@@ -81,7 +81,7 @@ type configCredentialOptions struct {
81
81
AdditionallyAllowedTenants []string
82
82
}
83
83
84
- // newConfigCredential works same as the azidentity.EnvironmentCredential but reads the credentials from a map
84
+ // newConfigCredential works similar as the azidentity.EnvironmentCredential but reads the credentials from a map
85
85
// rather than environment variables. This is required for Velero to run B/R concurrently
86
86
// https://github.com/Azure/azure-sdk-for-go/blob/sdk/azidentity/v1.3.0/sdk/azidentity/environment_credential.go#L80
87
87
func newConfigCredential (creds map [string ]string , options configCredentialOptions ) (azcore.TokenCredential , error ) {
@@ -102,19 +102,24 @@ func newConfigCredential(creds map[string]string, options configCredentialOption
102
102
})
103
103
}
104
104
105
- // certificate
106
- if certPath := creds [CredentialKeyClientCertificatePath ]; certPath != "" {
107
- certData , err := os .ReadFile (certPath )
108
- if err != nil {
109
- return nil , errors .Wrapf (err , "failed to read certificate file %s" , certPath )
105
+ // raw certificate or certificate file
106
+ if rawCerts , certsPath := []byte (creds [CredentialKeyClientCertificate ]), creds [CredentialKeyClientCertificatePath ]; len (rawCerts ) > 0 || len (certsPath ) > 0 {
107
+ var err error
108
+ // raw certificate isn't specified while certificate path is specified
109
+ if len (rawCerts ) == 0 {
110
+ rawCerts , err = os .ReadFile (certsPath )
111
+ if err != nil {
112
+ return nil , errors .Wrapf (err , "failed to read certificate file %s" , certsPath )
113
+ }
110
114
}
115
+
111
116
var password []byte
112
117
if v := creds [CredentialKeyClientCertificatePassword ]; v != "" {
113
118
password = []byte (v )
114
119
}
115
- certs , key , err := azidentity .ParseCertificates (certData , password )
120
+ certs , key , err := azidentity .ParseCertificates (rawCerts , password )
116
121
if err != nil {
117
- return nil , errors .Wrapf (err , "failed to load certificate from %s" , certPath )
122
+ return nil , errors .Wrap (err , "failed to parse certificate" )
118
123
}
119
124
o := & azidentity.ClientCertificateCredentialOptions {
120
125
AdditionallyAllowedTenants : options .AdditionallyAllowedTenants ,
0 commit comments