ItalyPaleAle · February 7, 2020 02:21
diff --git a/authorize.go b/authorize.go
 package main

 import (
 	"fmt"
 	"time"

 	"github.com/Azure/azure-storage-blob-go/azblob"
 	"github.com/Azure/go-autorest/autorest"
 	"github.com/Azure/go-autorest/autorest/adal"
 	"github.com/Azure/go-autorest/autorest/azure"
 )

 // Details of the Azure Service Principal: Tenant ID, Client ID (App ID), Client Secret (App Secret)
 const azureTenantID = "..."
 const azureClientID = "..."
 const azureClientSecret = "..."

 /*
 How to authenticate with Azure Storage SDK for Go:

 ````go
 credential, err := GetAzureStorageCredentials()
 if err != nil {
  return err
 }
 azureStoragePipeline := azblob.NewPipeline(credential, azblob.PipelineOptions{
 	Retry: azblob.RetryOptions{
 		MaxTries: 3,
 	},
 })
 ````

 Then use the `azureStoragePipeline` object in the Azure Storage SDK for Go.
 */

 // Cache
 var (
 	azureEnv         *azure.Environment
 	azureOAuthConfig *adal.OAuthConfig
 )

 // Initializes the authentication objects for Azure
 func initAzure() error {
 	// Get Azure environment properties
 	env, err := azure.EnvironmentFromName("AZUREPUBLICCLOUD")
 	azureEnv = &env
 	if err != nil {
 		return err
 	}
 	azureOAuthConfig, err = adal.NewOAuthConfig(azureEnv.ActiveDirectoryEndpoint, azureTenantID)
 	if err != nil {
 		return err
 	}
 	if azureOAuthConfig == nil {
 		return fmt.Errorf("unable to configure authentication for Azure tenant %s", azureTenantID)
 	}

 	return nil
 }

 // GetAzureEndpoint returns the endpoint for the Azure service
 // Service can be one of:
 // - "azure" for Azure Resource Manager
 // - "keyvault" for Azure Key Vault
 // - "storage" for Azure Storage
 func GetAzureEndpoint(service string) (endpoint string, err error) {
 	// Check if we've built the objects already
 	if azureOAuthConfig == nil || azureEnv == nil {
 		err = initAzure()
 		if err != nil {
 			return
 		}
 	}

 	switch service {
 	case "azure":
 		endpoint = azureEnv.ResourceManagerEndpoint
 		break
 	case "keyvault":
 		endpoint = azureEnv.ResourceIdentifiers.KeyVault
 		break
 	case "storage":
 		endpoint = azureEnv.ResourceIdentifiers.Storage
 		break
 	}

 	return
 }

 // GetAzureStorageEndpointSuffix returns the endpoint suffix for Azure Storage in this environment
 func GetAzureStorageEndpointSuffix() (string, error) {
 	if azureEnv == nil {
 		err := initAzure()
 		if err != nil {
 			return "", err
 		}
 	}

 	return azureEnv.StorageEndpointSuffix, nil
 }

 // GetAzureOAuthConfig returns the adal.OAuthConfig object that can be used to authenticate against Azure resources
 func GetAzureOAuthConfig() (*adal.OAuthConfig, error) {
 	// Check if we've built the objects already
 	if azureOAuthConfig == nil || azureEnv == nil {
 		err := initAzure()
 		if err != nil {
 			return nil, err
 		}
 	}

 	return azureOAuthConfig, nil
 }

 // GetAzureAuthorizer returns the autorest.Authorizer object for the Azure SDK, for a given service
 // See GetAzureEndpoint for the list of services
 func GetAzureAuthorizer(service string) (autorest.Authorizer, error) {
 	// Get the Service Principal token
 	spt, err := GetAzureServicePrincipalToken(service)
 	if err != nil {
 		return nil, err
 	}

 	// Build the authorizer
 	authorizer := autorest.NewBearerAuthorizer(spt)

 	return authorizer, nil
 }

 // GetAzureServicePrincipalToken returns a Service Principal token inside an adal.ServicePrincipalToken object, for a given service
 // Note that the returned token needs to be refreshed with the `Refresh()` method right away before it can be used
 // See GetAzureEndpoint for the list of services
 func GetAzureServicePrincipalToken(service string) (*adal.ServicePrincipalToken, error) {
 	// Get the OAuth configuration
 	oauthConfig, err := GetAzureOAuthConfig()
 	if err != nil {
 		return nil, err
 	}

 	// Get the endpoint
 	endpoint, err := GetAzureEndpoint(service)
 	if err != nil {
 		return nil, err
 	}

 	// Service Principal-based authorization
 	spt, err := adal.NewServicePrincipalToken(*oauthConfig, azureClientID, azureClientSecret, endpoint)
 	if err != nil {
 		return nil, err
 	}

 	return spt, nil
 }

 // GetAzureStorageCredentials returns a azblob.Credential object that can be used to authenticate an Azure Blob Storage SDK pipeline
 func GetAzureStorageCredentials() (azblob.Credential, error) {
 	// Azure Storage authorization
 	spt, err := GetAzureServicePrincipalToken("storage")
 	if err != nil {
 		return nil, err
 	}

 	// Token refresher function
 	var tokenRefresher azblob.TokenRefresher
 	tokenRefresher = func(credential azblob.TokenCredential) time.Duration {
 		logger.Println("Refreshing Azure Storage auth token")

 		// Get a new token
 		err := spt.Refresh()
 		if err != nil {
 			panic(err)
 		}
 		token := spt.Token()
 		credential.SetToken(token.AccessToken)

 		// Return the expiry time (2 minutes before the token expires)
 		exp := token.Expires().Sub(time.Now().Add(2 * time.Minute))
 		logger.Println("Received new token, valid for", exp)
 		return exp
 	}

 	// Credential object
 	credential := azblob.NewTokenCredential("", tokenRefresher)
 	return credential, nil
 }
	package main

	import (
	"fmt"
	"time"

	"github.com/Azure/azure-storage-blob-go/azblob"
	"github.com/Azure/go-autorest/autorest"
	"github.com/Azure/go-autorest/autorest/adal"
	"github.com/Azure/go-autorest/autorest/azure"
	)

	// Details of the Azure Service Principal: Tenant ID, Client ID (App ID), Client Secret (App Secret)
	const azureTenantID = "..."
	const azureClientID = "..."
	const azureClientSecret = "..."

	/*
	How to authenticate with Azure Storage SDK for Go:

	````go
	credential, err := GetAzureStorageCredentials()
	if err != nil {
	return err
	}
	azureStoragePipeline := azblob.NewPipeline(credential, azblob.PipelineOptions{
	Retry: azblob.RetryOptions{
	MaxTries: 3,
	},
	})
	````

	Then use the `azureStoragePipeline` object in the Azure Storage SDK for Go.
	*/

	// Cache
	var (
	azureEnv *azure.Environment
	azureOAuthConfig *adal.OAuthConfig
	)

	// Initializes the authentication objects for Azure
	func initAzure() error {
	// Get Azure environment properties
	env, err := azure.EnvironmentFromName("AZUREPUBLICCLOUD")
	azureEnv = &env
	if err != nil {
	return err
	}
	azureOAuthConfig, err = adal.NewOAuthConfig(azureEnv.ActiveDirectoryEndpoint, azureTenantID)
	if err != nil {
	return err
	}
	if azureOAuthConfig == nil {
	return fmt.Errorf("unable to configure authentication for Azure tenant %s", azureTenantID)
	}

	return nil
	}

	// GetAzureEndpoint returns the endpoint for the Azure service
	// Service can be one of:
	// - "azure" for Azure Resource Manager
	// - "keyvault" for Azure Key Vault
	// - "storage" for Azure Storage
	func GetAzureEndpoint(service string) (endpoint string, err error) {
	// Check if we've built the objects already
	if azureOAuthConfig == nil \|\| azureEnv == nil {
	err = initAzure()
	if err != nil {
	return
	}
	}

	switch service {
	case "azure":
	endpoint = azureEnv.ResourceManagerEndpoint
	break
	case "keyvault":
	endpoint = azureEnv.ResourceIdentifiers.KeyVault
	break
	case "storage":
	endpoint = azureEnv.ResourceIdentifiers.Storage
	break
	}

	return
	}

	// GetAzureStorageEndpointSuffix returns the endpoint suffix for Azure Storage in this environment
	func GetAzureStorageEndpointSuffix() (string, error) {
	if azureEnv == nil {
	err := initAzure()
	if err != nil {
	return "", err
	}
	}

	return azureEnv.StorageEndpointSuffix, nil
	}

	// GetAzureOAuthConfig returns the adal.OAuthConfig object that can be used to authenticate against Azure resources
	func GetAzureOAuthConfig() (*adal.OAuthConfig, error) {
	// Check if we've built the objects already
	if azureOAuthConfig == nil \|\| azureEnv == nil {
	err := initAzure()
	if err != nil {
	return nil, err
	}
	}

	return azureOAuthConfig, nil
	}

	// GetAzureAuthorizer returns the autorest.Authorizer object for the Azure SDK, for a given service
	// See GetAzureEndpoint for the list of services
	func GetAzureAuthorizer(service string) (autorest.Authorizer, error) {
	// Get the Service Principal token
	spt, err := GetAzureServicePrincipalToken(service)
	if err != nil {
	return nil, err
	}

	// Build the authorizer
	authorizer := autorest.NewBearerAuthorizer(spt)

	return authorizer, nil
	}

	// GetAzureServicePrincipalToken returns a Service Principal token inside an adal.ServicePrincipalToken object, for a given service
	// Note that the returned token needs to be refreshed with the `Refresh()` method right away before it can be used
	// See GetAzureEndpoint for the list of services
	func GetAzureServicePrincipalToken(service string) (*adal.ServicePrincipalToken, error) {
	// Get the OAuth configuration
	oauthConfig, err := GetAzureOAuthConfig()
	if err != nil {
	return nil, err
	}

	// Get the endpoint
	endpoint, err := GetAzureEndpoint(service)
	if err != nil {
	return nil, err
	}

	// Service Principal-based authorization
	spt, err := adal.NewServicePrincipalToken(*oauthConfig, azureClientID, azureClientSecret, endpoint)
	if err != nil {
	return nil, err
	}

	return spt, nil
	}

	// GetAzureStorageCredentials returns a azblob.Credential object that can be used to authenticate an Azure Blob Storage SDK pipeline
	func GetAzureStorageCredentials() (azblob.Credential, error) {
	// Azure Storage authorization
	spt, err := GetAzureServicePrincipalToken("storage")
	if err != nil {
	return nil, err
	}

	// Token refresher function
	var tokenRefresher azblob.TokenRefresher
	tokenRefresher = func(credential azblob.TokenCredential) time.Duration {
	logger.Println("Refreshing Azure Storage auth token")

	// Get a new token
	err := spt.Refresh()
	if err != nil {
	panic(err)
	}
	token := spt.Token()
	credential.SetToken(token.AccessToken)

	// Return the expiry time (2 minutes before the token expires)
	exp := token.Expires().Sub(time.Now().Add(2 * time.Minute))
	logger.Println("Received new token, valid for", exp)
	return exp
	}

	// Credential object
	credential := azblob.NewTokenCredential("", tokenRefresher)
	return credential, nil
	}