Update Azure Go SDK

phillebaba · phillebaba · commit 41c68f9cfd0b · 2022-06-18T13:57:21.000+02:00
Signed-off-by: Philip Laine &lt;philip.laine@gmail.com&gt;
diff --git a/go.mod b/go.mod
@@ -6,9 +6,9 @@ replace github.com/fluxcd/source-controller/api => ./api
 
 require (
 	cloud.google.com/go/storage v1.22.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v0.22.0
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.13.2
-	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.3.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0
+	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1
 	github.com/Masterminds/semver/v3 v3.1.1
 	// github.com/ProtonMail/go-crypto is a fork of golang.org/x/crypto
 	// maintained by the ProtonMail team to continue to support the openpgp
@@ -69,9 +69,9 @@ require (
 	cloud.google.com/go v0.100.2 // indirect
 	cloud.google.com/go/compute v1.6.1 // indirect
 	cloud.google.com/go/iam v0.3.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v0.9.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 // indirect
 	github.com/BurntSushi/toml v1.0.0 // indirect
 	github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
diff --git a/go.sum b/go.sum
@@ -61,13 +61,21 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore v0.21.0/go.mod h1:fBF9PQNqB8scdgpZ3
 github.com/Azure/azure-sdk-for-go/sdk/azcore v0.21.1/go.mod h1:fBF9PQNqB8scdgpZ3ufzaLntG0AG7C1WjPMsiFOmfHM=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v0.22.0 h1:zBJcBJwte0x6PcPK7XaWDMvK2o2ZM2f1sMaqNNavQ5g=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v0.22.0/go.mod h1:fBF9PQNqB8scdgpZ3ufzaLntG0AG7C1WjPMsiFOmfHM=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.0 h1:Ut0ZGdOwJDw0npYEg+TLlPls3Pq6JiZaP2/aGKir7Zw=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.13.2 h1:mM/yraAumqMMIYev6zX0oxHqX6hreUs5wXf76W47r38=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.13.2/go.mod h1:+nVKciyKD2J9TyVcEQ82Bo9b+3F92PiQfHrIE/zqLqM=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4SathZPhDhF4mVwpBMFlYjyAqy8=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0/go.mod h1:bhXu1AjYL+wutSL/kpSq6s7733q2Rb0yuot9Zgfqa/0=
 github.com/Azure/azure-sdk-for-go/sdk/internal v0.8.3/go.mod h1:KLF4gFr6DcKFZwSuH8w8yEK6DpFl3LP5rhdvAb7Yz5I=
 github.com/Azure/azure-sdk-for-go/sdk/internal v0.9.1 h1:sLZ/Y+P/5RRtsXWylBjB5lkgixYfm0MQPiwrSX//JSo=
 github.com/Azure/azure-sdk-for-go/sdk/internal v0.9.1/go.mod h1:KLF4gFr6DcKFZwSuH8w8yEK6DpFl3LP5rhdvAb7Yz5I=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.3.0 h1:Px2UA+2RvSSvv+RvJNuUB6n7rs5Wsel4dXLe90Um2n4=
 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.3.0/go.mod h1:tPaiy8S5bQ+S5sOiDlINkp7+Ef339+Nz5L5XO+cnOHo=
+github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1 h1:QSdcrd/UFJv6Bp/CfoVf2SrENpFn9P6Yh8yb+xNhYMM=
+github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1/go.mod h1:eZ4g6GUvXiGulfIbbhh1Xr4XwUYaYaWMqzGD/284wCA=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
@@ -79,6 +87,8 @@ github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0 h1:WVsrXCnHlDDX8ls+tootqRE87/hL9S/g4ewig9RsD/c=
 github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4=
+github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 h1:BWe8a+f/t+7KY7zH2mqygeUD0t8hNFXe08p1Pb3/jKE=
+github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU=
 github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
diff --git a/pkg/azure/blob.go b/pkg/azure/blob.go
@@ -28,6 +28,7 @@ import (
 	"strings"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	_ "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
@@ -56,7 +57,7 @@ const (
 
 // BlobClient is a minimal Azure Blob client for fetching objects.
 type BlobClient struct {
-	azblob.ServiceClient
+	*azblob.ServiceClient
 }
 
 // NewClient creates a new Azure Blob storage client.
@@ -162,9 +163,13 @@ func ValidateSecret(secret *corev1.Secret) error {
 // BucketExists returns if an object storage bucket with the provided name
 // exists, or returns a (client) error.
 func (c *BlobClient) BucketExists(ctx context.Context, bucketName string) (bool, error) {
-	container := c.ServiceClient.NewContainerClient(bucketName)
-	_, err := container.GetProperties(ctx, nil)
+	container, err := c.ServiceClient.NewContainerClient(bucketName)
 	if err != nil {
+		return false, err
+	}
+	_, err = container.GetProperties(ctx, nil)
+	if err != nil {
+		// TODO: Think this is now wrapped in an InternalError
 		var stgErr *azblob.StorageError
 		if errors.As(err, &stgErr) {
 			if stgErr.ErrorCode == azblob.StorageErrorCodeContainerNotFound {
@@ -181,8 +186,14 @@ func (c *BlobClient) BucketExists(ctx context.Context, bucketName string) (bool,
 // writes it to targetPath.
 // It returns the etag of the successfully fetched file, or any error.
 func (c *BlobClient) FGetObject(ctx context.Context, bucketName, objectName, localPath string) (string, error) {
-	container := c.ServiceClient.NewContainerClient(bucketName)
-	blob := container.NewBlobClient(objectName)
+	container, err := c.ServiceClient.NewContainerClient(bucketName)
+	if err != nil {
+		return "", err
+	}
+	blob, err := container.NewBlobClient(objectName)
+	if err != nil {
+		return "", err
+	}
 
 	// Verify if destination already exists.
 	dirStatus, err := os.Stat(localPath)
@@ -245,13 +256,15 @@ func (c *BlobClient) FGetObject(ctx context.Context, bucketName, objectName, loc
 // If the underlying client or the visit callback returns an error,
 // it returns early.
 func (c *BlobClient) VisitObjects(ctx context.Context, bucketName string, visit func(path, etag string) error) error {
-	container := c.ServiceClient.NewContainerClient(bucketName)
+	container, err := c.ServiceClient.NewContainerClient(bucketName)
+	if err != nil {
+		return err
+	}
 
-	items := container.ListBlobsFlat(&azblob.ContainerListBlobFlatSegmentOptions{})
+	items := container.ListBlobsFlat(&azblob.ContainerListBlobsFlatOptions{})
 	for items.NextPage(ctx) {
 		resp := items.PageResponse()
-
-		for _, blob := range resp.ContainerListBlobFlatSegmentResult.Segment.BlobItems {
+		for _, blob := range resp.Segment.BlobItems {
 			if err := visit(*blob.Name, fmt.Sprintf("%x", *blob.Properties.Etag)); err != nil {
 				err = fmt.Errorf("listing objects from bucket '%s' failed: %w", bucketName, err)
 				return err
@@ -302,7 +315,7 @@ func tokenCredentialFromSecret(secret *corev1.Secret) (azcore.TokenCredential, e
 		if clientSecret, hasClientSecret := secret.Data[clientSecretField]; hasClientSecret && len(clientSecret) > 0 {
 			opts := &azidentity.ClientSecretCredentialOptions{}
 			if authorityHost, hasAuthorityHost := secret.Data[authorityHostField]; hasAuthorityHost {
-				opts.AuthorityHost = azidentity.AuthorityHost(authorityHost)
+				opts.Cloud = cloud.Configuration{ActiveDirectoryAuthorityHost: string(authorityHost)}
 			}
 			return azidentity.NewClientSecretCredential(string(tenantID), string(clientID), string(clientSecret), opts)
 		}
@@ -313,7 +326,7 @@ func tokenCredentialFromSecret(secret *corev1.Secret) (azcore.TokenCredential, e
 			}
 			opts := &azidentity.ClientCertificateCredentialOptions{}
 			if authorityHost, hasAuthorityHost := secret.Data[authorityHostField]; hasAuthorityHost {
-				opts.AuthorityHost = azidentity.AuthorityHost(authorityHost)
+				opts.Cloud = cloud.Configuration{ActiveDirectoryAuthorityHost: string(authorityHost)}
 			}
 			if v, sendChain := secret.Data[clientCertificateSendChainField]; sendChain {
 				opts.SendCertificateChain = string(v) == "1" || strings.ToLower(string(v)) == "true"
@@ -360,7 +373,7 @@ func chainCredentialWithSecret(secret *corev1.Secret) (azcore.TokenCredential, e
 	credOpts := &azidentity.EnvironmentCredentialOptions{}
 	if secret != nil {
 		if authorityHost, hasAuthorityHost := secret.Data[authorityHostField]; hasAuthorityHost {
-			credOpts.AuthorityHost = azidentity.AuthorityHost(authorityHost)
+			credOpts.Cloud = cloud.Configuration{ActiveDirectoryAuthorityHost: string(authorityHost)}
 		}
 	}
 
