jprdonnelly/opentf
1
0
Fork 0
mirror of https://github.com/opentffoundation/opentf.git synced 2025-12-19 17:59:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

Reduce calls to ListKey in azure backend (#3083)

Browse Source 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
This commit is contained in:
Christian Mesh
2025-07-31 08:39:07 -04:00
committed by GitHub
parent f311f013fc
commit 2aa3af37a2
1 changed files with 24 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
internal/backend/remote-state/azure/arm_client.go
View File

@@ -33,6 +33,8 @@ type ArmClient struct {
// azureAdStorageAuth is only here if we're using AzureAD Authentication but is an Authorizer for Storage // azureAdStorageAuth is only here if we're using AzureAD Authentication but is an Authorizer for Storage
azureAdStorageAuth *autorest.Authorizer azureAdStorageAuth *autorest.Authorizer
storageAuthCache autorest.Authorizer
accessKey string accessKey string
environment azure.Environment environment azure.Environment
resourceGroupName string resourceGroupName string
@@ -141,23 +143,22 @@ func buildArmClient(ctx context.Context, config BackendConfig) (*ArmClient, erro
return &client, nil return &client, nil
} }
func (c ArmClient) getBlobClient(ctx context.Context) (*blobs.Client, error) { func (c ArmClient) getStorageAuth(ctx context.Context) (autorest.Authorizer, error) {
if c.storageAuthCache != nil {
return c.storageAuthCache, nil
}
var err error
c.storageAuthCache, err = c.newStorageAuth(ctx)
return c.storageAuthCache, err
}
func (c ArmClient) newStorageAuth(ctx context.Context) (autorest.Authorizer, error) {
if c.sasToken != "" { if c.sasToken != "" {
log.Printf("[DEBUG] Building the Blob Client from a SAS Token") log.Printf("[DEBUG] Building the Storage Auth from a SAS Token")
storageAuth, err := autorest.NewSASTokenAuthorizer(c.sasToken) return autorest.NewSASTokenAuthorizer(c.sasToken)
if err != nil {
return nil, fmt.Errorf("Error building SAS Token Authorizer: %w", err)
}
blobsClient := blobs.NewWithEnvironment(c.environment)
c.configureClient(&blobsClient.Client, storageAuth)
return &blobsClient, nil
} }
if c.azureAdStorageAuth != nil { if c.azureAdStorageAuth != nil {
blobsClient := blobs.NewWithEnvironment(c.environment) return *c.azureAdStorageAuth, nil
c.configureClient(&blobsClient.Client, *c.azureAdStorageAuth)
return &blobsClient, nil
} }
accessKey := c.accessKey accessKey := c.accessKey
@@ -182,6 +183,14 @@ func (c ArmClient) getBlobClient(ctx context.Context) (*blobs.Client, error) {
if err != nil { if err != nil {
return nil, fmt.Errorf("Error building Shared Key Authorizer: %w", err) return nil, fmt.Errorf("Error building Shared Key Authorizer: %w", err)
} }
return storageAuth, err
}
func (c ArmClient) getBlobClient(ctx context.Context) (*blobs.Client, error) {
storageAuth, err := c.getStorageAuth(ctx)
if err != nil {
return nil, err
}
blobsClient := blobs.NewWithEnvironment(c.environment) blobsClient := blobs.NewWithEnvironment(c.environment)
c.configureClient(&blobsClient.Client, storageAuth) c.configureClient(&blobsClient.Client, storageAuth)
@@ -189,45 +198,9 @@ func (c ArmClient) getBlobClient(ctx context.Context) (*blobs.Client, error) {
} }
func (c ArmClient) getContainersClient(ctx context.Context) (*containers.Client, error) { func (c ArmClient) getContainersClient(ctx context.Context) (*containers.Client, error) {
if c.sasToken != "" { storageAuth, err := c.getStorageAuth(ctx)
log.Printf("[DEBUG] Building the Container Client from a SAS Token")
storageAuth, err := autorest.NewSASTokenAuthorizer(c.sasToken)
if err != nil {
return nil, fmt.Errorf("Error building SAS Token Authorizer: %w", err)
}
containersClient := containers.NewWithEnvironment(c.environment)
c.configureClient(&containersClient.Client, storageAuth)
return &containersClient, nil
}
if c.azureAdStorageAuth != nil {
containersClient := containers.NewWithEnvironment(c.environment)
c.configureClient(&containersClient.Client, *c.azureAdStorageAuth)
return &containersClient, nil
}
accessKey := c.accessKey
if accessKey == "" {
log.Printf("[DEBUG] Building the Container Client from an Access Token (using user credentials)")
timeoutCtx, cancel := context.WithTimeout(ctx, time.Duration(c.timeoutSeconds)*time.Second)
defer cancel()
keys, err := c.storageAccountsClient.ListKeys(timeoutCtx, c.resourceGroupName, c.storageAccountName, "")
if err != nil {
return nil, fmt.Errorf("Error retrieving keys for Storage Account %q: %w", c.storageAccountName, err)
}
if keys.Keys == nil {
return nil, fmt.Errorf("Nil key returned for storage account %q", c.storageAccountName)
}
accessKeys := *keys.Keys
accessKey = *accessKeys[0].Value
}
storageAuth, err := autorest.NewSharedKeyAuthorizer(c.storageAccountName, accessKey, autorest.SharedKey)
if err != nil { if err != nil {
return nil, fmt.Errorf("Error building Shared Key Authorizer: %w", err) return nil, err
} }
containersClient := containers.NewWithEnvironment(c.environment) containersClient := containers.NewWithEnvironment(c.environment)