository objects with .spec.provider field.")
-	}
-
 	if err := featureGates.WithLogger(setupLog).SupportedFeatures(features.FeatureGates()); err != nil {
 		setupLog.Error(err, "unable to load feature gates")
 		os.Exit(1)
@@ -265,31 +247,19 @@ func main() {
 		}
 	}
 
-	var deprecatedLoginOpts []auth.Provider
-	if awsAutoLogin {
-		deprecatedLoginOpts = append(deprecatedLoginOpts, aws.Provider{})
-	}
-	if azureAutoLogin {
-		deprecatedLoginOpts = append(deprecatedLoginOpts, azure.Provider{})
-	}
-	if gcpAutoLogin {
-		deprecatedLoginOpts = append(deprecatedLoginOpts, gcp.Provider{})
-	}
-
 	authOptionsGetter := &registry.AuthOptionsGetter{
 		Client:     mgr.GetClient(),
 		TokenCache: tokenCache,
 	}
 
 	if err := (&controller.ImageRepositoryReconciler{
-		Client:              mgr.GetClient(),
-		EventRecorder:       eventRecorder,
-		Metrics:             metricsH,
-		Database:            db,
-		ControllerName:      controllerName,
-		TokenCache:          tokenCache,
-		AuthOptionsGetter:   authOptionsGetter,
-		DeprecatedLoginOpts: deprecatedLoginOpts,
+		Client:            mgr.GetClient(),
+		EventRecorder:     eventRecorder,
+		Metrics:           metricsH,
+		Database:          db,
+		ControllerName:    controllerName,
+		TokenCache:        tokenCache,
+		AuthOptionsGetter: authOptionsGetter,
 	}).SetupWithManager(mgr, controller.ImageRepositoryReconcilerOptions{
 		RateLimiter: helper.GetRateLimiter(rateLimiterOptions),
 	}); err != nil {