diff --git a/backend/azureblob/azureblob.go b/backend/azureblob/azureblob.go index 6c46419f5..e52a48133 100644 --- a/backend/azureblob/azureblob.go +++ b/backend/azureblob/azureblob.go @@ -467,12 +467,8 @@ type servicePrincipalCredentials struct { const azureActiveDirectoryEndpoint = "https://login.microsoftonline.com/" const azureStorageEndpoint = "https://storage.azure.com/" -// newServicePrincipalTokenRefresher takes the client ID and secret, and returns a refresh-able access token. -func newServicePrincipalTokenRefresher(ctx context.Context, credentialsData []byte) (azblob.TokenRefresher, error) { - var spCredentials servicePrincipalCredentials - if err := json.Unmarshal(credentialsData, &spCredentials); err != nil { - return nil, fmt.Errorf("error parsing credentials from JSON file: %w", err) - } +// newServicePrincipalTokenRefresher takes a servicePrincipalCredentials structure and returns a refresh-able access token. +func newServicePrincipalTokenRefresher(ctx context.Context, spCredentials servicePrincipalCredentials) (azblob.TokenRefresher, error) { oauthConfig, err := adal.NewOAuthConfig(azureActiveDirectoryEndpoint, spCredentials.Tenant) if err != nil { return nil, fmt.Errorf("error creating oauth config: %w", err) @@ -729,8 +725,12 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e if err != nil { return nil, fmt.Errorf("error opening service principal credentials file: %w", err) } + var spCredentials servicePrincipalCredentials + if err := json.Unmarshal(loadedCreds, &spCredentials); err != nil { + return nil, fmt.Errorf("error parsing credentials from JSON file: %w", err) + } // Create a token refresher from service principal credentials. - tokenRefresher, err := newServicePrincipalTokenRefresher(ctx, loadedCreds) + tokenRefresher, err := newServicePrincipalTokenRefresher(ctx, spCredentials) if err != nil { return nil, fmt.Errorf("failed to create a service principal token: %w", err) } diff --git a/backend/azureblob/azureblob_test.go b/backend/azureblob/azureblob_test.go index f9ebd7b3d..f12bb177a 100644 --- a/backend/azureblob/azureblob_test.go +++ b/backend/azureblob/azureblob_test.go @@ -7,6 +7,7 @@ package azureblob import ( "context" + "encoding/json" "testing" "github.com/rclone/rclone/fs" @@ -42,7 +43,11 @@ func TestServicePrincipalFileSuccess(t *testing.T) { "tenant": "my active directory tenant ID" } ` - tokenRefresher, err := newServicePrincipalTokenRefresher(ctx, []byte(credentials)) + var spCredentials servicePrincipalCredentials + jerr := json.Unmarshal([]byte(credentials), &spCredentials) + assert.Nil(t, jerr) + + tokenRefresher, err := newServicePrincipalTokenRefresher(ctx, spCredentials) if assert.NoError(t, err) { assert.NotNil(t, tokenRefresher) } @@ -57,7 +62,11 @@ func TestServicePrincipalFileFailure(t *testing.T) { "tenant": "my active directory tenant ID" } ` - _, err := newServicePrincipalTokenRefresher(ctx, []byte(credentials)) + var spCredentials servicePrincipalCredentials + jerr := json.Unmarshal([]byte(credentials), &spCredentials) + assert.Nil(t, jerr) + + _, err := newServicePrincipalTokenRefresher(ctx, spCredentials) assert.Error(t, err) assert.EqualError(t, err, "error creating service principal token: parameter 'secret' cannot be empty") }