Update Azure Go SDK

Signed-off-by: Philip Laine <philip.laine@gmail.com>
fluxcd · Jun 18, 2022 · 41c68f9 · 41c68f9
1 parent 812f6e4
commit 41c68f9
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 17 deletions.
diff --git a/go.mod b/go.mod
@@ -6,9 +6,9 @@ replace github.com/fluxcd/source-controller/api => ./api
 
 require (
  cloud.google.com/go/storage v1.22.1
- github.com/Azure/azure-sdk-for-go/sdk/azcore v0.22.0
- github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.13.2
- github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.3.0
+ github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.0
+ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0
+ github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1
  github.com/Masterminds/semver/v3 v3.1.1
  // github.com/ProtonMail/go-crypto is a fork of golang.org/x/crypto
  // maintained by the ProtonMail team to continue to support the openpgp
@@ -69,9 +69,9 @@ require (
  cloud.google.com/go v0.100.2 // indirect
  cloud.google.com/go/compute v1.6.1 // indirect
  cloud.google.com/go/iam v0.3.0 // indirect
- github.com/Azure/azure-sdk-for-go/sdk/internal v0.9.1 // indirect
+ github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
  github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
- github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0 // indirect
+ github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 // indirect
  github.com/BurntSushi/toml v1.0.0 // indirect
  github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd // indirect
  github.com/Masterminds/goutils v1.1.1 // indirect

diff --git a/go.sum b/go.sum
@@ -61,13 +61,21 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore v0.21.0/go.mod h1:fBF9PQNqB8scdgpZ3
 github.com/Azure/azure-sdk-for-go/sdk/azcore v0.21.1/go.mod h1:fBF9PQNqB8scdgpZ3ufzaLntG0AG7C1WjPMsiFOmfHM=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v0.22.0 h1:zBJcBJwte0x6PcPK7XaWDMvK2o2ZM2f1sMaqNNavQ5g=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v0.22.0/go.mod h1:fBF9PQNqB8scdgpZ3ufzaLntG0AG7C1WjPMsiFOmfHM=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.0 h1:Ut0ZGdOwJDw0npYEg+TLlPls3Pq6JiZaP2/aGKir7Zw=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.13.2 h1:mM/yraAumqMMIYev6zX0oxHqX6hreUs5wXf76W47r38=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.13.2/go.mod h1:+nVKciyKD2J9TyVcEQ82Bo9b+3F92PiQfHrIE/zqLqM=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4SathZPhDhF4mVwpBMFlYjyAqy8=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0/go.mod h1:bhXu1AjYL+wutSL/kpSq6s7733q2Rb0yuot9Zgfqa/0=
 github.com/Azure/azure-sdk-for-go/sdk/internal v0.8.3/go.mod h1:KLF4gFr6DcKFZwSuH8w8yEK6DpFl3LP5rhdvAb7Yz5I=
 github.com/Azure/azure-sdk-for-go/sdk/internal v0.9.1 h1:sLZ/Y+P/5RRtsXWylBjB5lkgixYfm0MQPiwrSX//JSo=
 github.com/Azure/azure-sdk-for-go/sdk/internal v0.9.1/go.mod h1:KLF4gFr6DcKFZwSuH8w8yEK6DpFl3LP5rhdvAb7Yz5I=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.3.0 h1:Px2UA+2RvSSvv+RvJNuUB6n7rs5Wsel4dXLe90Um2n4=
 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.3.0/go.mod h1:tPaiy8S5bQ+S5sOiDlINkp7+Ef339+Nz5L5XO+cnOHo=
+github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1 h1:QSdcrd/UFJv6Bp/CfoVf2SrENpFn9P6Yh8yb+xNhYMM=
+github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1/go.mod h1:eZ4g6GUvXiGulfIbbhh1Xr4XwUYaYaWMqzGD/284wCA=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
@@ -79,6 +87,8 @@ github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0 h1:WVsrXCnHlDDX8ls+tootqRE87/hL9S/g4ewig9RsD/c=
 github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4=
+github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 h1:BWe8a+f/t+7KY7zH2mqygeUD0t8hNFXe08p1Pb3/jKE=
+github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU=
 github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=

diff --git a/pkg/azure/blob.go b/pkg/azure/blob.go
@@ -28,6 +28,7 @@ import (
  "strings"
 
  "github.com/Azure/azure-sdk-for-go/sdk/azcore"
+ "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
  "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
  _ "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
  "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
@@ -56,7 +57,7 @@ const (
 
 // BlobClient is a minimal Azure Blob client for fetching objects.
 type BlobClient struct {
- azblob.ServiceClient
+ *azblob.ServiceClient
 }
 
 // NewClient creates a new Azure Blob storage client.
@@ -162,9 +163,13 @@ func ValidateSecret(secret *corev1.Secret) error {
 // BucketExists returns if an object storage bucket with the provided name
 // exists, or returns a (client) error.
 func (c *BlobClient) BucketExists(ctx context.Context, bucketName string) (bool, error) {
- container := c.ServiceClient.NewContainerClient(bucketName)
- _, err := container.GetProperties(ctx, nil)
+ container, err := c.ServiceClient.NewContainerClient(bucketName)
  if err != nil {
+ return false, err
+ }
+ _, err = container.GetProperties(ctx, nil)
+ if err != nil {
+ // TODO: Think this is now wrapped in an InternalError
  var stgErr *azblob.StorageError
  if errors.As(err, &stgErr) {
  if stgErr.ErrorCode == azblob.StorageErrorCodeContainerNotFound {
@@ -181,8 +186,14 @@ func (c *BlobClient) BucketExists(ctx context.Context, bucketName string) (bool,
 // writes it to targetPath.
 // It returns the etag of the successfully fetched file, or any error.
 func (c *BlobClient) FGetObject(ctx context.Context, bucketName, objectName, localPath string) (string, error) {
- container := c.ServiceClient.NewContainerClient(bucketName)
- blob := container.NewBlobClient(objectName)
+ container, err := c.ServiceClient.NewContainerClient(bucketName)
+ if err != nil {
+ return "", err
+ }
+ blob, err := container.NewBlobClient(objectName)
+ if err != nil {
+ return "", err
+ }
 
  // Verify if destination already exists.
  dirStatus, err := os.Stat(localPath)
@@ -245,13 +256,15 @@ func (c *BlobClient) FGetObject(ctx context.Context, bucketName, objectName, loc
 // If the underlying client or the visit callback returns an error,
 // it returns early.
 func (c *BlobClient) VisitObjects(ctx context.Context, bucketName string, visit func(path, etag string) error) error {
- container := c.ServiceClient.NewContainerClient(bucketName)
+ container, err := c.ServiceClient.NewContainerClient(bucketName)
+ if err != nil {
+ return err
+ }
 
- items := container.ListBlobsFlat(&azblob.ContainerListBlobFlatSegmentOptions{})
+ items := container.ListBlobsFlat(&azblob.ContainerListBlobsFlatOptions{})
  for items.NextPage(ctx) {
  resp := items.PageResponse()
-
- for _, blob := range resp.ContainerListBlobFlatSegmentResult.Segment.BlobItems {
+ for _, blob := range resp.Segment.BlobItems {
  if err := visit(*blob.Name, fmt.Sprintf("%x", *blob.Properties.Etag)); err != nil {
  err = fmt.Errorf("listing objects from bucket '%s' failed: %w", bucketName, err)
  return err
@@ -302,7 +315,7 @@ func tokenCredentialFromSecret(secret *corev1.Secret) (azcore.TokenCredential, e
  if clientSecret, hasClientSecret := secret.Data[clientSecretField]; hasClientSecret && len(clientSecret) > 0 {
  opts := &azidentity.ClientSecretCredentialOptions{}
  if authorityHost, hasAuthorityHost := secret.Data[authorityHostField]; hasAuthorityHost {
- opts.AuthorityHost = azidentity.AuthorityHost(authorityHost)
+ opts.Cloud = cloud.Configuration{ActiveDirectoryAuthorityHost: string(authorityHost)}
  }
  return azidentity.NewClientSecretCredential(string(tenantID), string(clientID), string(clientSecret), opts)
  }
@@ -313,7 +326,7 @@ func tokenCredentialFromSecret(secret *corev1.Secret) (azcore.TokenCredential, e
  }
  opts := &azidentity.ClientCertificateCredentialOptions{}
  if authorityHost, hasAuthorityHost := secret.Data[authorityHostField]; hasAuthorityHost {
- opts.AuthorityHost = azidentity.AuthorityHost(authorityHost)
+ opts.Cloud = cloud.Configuration{ActiveDirectoryAuthorityHost: string(authorityHost)}
  }
  if v, sendChain := secret.Data[clientCertificateSendChainField]; sendChain {
  opts.SendCertificateChain = string(v) == "1" || strings.ToLower(string(v)) == "true"
@@ -360,7 +373,7 @@ func chainCredentialWithSecret(secret *corev1.Secret) (azcore.TokenCredential, e
  credOpts := &azidentity.EnvironmentCredentialOptions{}
  if secret != nil {
  if authorityHost, hasAuthorityHost := secret.Data[authorityHostField]; hasAuthorityHost {
- credOpts.AuthorityHost = azidentity.AuthorityHost(authorityHost)
+ credOpts.Cloud = cloud.Configuration{ActiveDirectoryAuthorityHost: string(authorityHost)}
  }
  }