Merge pull request #102063 from tdihp/fix/azure-auth-refresh

Azure auth forwarding adal refresh error to azureTokenSource
2025-07-21 02:41:25 +00:00 · 2021-06-01 19:48:45 -07:00 · 2021-06-01 19:48:45 -07:00 · eee6e54ecf
commit eee6e54ecf
parent 807e70c46f e105611d3a
2 changed files with 12 additions and 2 deletions
--- a/staging/src/k8s.io/client-go/plugin/pkg/client/auth/azure/azure.go
+++ b/staging/src/k8s.io/client-go/plugin/pkg/client/auth/azure/azure.go
@ -354,7 +354,6 @@ func (ts *azureTokenSource) Refresh(token *azureToken) (*azureToken, error) {
 }

 // refresh outdated token with adal.
-// adal.RefreshTokenError will be returned if error occur during refreshing.
 func (ts *azureTokenSourceDeviceCode) Refresh(token *azureToken) (*azureToken, error) {
 	env, err := azure.EnvironmentFromName(token.environment)
 	if err != nil {
@ -388,7 +387,8 @@ func (ts *azureTokenSourceDeviceCode) Refresh(token *azureToken) (*azureToken, e
 	}

 	if err := spt.Refresh(); err != nil {
-		return nil, fmt.Errorf("refreshing token: %v", err)
+		// Caller expects IsTokenRefreshError(err) to trigger prompt.
+		return nil, fmt.Errorf("refreshing token: %w", err)
 	}

 	return &azureToken{
--- a/staging/src/k8s.io/client-go/plugin/pkg/client/auth/azure/azure_test.go
+++ b/staging/src/k8s.io/client-go/plugin/pkg/client/auth/azure/azure_test.go
@ -330,6 +330,16 @@ func TestAzureTokenSourceScenarios(t *testing.T) {
 			tokenCalls:   1,
 			persistCalls: 1,
 		},
+		{
+			name:         "extend failure with fmt.Errorf nested tokenRefreshError",
+			configToken:  expiredToken,
+			refreshErr:   fmt.Errorf("refreshing token: %w", fakeTokenRefreshError{message: "nested FakeError happened when refreshing"}),
+			sourceToken:  fakeToken,
+			expectToken:  fakeToken,
+			refreshCalls: 1,
+			tokenCalls:   1,
+			persistCalls: 1,
+		},
 		{
 			name:         "unexpected error when extend",
 			configToken:  expiredToken,