diff --git a/internal/keystore/azure/client.go b/internal/keystore/azure/client.go index 91fde516..0d6f3073 100644 --- a/internal/keystore/azure/client.go +++ b/internal/keystore/azure/client.go @@ -56,7 +56,7 @@ func (c *client) CreateSecret(ctx context.Context, name, value string) (status, Value: &value, }, &azsecrets.SetSecretOptions{}) if err != nil { - azResp, ok := TransportErrToResponseError(err) + azResp, ok := transportErrToResponseError(err) if !ok { return status{}, err } @@ -137,7 +137,7 @@ func (c *client) GetSecret(ctx context.Context, name, version string) (string, s return "", status{}, err } if err != nil { - azResp, ok := TransportErrToResponseError(err) + azResp, ok := transportErrToResponseError(err) if !ok { return "", status{}, err } @@ -268,7 +268,7 @@ func (c *client) DeleteSecret(ctx context.Context, name string) (status, error) if c.azsecretsClient != nil { _, err := c.azsecretsClient.DeleteSecret(ctx, name, &azsecrets.DeleteSecretOptions{}) if err != nil { - azResp, ok := TransportErrToResponseError(err) + azResp, ok := transportErrToResponseError(err) if !ok { return status{}, err } @@ -323,7 +323,7 @@ func (c *client) PurgeSecret(ctx context.Context, name string) (status, error) { if c.azsecretsClient != nil { _, err := c.azsecretsClient.PurgeDeletedSecret(ctx, name, &azsecrets.PurgeDeletedSecretOptions{}) if err != nil { - azResp, ok := TransportErrToResponseError(err) + azResp, ok := transportErrToResponseError(err) if !ok { return status{}, err } @@ -381,7 +381,7 @@ func (c *client) GetFirstVersion(ctx context.Context, name string) (string, stat if pager.More() { page, err := pager.NextPage(ctx) if err != nil { - azResp, ok := TransportErrToResponseError(err) + azResp, ok := transportErrToResponseError(err) if !ok { return "", status{}, err } diff --git a/internal/keystore/azure/key-vault-error.go b/internal/keystore/azure/key-vault-error.go index 9b43ecd8..862cc268 100644 --- a/internal/keystore/azure/key-vault-error.go +++ b/internal/keystore/azure/key-vault-error.go @@ -1,3 +1,7 @@ +// Copyright 2021 - MinIO, Inc. All rights reserved. +// Use of this source code is governed by the AGPLv3 +// license that can be found in the LICENSE file. + package azure import ( @@ -5,8 +9,7 @@ import ( "reflect" ) -// ResponseError is a wrapper around an error response from the Azure Key Vault service. -type ResponseError struct { +type responseError struct { // ErrorCode is the error code returned by the resource provider if available. ErrorCode string @@ -19,8 +22,8 @@ type ResponseError struct { errorResponse errorResponse } -// TransportErrToResponseError converts a transport error to a ResponseError. -func TransportErrToResponseError(terr error) (*ResponseError, bool) { +// transportErrToResponseError converts a transport error to a ResponseError. +func transportErrToResponseError(terr error) (*responseError, bool) { if reflect.TypeOf(terr).String() == "*exported.ResponseError" { tv := reflect.ValueOf(terr).Elem() ErrorCode := tv.FieldByName("ErrorCode").String() @@ -30,7 +33,7 @@ func TransportErrToResponseError(terr error) (*ResponseError, bool) { if ok { errorResponse, _ = parseErrorResponse(RawResponse) } - return &ResponseError{ + return &responseError{ ErrorCode: ErrorCode, StatusCode: StatusCode, RawResponse: RawResponse, diff --git a/internal/keystore/azure/key-vault.go b/internal/keystore/azure/key-vault.go index a9d84902..7ad97168 100644 --- a/internal/keystore/azure/key-vault.go +++ b/internal/keystore/azure/key-vault.go @@ -321,7 +321,7 @@ func (s *Store) List(ctx context.Context, prefix string, n int) ([]string, strin if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) { return nil, "", err } - azResp, ok := TransportErrToResponseError(err) + azResp, ok := transportErrToResponseError(err) if !ok { return nil, "", err } @@ -369,7 +369,7 @@ func (s *Store) Close() error { return nil } // ConnectWithCredentials tries to establish a connection to a Azure KeyVault // instance using Azure client credentials. func ConnectWithCredentials(_ context.Context, endpoint string, creds Credentials) (*Store, error) { - if os.Getenv("AZURE_CLIENT_API_VERSION") != "7.2" { + if os.Getenv("AZURE_CLIENT_API_VERSION") == "7.4" { os.Setenv("AZURE_CLIENT_ID", creds.ClientID) os.Setenv("AZURE_CLIENT_SECRET", creds.Secret) os.Setenv("AZURE_TENANT_ID", creds.TenantID) @@ -416,7 +416,7 @@ func ConnectWithCredentials(_ context.Context, endpoint string, creds Credential // ConnectWithIdentity tries to establish a connection to a Azure KeyVault // instance using an Azure managed identity. func ConnectWithIdentity(_ context.Context, endpoint string, msi ManagedIdentity) (*Store, error) { - if os.Getenv("AZURE_CLIENT_API_VERSION") != "7.2" { + if os.Getenv("AZURE_CLIENT_API_VERSION") == "7.4" { cred, err := azidentity.NewManagedIdentityCredential(&azidentity.ManagedIdentityCredentialOptions{ ID: azidentity.ClientID(msi.ClientID), }) diff --git a/internal/keystore/azure/key-vault_test.go b/internal/keystore/azure/key-vault_test.go index 839b7572..01c35df1 100644 --- a/internal/keystore/azure/key-vault_test.go +++ b/internal/keystore/azure/key-vault_test.go @@ -1,3 +1,7 @@ +// Copyright 2021 - MinIO, Inc. All rights reserved. +// Use of this source code is governed by the AGPLv3 +// license that can be found in the LICENSE file. + package azure import (