tier: Add support of service principal to Azure (#254)

* tier: Add support of service principal to Azure * Address Harsha comments * Adress KP comments --------- Co-authored-by: Anis Elleuch <[email protected]>
minio · Dec 11, 2023 · d20cff0 · d20cff0
1 parent 9ef2480
commit d20cff0
Show file tree

Hide file tree

Showing 4 changed files with 437 additions and 6 deletions.
diff --git a/.github/workflows/vulncheck.yml b/.github/workflows/vulncheck.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [ 1.21.4 ]
+        go-version: [ 1.21.5 ]
     steps:
     - name: Check out code into the Go module directory
       uses: actions/checkout@v3

diff --git a/tier-azure.go b/tier-azure.go
@@ -19,8 +19,17 @@
 
 package madmin
 
+import "errors"
+
 //go:generate msgp -file $GOFILE
 
+// ServicePrincipalAuth holds fields for a successful SP authentication with Azure
+type ServicePrincipalAuth struct {
+	TenantID     string `json:",omitempty"`
+	ClientID     string `json:",omitempty"`
+	ClientSecret string `json:",omitempty"`
+}
+
 // TierAzure represents the remote tier configuration for Azure Blob Storage.
 type TierAzure struct {
 	Endpoint     string `json:",omitempty"`
@@ -30,11 +39,37 @@ type TierAzure struct {
 	Prefix       string `json:",omitempty"`
 	Region       string `json:",omitempty"`
 	StorageClass string `json:",omitempty"`
+
+	SPAuth ServicePrincipalAuth `json:",omitempty"`
+}
+
+// IsSPEnabled returns true if all SP related fields are provided
+func (ti TierAzure) IsSPEnabled() bool {
+	return ti.SPAuth.TenantID != "" && ti.SPAuth.ClientID != "" && ti.SPAuth.ClientSecret != ""
 }
 
 // AzureOptions supports NewTierAzure to take variadic options
 type AzureOptions func(*TierAzure) error
 
+// AzureServicePrincipal helper to supply optional service principal credentials
+func AzureServicePrincipal(tenantID, clientID, clientSecret string) func(az *TierAzure) error {
+	return func(az *TierAzure) error {
+		if tenantID == "" {
+			return errors.New("empty tenant ID unsupported")
+		}
+		if clientID == "" {
+			return errors.New("empty client ID unsupported")
+		}
+		if clientSecret == "" {
+			return errors.New("empty client secret unsupported")
+		}
+		az.SPAuth.TenantID = tenantID
+		az.SPAuth.ClientID = clientID
+		az.SPAuth.ClientSecret = clientSecret
+		return nil
+	}
+}
+
 // AzurePrefix helper to supply optional object prefix to NewTierAzure
 func AzurePrefix(prefix string) func(az *TierAzure) error {
 	return func(az *TierAzure) error {