Skip to content

Commit

Permalink
Reverted azure-default-credential handling
Browse files Browse the repository at this point in the history
Signed-off-by: Abhijit Mukherjee <[email protected]>
  • Loading branch information
mabhi committed Oct 25, 2023
1 parent 4a70d33 commit e5978a4
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 35 deletions.
35 changes: 3 additions & 32 deletions pkg/blockstorage/azure/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,6 @@ func isMSICredsAvailable(config map[string]string) bool {
config[blockstorage.AzureClientSecret] == ""
}

func isDefaultCredsAvailable(config map[string]string) bool {
_, clientIDok := config[blockstorage.AzureClientID]
_, tenantIDok := config[blockstorage.AzureTenantID]
_, clientSecretOk := config[blockstorage.AzureClientSecret]
return !clientIDok && !tenantIDok && !clientSecretOk
}

type ClientCredentialsConfig struct {
ClientID string
ClientSecret string
Expand Down Expand Up @@ -72,32 +65,11 @@ func NewAzureAuthenticator(config map[string]string) (AzureAuthenticator, error)
return &MsiAuthenticator{}, nil
case isClientCredsAvailable(config):
return &ClientSecretAuthenticator{}, nil
case isDefaultCredsAvailable(config):
return &DefaultAuthenticator{}, nil
default:
return nil, errors.New("Fail to get an authenticator for provided creds combination")
}
}

// authenticate with default credential
type DefaultAuthenticator struct {
azcore.TokenCredential
}

func (d *DefaultAuthenticator) GetAuthorizer() azcore.TokenCredential {
return d.TokenCredential
}

func (d *DefaultAuthenticator) Authenticate(creds map[string]string) error {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
return errors.Wrap(err, "Failed to create an Azure Default Identity credential")
}
d.TokenCredential = cred
// creds passed authentication
return nil
}

// authenticate with MSI creds
type MsiAuthenticator struct {
azcore.TokenCredential
Expand All @@ -106,10 +78,9 @@ type MsiAuthenticator struct {
func (m *MsiAuthenticator) GetAuthorizer() azcore.TokenCredential {
return m.TokenCredential
}
func (m *MsiAuthenticator) Authenticate(creds map[string]string) error {
func (m *MsiAuthenticator) Authenticate(config map[string]string) error {
// check if MSI endpoint is available

clientID, ok := creds[blockstorage.AzureClientID]
clientID, ok := config[blockstorage.AzureClientID]
if !ok || clientID == "" {
return errors.New("Failed to fetch azure clientID")
}
Expand All @@ -120,7 +91,7 @@ func (m *MsiAuthenticator) Authenticate(creds map[string]string) error {
return errors.Wrap(err, "Failed to create an Azure Managed Identity credential")
}
m.TokenCredential = cred
// creds passed authentication
// config passed authentication
return nil
}

Expand Down
6 changes: 3 additions & 3 deletions pkg/blockstorage/azure/auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -101,11 +101,11 @@ func (s *AuthSuite) TestNewAzureAuthenticator(c *C) {
c.Assert(err, IsNil)
c.Assert(authenticator, NotNil)

// successful with no creds, but uses azure default credential
// unsuccessful with no creds
config = map[string]string{}
authenticator, err = NewAzureAuthenticator(config)
c.Assert(err, IsNil)
c.Assert(authenticator, NotNil)
c.Assert(err, NotNil)
c.Assert(authenticator, IsNil)

// unsuccessful with an undefined combo of credss
config = map[string]string{
Expand Down

0 comments on commit e5978a4

Please sign in to comment.