Description
Since the release of github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1 authentication is broken.
This is due to this PR: Retry policy will always clone the *http.Request #20843, and in particuar due to this line:
clone := req.Clone(req.Raw().Context())This breaks the assumption at
that the request will be mutated byBearerTokenPolicy.
Since the pipeline is set up so that BearerTokenPolicy runs after the request is cloned, the Authorization token is not longer available after the pipeline runs.
Looking at the code in runtime.NewPipeline, it doesn't seem possible to disable this cloning behaviour at all after that PR.
The only way I see this can be fixed is to move BearerTokenPolicy from PerRetry to PerCall:
// FROM
return &policyAdapter{
pl: runtime.NewPipeline("azidext", "v0.4.0", runtime.PipelineOptions{
PerRetry: []policy.Policy{tkPolicy, nullPolicy{}},
}, nil),
}
// TO
return &policyAdapter{
pl: runtime.NewPipeline("azidext", "v0.4.0", runtime.PipelineOptions{
PerCall: []policy.Policy{tkPolicy, nullPolicy{}},
PerRetry: []policy.Policy{nullPolicy{}},
}, nil),
}This ensures the auth BearerTokenPolicy runs on the original non-cloned request and mutates it by adding Authorization header.
I tried it and it does the trick. Although I'm not sure if it will cause some other issues to do with token refresh etc. I think the BearerTokenPolicy does all kind of refresh in the background so everything should continue as normal.
In any case, this is completely broken since azcore v1.6.1 so unless someone finds another way, I don't see how this can be fixed.