From 88929e8a2b30786ceb354213da55b4b10121d770 Mon Sep 17 00:00:00 2001
From: Ping He <tdihp@hotmail.com>
Date: Mon, 17 May 2021 22:02:52 +0800
Subject: [PATCH] Azure auth forwarding adal refresh error to tokenSource,
 fixes error when token refresh fails.

Signed-off-by: Ping He <tdihp@hotmail.com>

Kubernetes-commit: e105611d3a732a5b7bf34cf48f60b5a785181e6f
---
 plugin/pkg/client/auth/azure/azure.go      |  4 ++--
 plugin/pkg/client/auth/azure/azure_test.go | 10 ++++++++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/plugin/pkg/client/auth/azure/azure.go b/plugin/pkg/client/auth/azure/azure.go
index a5218029..f4eeb858 100644
--- a/plugin/pkg/client/auth/azure/azure.go
+++ b/plugin/pkg/client/auth/azure/azure.go
@@ -354,7 +354,6 @@ func (ts *azureTokenSource) Refresh(token *azureToken) (*azureToken, error) {
 }
 
 // refresh outdated token with adal.
-// adal.RefreshTokenError will be returned if error occur during refreshing.
 func (ts *azureTokenSourceDeviceCode) Refresh(token *azureToken) (*azureToken, error) {
 	env, err := azure.EnvironmentFromName(token.environment)
 	if err != nil {
@@ -388,7 +387,8 @@ func (ts *azureTokenSourceDeviceCode) Refresh(token *azureToken) (*azureToken, e
 	}
 
 	if err := spt.Refresh(); err != nil {
-		return nil, fmt.Errorf("refreshing token: %v", err)
+		// Caller expects IsTokenRefreshError(err) to trigger prompt.
+		return nil, fmt.Errorf("refreshing token: %w", err)
 	}
 
 	return &azureToken{
diff --git a/plugin/pkg/client/auth/azure/azure_test.go b/plugin/pkg/client/auth/azure/azure_test.go
index 5f9aab76..aa3f0989 100644
--- a/plugin/pkg/client/auth/azure/azure_test.go
+++ b/plugin/pkg/client/auth/azure/azure_test.go
@@ -330,6 +330,16 @@ func TestAzureTokenSourceScenarios(t *testing.T) {
 			tokenCalls:   1,
 			persistCalls: 1,
 		},
+		{
+			name:         "extend failure with fmt.Errorf nested tokenRefreshError",
+			configToken:  expiredToken,
+			refreshErr:   fmt.Errorf("refreshing token: %w", fakeTokenRefreshError{message: "nested FakeError happened when refreshing"}),
+			sourceToken:  fakeToken,
+			expectToken:  fakeToken,
+			refreshCalls: 1,
+			tokenCalls:   1,
+			persistCalls: 1,
+		},
 		{
 			name:         "unexpected error when extend",
 			configToken:  expiredToken,