diff --git a/internal/backend/azure/azure.go b/internal/backend/azure/azure.go index de58df374..4ccfb9664 100644 --- a/internal/backend/azure/azure.go +++ b/internal/backend/azure/azure.go @@ -101,23 +101,21 @@ func open(cfg Config, rt http.RoundTripper) (*Backend, error) { if err != nil { return nil, errors.Wrap(err, "NewAccountSASClientFromEndpointToken") } - } else if cfg.ForceCliCredential { - debug.Log(" - using AzureCLICredential") - - cred, err := azidentity.NewAzureCLICredential(nil) - if err != nil { - return nil, errors.Wrap(err, "NewAzureCLICredential") - } - - client, err = azContainer.NewClient(url, cred, opts) - if err != nil { - return nil, errors.Wrap(err, "NewClient") - } } else { - debug.Log(" - using DefaultAzureCredential") - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - return nil, errors.Wrap(err, "NewDefaultAzureCredential") + var cred azcore.TokenCredential + + if cfg.ForceCliCredential { + debug.Log(" - using AzureCLICredential") + cred, err = azidentity.NewAzureCLICredential(nil) + if err != nil { + return nil, errors.Wrap(err, "NewAzureCLICredential") + } + } else { + debug.Log(" - using DefaultAzureCredential") + cred, err = azidentity.NewDefaultAzureCredential(nil) + if err != nil { + return nil, errors.Wrap(err, "NewDefaultAzureCredential") + } } client, err = azContainer.NewClient(url, cred, opts)