From 6f3682c12f1c2abda5438a9c35baa6b191f5504f Mon Sep 17 00:00:00 2001
From: Nathaniel Wesley Filardo <nfilardo@microsoft.com>
Date: Mon, 14 Nov 2022 04:11:44 +0000
Subject: [PATCH] azureblob: make newServicePrincipalTokenRefresher take parsed
 principal structure

---
 backend/azureblob/azureblob.go      | 14 +++++++-------
 backend/azureblob/azureblob_test.go | 13 +++++++++++--
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/backend/azureblob/azureblob.go b/backend/azureblob/azureblob.go
index 6c46419f5..e52a48133 100644
--- a/backend/azureblob/azureblob.go
+++ b/backend/azureblob/azureblob.go
@@ -467,12 +467,8 @@ type servicePrincipalCredentials struct {
 const azureActiveDirectoryEndpoint = "https://login.microsoftonline.com/"
 const azureStorageEndpoint = "https://storage.azure.com/"
 
-// newServicePrincipalTokenRefresher takes the client ID and secret, and returns a refresh-able access token.
-func newServicePrincipalTokenRefresher(ctx context.Context, credentialsData []byte) (azblob.TokenRefresher, error) {
-	var spCredentials servicePrincipalCredentials
-	if err := json.Unmarshal(credentialsData, &spCredentials); err != nil {
-		return nil, fmt.Errorf("error parsing credentials from JSON file: %w", err)
-	}
+// newServicePrincipalTokenRefresher takes a servicePrincipalCredentials structure and returns a refresh-able access token.
+func newServicePrincipalTokenRefresher(ctx context.Context, spCredentials servicePrincipalCredentials) (azblob.TokenRefresher, error) {
 	oauthConfig, err := adal.NewOAuthConfig(azureActiveDirectoryEndpoint, spCredentials.Tenant)
 	if err != nil {
 		return nil, fmt.Errorf("error creating oauth config: %w", err)
@@ -729,8 +725,12 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		if err != nil {
 			return nil, fmt.Errorf("error opening service principal credentials file: %w", err)
 		}
+		var spCredentials servicePrincipalCredentials
+		if err := json.Unmarshal(loadedCreds, &spCredentials); err != nil {
+			return nil, fmt.Errorf("error parsing credentials from JSON file: %w", err)
+		}
 		// Create a token refresher from service principal credentials.
-		tokenRefresher, err := newServicePrincipalTokenRefresher(ctx, loadedCreds)
+		tokenRefresher, err := newServicePrincipalTokenRefresher(ctx, spCredentials)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create a service principal token: %w", err)
 		}
diff --git a/backend/azureblob/azureblob_test.go b/backend/azureblob/azureblob_test.go
index f9ebd7b3d..f12bb177a 100644
--- a/backend/azureblob/azureblob_test.go
+++ b/backend/azureblob/azureblob_test.go
@@ -7,6 +7,7 @@ package azureblob
 
 import (
 	"context"
+	"encoding/json"
 	"testing"
 
 	"github.com/rclone/rclone/fs"
@@ -42,7 +43,11 @@ func TestServicePrincipalFileSuccess(t *testing.T) {
     "tenant": "my active directory tenant ID"
 }
 `
-	tokenRefresher, err := newServicePrincipalTokenRefresher(ctx, []byte(credentials))
+	var spCredentials servicePrincipalCredentials
+	jerr := json.Unmarshal([]byte(credentials), &spCredentials)
+	assert.Nil(t, jerr)
+
+	tokenRefresher, err := newServicePrincipalTokenRefresher(ctx, spCredentials)
 	if assert.NoError(t, err) {
 		assert.NotNil(t, tokenRefresher)
 	}
@@ -57,7 +62,11 @@ func TestServicePrincipalFileFailure(t *testing.T) {
     "tenant": "my active directory tenant ID"
 }
 `
-	_, err := newServicePrincipalTokenRefresher(ctx, []byte(credentials))
+	var spCredentials servicePrincipalCredentials
+	jerr := json.Unmarshal([]byte(credentials), &spCredentials)
+	assert.Nil(t, jerr)
+
+	_, err := newServicePrincipalTokenRefresher(ctx, spCredentials)
 	assert.Error(t, err)
 	assert.EqualError(t, err, "error creating service principal token: parameter 'secret' cannot be empty")
 }