azureblob: make newServicePrincipalTokenRefresher take parsed principal structure

This commit is contained in:
Nathaniel Wesley Filardo 2022-11-14 04:11:44 +00:00 committed by Nick Craig-Wood
parent e3d593d40c
commit 6f3682c12f
2 changed files with 18 additions and 9 deletions

View file

@ -467,12 +467,8 @@ type servicePrincipalCredentials struct {
const azureActiveDirectoryEndpoint = "https://login.microsoftonline.com/"
const azureStorageEndpoint = "https://storage.azure.com/"
// newServicePrincipalTokenRefresher takes the client ID and secret, and returns a refresh-able access token.
func newServicePrincipalTokenRefresher(ctx context.Context, credentialsData []byte) (azblob.TokenRefresher, error) {
var spCredentials servicePrincipalCredentials
if err := json.Unmarshal(credentialsData, &spCredentials); err != nil {
return nil, fmt.Errorf("error parsing credentials from JSON file: %w", err)
}
// newServicePrincipalTokenRefresher takes a servicePrincipalCredentials structure and returns a refresh-able access token.
func newServicePrincipalTokenRefresher(ctx context.Context, spCredentials servicePrincipalCredentials) (azblob.TokenRefresher, error) {
oauthConfig, err := adal.NewOAuthConfig(azureActiveDirectoryEndpoint, spCredentials.Tenant)
if err != nil {
return nil, fmt.Errorf("error creating oauth config: %w", err)
@ -729,8 +725,12 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
if err != nil {
return nil, fmt.Errorf("error opening service principal credentials file: %w", err)
}
var spCredentials servicePrincipalCredentials
if err := json.Unmarshal(loadedCreds, &spCredentials); err != nil {
return nil, fmt.Errorf("error parsing credentials from JSON file: %w", err)
}
// Create a token refresher from service principal credentials.
tokenRefresher, err := newServicePrincipalTokenRefresher(ctx, loadedCreds)
tokenRefresher, err := newServicePrincipalTokenRefresher(ctx, spCredentials)
if err != nil {
return nil, fmt.Errorf("failed to create a service principal token: %w", err)
}

View file

@ -7,6 +7,7 @@ package azureblob
import (
"context"
"encoding/json"
"testing"
"github.com/rclone/rclone/fs"
@ -42,7 +43,11 @@ func TestServicePrincipalFileSuccess(t *testing.T) {
"tenant": "my active directory tenant ID"
}
`
tokenRefresher, err := newServicePrincipalTokenRefresher(ctx, []byte(credentials))
var spCredentials servicePrincipalCredentials
jerr := json.Unmarshal([]byte(credentials), &spCredentials)
assert.Nil(t, jerr)
tokenRefresher, err := newServicePrincipalTokenRefresher(ctx, spCredentials)
if assert.NoError(t, err) {
assert.NotNil(t, tokenRefresher)
}
@ -57,7 +62,11 @@ func TestServicePrincipalFileFailure(t *testing.T) {
"tenant": "my active directory tenant ID"
}
`
_, err := newServicePrincipalTokenRefresher(ctx, []byte(credentials))
var spCredentials servicePrincipalCredentials
jerr := json.Unmarshal([]byte(credentials), &spCredentials)
assert.Nil(t, jerr)
_, err := newServicePrincipalTokenRefresher(ctx, spCredentials)
assert.Error(t, err)
assert.EqualError(t, err, "error creating service principal token: parameter 'secret' cannot be empty")
}