-
Notifications
You must be signed in to change notification settings - Fork 150
/
azblob.go
77 lines (65 loc) · 2.71 KB
/
azblob.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package config
import (
"fmt"
"log"
"os"
"github.com/Azure/azure-sdk-for-go/sdk/azcore"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/buchgr/bazel-remote/v2/cache/azblobproxy"
)
type AzBlobStorageConfig struct {
StorageAccount string `yaml:"storage_account"`
ContainerName string `yaml:"container_name"`
Prefix string `yaml:"prefix"`
AuthMethod string `yaml:"auth_method"`
TenantID string `yaml:"tenant_id"`
ClientID string `yaml:"client_id"`
ClientSecret string `yaml:"client_secret"`
CertPath string `yaml:"cert_path"`
SharedKey string `yaml:"shared_key"`
UpdateTimestamps bool `yaml:"update_timestamps"`
}
func (azblobc AzBlobStorageConfig) GetCredentials() (azcore.TokenCredential, error) {
if azblobc.AuthMethod == azblobproxy.AuthMethodDefault {
log.Println("AzBlob Credentials: using Default Credentials")
return azidentity.NewDefaultAzureCredential(nil)
}
if azblobc.AuthMethod == azblobproxy.AuthMethodSharedKey {
log.Println("AzBlob Credentials: using Shared Key")
// Special case beacuse the shared key credential doesn't implement TokenCredential
return nil, nil
}
if azblobc.AuthMethod == azblobproxy.AuthMethodClientCertificate {
log.Println("AzBlob Credentials: using client certificate credentials")
certData, err := os.ReadFile(azblobc.CertPath)
if err != nil {
return nil, fmt.Errorf(`failed to read certificate file "%s": %v`, azblobc.CertPath, err)
}
certs, key, err := azidentity.ParseCertificates(certData, nil)
if err != nil {
return nil, fmt.Errorf(`failed to load certificate from "%s": %v`, azblobc.CertPath, err)
}
if azblobc.TenantID == "" {
return nil, fmt.Errorf("An Azure blob tenant ID is required.")
}
if azblobc.ClientID == "" {
return nil, fmt.Errorf("An Azure blob client ID is required with auth method client_certificate.")
}
return azidentity.NewClientCertificateCredential(azblobc.TenantID, azblobc.ClientID, certs, key, nil)
}
if azblobc.AuthMethod == azblobproxy.AuthMethodClientSecret {
if azblobc.TenantID == "" {
return nil, fmt.Errorf("An Azure blob tenant ID is required.")
}
if azblobc.ClientID == "" {
return nil, fmt.Errorf("An Azure blob client ID is required with auth method client_secret.")
}
log.Println("AzBlob Credentials: using client secret credentials")
return azidentity.NewClientSecretCredential(azblobc.TenantID, azblobc.ClientID, azblobc.ClientSecret, nil)
}
if azblobc.AuthMethod == azblobproxy.AuthMethodEnvironmentCredential {
log.Println("AzBlob Credentials: using client secret credentials")
return azidentity.NewEnvironmentCredential(nil)
}
return nil, fmt.Errorf("invalid azblob.auth_method: %s", azblobc.AuthMethod)
}