Add ability to update tier credentials for Azure service principal ac…

cmd/ilm-tier-edit.go

@@ -47,6 +47,21 @@ var adminTierEditFlags = []cli.Flag{
 		Value: "",
 		Usage: "Azure Blob Storage account key",
 	},
+	cli.StringFlag{
+		Name:  "az-sp-tenant-id",
+		Value: "",
+		Usage: "Directory ID for the Azure service principal account",
+	},
+	cli.StringFlag{
+		Name:  "az-sp-client-id",
+		Value: "",
+		Usage: "The client ID of the Azure service principal account",
+	},
+	cli.StringFlag{
+		Name:  "az-sp-client-secret",
+		Value: "",
+		Usage: "The client secret of the Azure service principal account",
+	},
 	cli.StringFlag{
 		Name:  "credentials-file",
 		Value: "",
@@ -114,18 +129,29 @@ func mainAdminTierEdit(ctx *cli.Context) error {
 	var creds madmin.TierCreds
 	accessKey := ctx.String("access-key")
 	secretKey := ctx.String("secret-key")
-	accountKey := ctx.String("account-key")
 	credsPath := ctx.String("credentials-file")
 	useAwsRole := ctx.IsSet("use-aws-role")
 
+	// Azure, either account-key or one of the 3 service principal flags are required
+	accountKey := ctx.String("account-key")
+	azSPTenantID := ctx.String("az-sp-tenant-id")
+	azSPClientID := ctx.String("az-sp-client-id")
+	azSPClientSecret := ctx.String("az-sp-client-secret")
+
 	switch {
 	case accessKey != "" && secretKey != "" && !useAwsRole: // S3 tier
 		creds.AccessKey = accessKey
 		creds.SecretKey = secretKey
 	case useAwsRole:
 		creds.AWSRole = true
-	case accountKey != "": // Azure tier
+	case accountKey != "": // Azure tier, account key given
 		creds.SecretKey = accountKey
+	case azSPTenantID != "" || azSPClientID != "" || azSPClientSecret != "": // Azure tier, SP creds given
+		creds.AzSP = madmin.ServicePrincipalAuth{
+			TenantID:     azSPTenantID,
+			ClientID:     azSPClientID,
+			ClientSecret: azSPClientSecret,
+		}
 	case credsPath != "": // GCS tier
 		credsBytes, e := os.ReadFile(credsPath)
 		fatalIf(probe.NewError(e), "Unable to read credentials file at %s", credsPath)