forked from TrueCloudLab/rclone
2fd543c989
Before: users can only connect to Azure blob containers using the access keys from the storage account. After: users can additionally choose connect to Azure blob containers using service principals. This uses OAuth2 under the hood to exchange a client ID and client secret for a short-lived access token. Ref: - https://github.com/rclone/rclone/issues/3230 - https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-app?tabs=dotnet#well-known-values-for-authentication-with-azure-ad - https://docs.microsoft.com/en-us/azure/developer/go/azure-sdk-authorization#available-authentication-types-and-methods - https://gist.github.com/ItalyPaleAle/ec6498bfa81a96f9ca27a2da6f60a770
69 lines
1.8 KiB
Go
69 lines
1.8 KiB
Go
// Test AzureBlob filesystem interface
|
|
|
|
// +build !plan9,!solaris,!js,go1.13
|
|
|
|
package azureblob
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/rclone/rclone/fs"
|
|
"github.com/rclone/rclone/fstest/fstests"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
// TestIntegration runs integration tests against the remote
|
|
func TestIntegration(t *testing.T) {
|
|
fstests.Run(t, &fstests.Opt{
|
|
RemoteName: "TestAzureBlob:",
|
|
NilObject: (*Object)(nil),
|
|
TiersToTest: []string{"Hot", "Cool"},
|
|
ChunkedUpload: fstests.ChunkedUploadConfig{
|
|
MaxChunkSize: maxChunkSize,
|
|
},
|
|
})
|
|
}
|
|
|
|
func (f *Fs) SetUploadChunkSize(cs fs.SizeSuffix) (fs.SizeSuffix, error) {
|
|
return f.setUploadChunkSize(cs)
|
|
}
|
|
|
|
func (f *Fs) SetUploadCutoff(cs fs.SizeSuffix) (fs.SizeSuffix, error) {
|
|
return f.setUploadCutoff(cs)
|
|
}
|
|
|
|
var (
|
|
_ fstests.SetUploadChunkSizer = (*Fs)(nil)
|
|
_ fstests.SetUploadCutoffer = (*Fs)(nil)
|
|
)
|
|
|
|
// TestServicePrincipalFileSuccess checks that, given a proper JSON file, we can create a token.
|
|
func TestServicePrincipalFileSuccess(t *testing.T) {
|
|
ctx := context.TODO()
|
|
credentials := `
|
|
{
|
|
"appId": "my application (client) ID",
|
|
"password": "my secret",
|
|
"tenant": "my active directory tenant ID"
|
|
}
|
|
`
|
|
tokenRefresher, err := newServicePrincipalTokenRefresher(ctx, []byte(credentials))
|
|
if assert.NoError(t, err) {
|
|
assert.NotNil(t, tokenRefresher)
|
|
}
|
|
}
|
|
|
|
// TestServicePrincipalFileFailure checks that, given a JSON file with a missing secret, it returns an error.
|
|
func TestServicePrincipalFileFailure(t *testing.T) {
|
|
ctx := context.TODO()
|
|
credentials := `
|
|
{
|
|
"appId": "my application (client) ID",
|
|
"tenant": "my active directory tenant ID"
|
|
}
|
|
`
|
|
_, err := newServicePrincipalTokenRefresher(ctx, []byte(credentials))
|
|
assert.Error(t, err)
|
|
assert.EqualError(t, err, "error creating service principal token: parameter 'secret' cannot be empty")
|
|
}
|