in cmd/credentialUtil.go [427:526]
func doGetCredentialTypeForLocation(ctx context.Context, location common.Location, resource common.ResourceString, isSource bool, getForcedCredType func() common.CredentialType, cpkOptions common.CpkOptions) (credType common.CredentialType, public bool, err error) {
public = false
err = nil
switch location {
case common.ELocation.Local(), common.ELocation.Benchmark(), common.ELocation.None(), common.ELocation.Pipe():
return common.ECredentialType.Anonymous(), false, nil
}
defer func() {
logAuthType(credType, location, isSource)
}()
// caution: If auth-type is unsafe, below defer statement will change the return value credType
defer func() {
if err != nil {
return
}
if err = checkAuthSafeForTarget(credType, resource.Value, cmdLineExtraSuffixesAAD, location); err != nil {
credType = common.ECredentialType.Unknown()
public = false
}
}()
if getForcedCredType() != common.ECredentialType.Unknown() &&
location != common.ELocation.S3() && location != common.ELocation.GCP() {
credType = getForcedCredType()
return
}
if location == common.ELocation.S3() {
accessKeyID := common.GetEnvironmentVariable(common.EEnvironmentVariable.AWSAccessKeyID())
secretAccessKey := common.GetEnvironmentVariable(common.EEnvironmentVariable.AWSSecretAccessKey())
if accessKeyID == "" || secretAccessKey == "" {
credType = common.ECredentialType.S3PublicBucket()
public = true
return
}
credType = common.ECredentialType.S3AccessKey()
return
}
if location == common.ELocation.GCP() {
googleAppCredentials := common.GetEnvironmentVariable(common.EEnvironmentVariable.GoogleAppCredentials())
if googleAppCredentials == "" {
return common.ECredentialType.Unknown(), false, errors.New("GOOGLE_APPLICATION_CREDENTIALS environment variable must be set before using GCP transfer feature")
}
credType = common.ECredentialType.GoogleAppCredentials()
return
}
// Special blob destinations - public and MD account needing oAuth
if location == common.ELocation.Blob() {
uri, _ := resource.FullURL()
if isSource && resource.SAS == "" && isPublic(ctx, uri.String(), cpkOptions) {
credType = common.ECredentialType.Anonymous()
public = true
return
}
if strings.HasPrefix(uri.Host, "md-") && mdAccountNeedsOAuth(ctx, uri.String(), cpkOptions) {
if !oAuthTokenExists() {
return common.ECredentialType.Unknown(), false,
common.NewAzError(common.EAzError.LoginCredMissing(), "No SAS token or OAuth token is present and the resource is not public")
}
credType = common.ECredentialType.MDOAuthToken()
return
}
}
if resource.SAS != "" {
credType = common.ECredentialType.Anonymous()
return
}
if oAuthTokenExists() {
credType = common.ECredentialType.OAuthToken()
return
}
// BlobFS currently supports Shared key. Remove this piece of code, once
// we deprecate that.
if location == common.ELocation.BlobFS() {
name := common.GetEnvironmentVariable(common.EEnvironmentVariable.AccountName())
key := common.GetEnvironmentVariable(common.EEnvironmentVariable.AccountKey())
if name != "" && key != "" { // TODO: To remove, use for internal testing, SharedKey should not be supported from commandline
credType = common.ECredentialType.SharedKey()
warnIfSharedKeyAuthForDatalake()
}
}
// We may not always use the OAuth token on Managed Disks. As such, we should change to the type indicating the potential for use.
// if mdAccount && credType == common.ECredentialType.OAuthToken() {
// credType = common.ECredentialType.MDOAuthToken()
// }
return
}