fix br-manager fetch backup meta

pingcap · Aug 28, 2024 · 40fda70 · 40fda70
1 parent a82c00a
commit 40fda70
Showing 1 changed file with 20 additions and 12 deletions.
diff --git a/pkg/backup/util/remote.go b/pkg/backup/util/remote.go
@@ -528,38 +528,46 @@ func newAzblobStorage(conf *azblobConfig) (*blob.Bucket, error) {
 	// Azure shared key with access to the storage account
 	accountKey := os.Getenv("AZURE_STORAGE_KEY")
 
-	// check condition for using AAD credentials first
-	var usingAAD bool
-	if len(clientID) != 0 && len(clientSecret) != 0 && len(tenantID) != 0 {
-		usingAAD = true
-	} else if len(accountKey) != 0 {
-		usingAAD = false
-	} else {
-		return nil, errors.New("Missing necessary key(s) for credentials")
-	}
+	// Azure Storage Account Shared Access Signature Token
+	sasToken := conf.sasToken
 
-	// initialize a new azblob storage using AAD or shared key credentials
 	var bucket *blob.Bucket
 	var err error
-	if usingAAD {
+	if len(sasToken) != 0 {
+		bucket, err = newAzblobStorageUsingSasToken(conf, account, sasToken)
+	} else if len(clientID) != 0 && len(clientSecret) != 0 && len(tenantID) != 0 {
 		bucket, err = newAzblobStorageUsingAAD(conf, &azblobAADCred{
 			account:      account,
 			clientID:     clientID,
 			clientSecret: clientSecret,
 			tenantID:     tenantID,
 		})
-	} else {
+	} else if len(accountKey) != 0 {
 		bucket, err = newAzblobStorageUsingSharedKey(conf, &azblobSharedKeyCred{
 			account:   account,
 			sharedKey: accountKey,
 		})
+	} else {
+		return nil, errors.New("Missing necessary key(s) for credentials")
 	}
+
 	if err != nil {
 		return nil, err
 	}
 	return blob.PrefixedBucket(bucket, strings.Trim(conf.prefix, "/")+"/"), nil
 }
 
+func newAzblobStorageUsingSasToken(conf *azblobConfig, account, token string) (*blob.Bucket, error) {
+	// Azure Storage Account.
+	accountName := azureblob.AccountName(account)
+	sasToken := azureblob.SASToken(token)
+	cred := azblob.NewAnonymousCredential()
+	pipeline := azureblob.NewPipeline(cred, azblob.PipelineOptions{})
+	// Create a *blob.Bucket.
+	ctx := context.Background()
+	return azureblob.OpenBucket(ctx, pipeline, accountName, conf.container, &azureblob.Options{SASToken: sasToken})
+}
+
 // newAzblobStorageUsingAAD initialize a new azblob storage using AAD credentials
 func newAzblobStorageUsingAAD(conf *azblobConfig, cred *azblobAADCred) (*blob.Bucket, error) {
 	// Azure Storage Account.