Azure auth forwarding adal refresh error to tokenSource, fixes error when token refresh fails.

Signed-off-by: Ping He <tdihp@hotmail.com> Kubernetes-commit: e105611d3a732a5b7bf34cf48f60b5a785181e6f
2025-07-10 21:54:01 +00:00 · 2021-05-17 22:02:52 +08:00 · 2021-05-17 22:02:52 +08:00 · 88929e8a2b
commit 88929e8a2b
parent caa2ddeb89
2 changed files with 12 additions and 2 deletions
--- a/plugin/pkg/client/auth/azure/azure.go
+++ b/plugin/pkg/client/auth/azure/azure.go
@ -354,7 +354,6 @@ func (ts *azureTokenSource) Refresh(token *azureToken) (*azureToken, error) {
 }

 // refresh outdated token with adal.
-// adal.RefreshTokenError will be returned if error occur during refreshing.
 func (ts *azureTokenSourceDeviceCode) Refresh(token *azureToken) (*azureToken, error) {
 	env, err := azure.EnvironmentFromName(token.environment)
 	if err != nil {
@ -388,7 +387,8 @@ func (ts *azureTokenSourceDeviceCode) Refresh(token *azureToken) (*azureToken, e
 	}

 	if err := spt.Refresh(); err != nil {
-		return nil, fmt.Errorf("refreshing token: %v", err)
+		// Caller expects IsTokenRefreshError(err) to trigger prompt.
+		return nil, fmt.Errorf("refreshing token: %w", err)
 	}

 	return &azureToken{
--- a/plugin/pkg/client/auth/azure/azure_test.go
+++ b/plugin/pkg/client/auth/azure/azure_test.go
@ -330,6 +330,16 @@ func TestAzureTokenSourceScenarios(t *testing.T) {
 			tokenCalls:   1,
 			persistCalls: 1,
 		},
+		{
+			name:         "extend failure with fmt.Errorf nested tokenRefreshError",
+			configToken:  expiredToken,
+			refreshErr:   fmt.Errorf("refreshing token: %w", fakeTokenRefreshError{message: "nested FakeError happened when refreshing"}),
+			sourceToken:  fakeToken,
+			expectToken:  fakeToken,
+			refreshCalls: 1,
+			tokenCalls:   1,
+			persistCalls: 1,
+		},
 		{
 			name:         "unexpected error when extend",
 			configToken:  expiredToken,