Skip to content

Commit 90464b5

Browse files
r4f4r4f4
committed
storage: azure: use azidentity with adapter
ADAL is being deprecated. By using an adapter, we can use the new azidentity with the V1 SDK clients.
1 parent 8556fd4 commit 90464b5

File tree

1 file changed

+24
-7
lines changed

1 file changed

+24
-7
lines changed

pkg/storage/azure/azure.go

Lines changed: 24 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -11,12 +11,15 @@ import (
1111
"time"
1212

1313
"github.com/Azure/azure-pipeline-go/pipeline"
14+
"github.com/Azure/azure-sdk-for-go/sdk/azcore"
15+
"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
16+
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
1417
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2019-06-01/storage"
1518
"github.com/Azure/azure-storage-blob-go/azblob"
1619
"github.com/Azure/go-autorest/autorest"
1720
autorestazure "github.com/Azure/go-autorest/autorest/azure"
18-
"github.com/Azure/go-autorest/autorest/azure/auth"
1921
"github.com/Azure/go-autorest/autorest/to"
22+
"github.com/jongio/azidext/go/azidext"
2023

2124
corev1 "k8s.io/api/core/v1"
2225
"k8s.io/apimachinery/pkg/api/errors"
@@ -299,16 +302,30 @@ func (d *driver) storageAccountsClient(cfg *Azure, environment autorestazure.Env
299302
if d.authorizer != nil {
300303
storageAccountsClient.Authorizer = d.authorizer
301304
} else {
302-
clientCredentialsConfig := auth.NewClientCredentialsConfig(cfg.ClientID, cfg.ClientSecret, cfg.TenantID)
303-
clientCredentialsConfig.Resource = environment.TokenAudience
304-
clientCredentialsConfig.AADEndpoint = environment.ActiveDirectoryEndpoint
305-
306-
auth, err := clientCredentialsConfig.Authorizer()
305+
cloudConfig := cloud.Configuration{
306+
ActiveDirectoryAuthorityHost: environment.ActiveDirectoryEndpoint,
307+
Services: map[cloud.ServiceName]cloud.ServiceConfiguration{
308+
cloud.ResourceManager: {
309+
Audience: environment.TokenAudience,
310+
Endpoint: environment.ResourceManagerEndpoint,
311+
},
312+
},
313+
}
314+
options := azidentity.ClientSecretCredentialOptions{
315+
ClientOptions: azcore.ClientOptions{
316+
Cloud: cloudConfig,
317+
},
318+
}
319+
cred, err := azidentity.NewClientSecretCredential(cfg.TenantID, cfg.ClientID, cfg.ClientSecret, &options)
307320
if err != nil {
308321
return storage.AccountsClient{}, err
309322
}
323+
scope := environment.TokenAudience
324+
if !strings.HasSuffix(scope, "/.default") {
325+
scope += "/.default"
326+
}
310327

311-
storageAccountsClient.Authorizer = auth
328+
storageAccountsClient.Authorizer = azidext.NewTokenCredentialAdapter(cred, []string{scope})
312329
}
313330

314331
if d.sender != nil {

0 commit comments

Comments
 (0)