Update Azure Go SDK to v55.0.0

2021-06-01 01:30:43 +00:00
parent f363322d4a
commit b98824c55d
88 changed files with 2313 additions and 944 deletions
--- a/vendor/github.com/Azure/go-autorest/autorest/adal/go.mod
+++ b/vendor/github.com/Azure/go-autorest/autorest/adal/go.mod
@@ -6,6 +6,7 @@ require (
 	github.com/Azure/go-autorest v14.2.0+incompatible
 	github.com/Azure/go-autorest/autorest/date v0.3.0
 	github.com/Azure/go-autorest/autorest/mocks v0.4.1
+	github.com/Azure/go-autorest/logger v0.2.1
 	github.com/Azure/go-autorest/tracing v0.6.0
 	github.com/form3tech-oss/jwt-go v3.2.2+incompatible
 	golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0
--- a/vendor/github.com/Azure/go-autorest/autorest/adal/go.sum
+++ b/vendor/github.com/Azure/go-autorest/autorest/adal/go.sum
@@ -4,6 +4,8 @@ github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8K
 github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
+github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
+github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=
--- a/vendor/github.com/Azure/go-autorest/autorest/adal/sender.go
+++ b/vendor/github.com/Azure/go-autorest/autorest/adal/sender.go
@@ -28,6 +28,7 @@ const (
 	mimeTypeFormPost = "application/x-www-form-urlencoded"
 )

+// DO NOT ACCESS THIS DIRECTLY.  go through sender()
 var defaultSender Sender
 var defaultSenderInit = &sync.Once{}

--- a/vendor/github.com/Azure/go-autorest/autorest/adal/token.go
+++ b/vendor/github.com/Azure/go-autorest/autorest/adal/token.go
@@ -36,6 +36,7 @@ import (
 	"time"

 	"github.com/Azure/go-autorest/autorest/date"
+	"github.com/Azure/go-autorest/logger"
 	"github.com/form3tech-oss/jwt-go"
 )

@@ -70,13 +71,13 @@ const (
 	defaultMaxMSIRefreshAttempts = 5

 	// asMSIEndpointEnv is the environment variable used to store the endpoint on App Service and Functions
-	asMSIEndpointEnv = "MSI_ENDPOINT"
+	msiEndpointEnv = "MSI_ENDPOINT"

 	// asMSISecretEnv is the environment variable used to store the request secret on App Service and Functions
-	asMSISecretEnv = "MSI_SECRET"
+	msiSecretEnv = "MSI_SECRET"

-	// the API version to use for the App Service MSI endpoint
-	appServiceAPIVersion = "2017-09-01"
+	// the API version to use for the legacy App Service MSI endpoint
+	appServiceAPIVersion2017 = "2017-09-01"

 	// secret header used when authenticating against app service MSI endpoint
 	secretHeader = "Secret"
@@ -292,6 +293,8 @@ func (secret ServicePrincipalCertificateSecret) MarshalJSON() ([]byte, error) {

 // ServicePrincipalMSISecret implements ServicePrincipalSecret for machines running the MSI Extension.
 type ServicePrincipalMSISecret struct {
+	msiType          msiType
+	clientResourceID string
 }

 // SetAuthenticationValues is a method of the interface ServicePrincipalSecret.
@@ -662,96 +665,173 @@ func NewServicePrincipalTokenFromAuthorizationCode(oauthConfig OAuthConfig, clie
 	)
 }

+type msiType int
+
+const (
+	msiTypeUnavailable msiType = iota
+	msiTypeAppServiceV20170901
+	msiTypeCloudShell
+	msiTypeIMDS
+)
+
+func (m msiType) String() string {
+	switch m {
+	case msiTypeUnavailable:
+		return "unavailable"
+	case msiTypeAppServiceV20170901:
+		return "AppServiceV20170901"
+	case msiTypeCloudShell:
+		return "CloudShell"
+	case msiTypeIMDS:
+		return "IMDS"
+	default:
+		return fmt.Sprintf("unhandled MSI type %d", m)
+	}
+}
+
+// returns the MSI type and endpoint, or an error
+func getMSIType() (msiType, string, error) {
+	if endpointEnvVar := os.Getenv(msiEndpointEnv); endpointEnvVar != "" {
+		// if the env var MSI_ENDPOINT is set
+		if secretEnvVar := os.Getenv(msiSecretEnv); secretEnvVar != "" {
+			// if BOTH the env vars MSI_ENDPOINT and MSI_SECRET are set the msiType is AppService
+			return msiTypeAppServiceV20170901, endpointEnvVar, nil
+		}
+		// if ONLY the env var MSI_ENDPOINT is set the msiType is CloudShell
+		return msiTypeCloudShell, endpointEnvVar, nil
+	} else if msiAvailableHook(context.Background(), sender()) {
+		// if MSI_ENDPOINT is NOT set AND the IMDS endpoint is available the msiType is IMDS. This will timeout after 500 milliseconds
+		return msiTypeIMDS, msiEndpoint, nil
+	} else {
+		// if MSI_ENDPOINT is NOT set and IMDS endpoint is not available Managed Identity is not available
+		return msiTypeUnavailable, "", errors.New("MSI not available")
+	}
+}
+
 // GetMSIVMEndpoint gets the MSI endpoint on Virtual Machines.
+// NOTE: this always returns the IMDS endpoint, it does not work for app services or cloud shell.
+// Deprecated: NewServicePrincipalTokenFromMSI() and variants will automatically detect the endpoint.
 func GetMSIVMEndpoint() (string, error) {
 	return msiEndpoint, nil
 }

-// NOTE: this only indicates if the ASE environment credentials have been set
-// which does not necessarily mean that the caller is authenticating via ASE!
-func isAppService() bool {
-	_, asMSIEndpointEnvExists := os.LookupEnv(asMSIEndpointEnv)
-	_, asMSISecretEnvExists := os.LookupEnv(asMSISecretEnv)
-
-	return asMSIEndpointEnvExists && asMSISecretEnvExists
-}
-
-// GetMSIAppServiceEndpoint get the MSI endpoint for App Service and Functions
+// GetMSIAppServiceEndpoint get the MSI endpoint for App Service and Functions.
+// It will return an error when not running in an app service/functions environment.
+// Deprecated: NewServicePrincipalTokenFromMSI() and variants will automatically detect the endpoint.
 func GetMSIAppServiceEndpoint() (string, error) {
-	asMSIEndpoint, asMSIEndpointEnvExists := os.LookupEnv(asMSIEndpointEnv)
-
-	if asMSIEndpointEnvExists {
-		return asMSIEndpoint, nil
+	msiType, endpoint, err := getMSIType()
+	if err != nil {
+		return "", err
+	}
+	switch msiType {
+	case msiTypeAppServiceV20170901:
+		return endpoint, nil
+	default:
+		return "", fmt.Errorf("%s is not app service environment", msiType)
 	}
-	return "", errors.New("MSI endpoint not found")
 }

 // GetMSIEndpoint get the appropriate MSI endpoint depending on the runtime environment
+// Deprecated: NewServicePrincipalTokenFromMSI() and variants will automatically detect the endpoint.
 func GetMSIEndpoint() (string, error) {
-	if isAppService() {
-		return GetMSIAppServiceEndpoint()
-	}
-	return GetMSIVMEndpoint()
+	_, endpoint, err := getMSIType()
+	return endpoint, err
 }

 // NewServicePrincipalTokenFromMSI creates a ServicePrincipalToken via the MSI VM Extension.
 // It will use the system assigned identity when creating the token.
+// msiEndpoint - empty string, or pass a non-empty string to override the default value.
+// Deprecated: use NewServicePrincipalTokenFromManagedIdentity() instead.
 func NewServicePrincipalTokenFromMSI(msiEndpoint, resource string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error) {
-	return newServicePrincipalTokenFromMSI(msiEndpoint, resource, nil, nil, callbacks...)
+	return newServicePrincipalTokenFromMSI(msiEndpoint, resource, "", "", callbacks...)
 }

 // NewServicePrincipalTokenFromMSIWithUserAssignedID creates a ServicePrincipalToken via the MSI VM Extension.
 // It will use the clientID of specified user assigned identity when creating the token.
+// msiEndpoint - empty string, or pass a non-empty string to override the default value.
+// Deprecated: use NewServicePrincipalTokenFromManagedIdentity() instead.
 func NewServicePrincipalTokenFromMSIWithUserAssignedID(msiEndpoint, resource string, userAssignedID string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error) {
-	return newServicePrincipalTokenFromMSI(msiEndpoint, resource, &userAssignedID, nil, callbacks...)
+	if err := validateStringParam(userAssignedID, "userAssignedID"); err != nil {
+		return nil, err
+	}
+	return newServicePrincipalTokenFromMSI(msiEndpoint, resource, userAssignedID, "", callbacks...)
 }

 // NewServicePrincipalTokenFromMSIWithIdentityResourceID creates a ServicePrincipalToken via the MSI VM Extension.
 // It will use the azure resource id of user assigned identity when creating the token.
+// msiEndpoint - empty string, or pass a non-empty string to override the default value.
+// Deprecated: use NewServicePrincipalTokenFromManagedIdentity() instead.
 func NewServicePrincipalTokenFromMSIWithIdentityResourceID(msiEndpoint, resource string, identityResourceID string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error) {
-	return newServicePrincipalTokenFromMSI(msiEndpoint, resource, nil, &identityResourceID, callbacks...)
-}
-
-func newServicePrincipalTokenFromMSI(msiEndpoint, resource string, userAssignedID *string, identityResourceID *string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error) {
-	if err := validateStringParam(msiEndpoint, "msiEndpoint"); err != nil {
+	if err := validateStringParam(identityResourceID, "identityResourceID"); err != nil {
 		return nil, err
 	}
+	return newServicePrincipalTokenFromMSI(msiEndpoint, resource, "", identityResourceID, callbacks...)
+}
+
+// ManagedIdentityOptions contains optional values for configuring managed identity authentication.
+type ManagedIdentityOptions struct {
+	// ClientID is the user-assigned identity to use during authentication.
+	// It is mutually exclusive with IdentityResourceID.
+	ClientID string
+
+	// IdentityResourceID is the resource ID of the user-assigned identity to use during authentication.
+	// It is mutually exclusive with ClientID.
+	IdentityResourceID string
+}
+
+// NewServicePrincipalTokenFromManagedIdentity creates a ServicePrincipalToken using a managed identity.
+// It supports the following managed identity environments.
+// - App Service Environment (API version 2017-09-01 only)
+// - Cloud shell
+// - IMDS with a system or user assigned identity
+func NewServicePrincipalTokenFromManagedIdentity(resource string, options *ManagedIdentityOptions, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error) {
+	if options == nil {
+		options = &ManagedIdentityOptions{}
+	}
+	return newServicePrincipalTokenFromMSI("", resource, options.ClientID, options.IdentityResourceID, callbacks...)
+}
+
+func newServicePrincipalTokenFromMSI(msiEndpoint, resource, userAssignedID, identityResourceID string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error) {
 	if err := validateStringParam(resource, "resource"); err != nil {
 		return nil, err
 	}
-	if userAssignedID != nil {
-		if err := validateStringParam(*userAssignedID, "userAssignedID"); err != nil {
-			return nil, err
-		}
+	if userAssignedID != "" && identityResourceID != "" {
+		return nil, errors.New("cannot specify userAssignedID and identityResourceID")
 	}
-	if identityResourceID != nil {
-		if err := validateStringParam(*identityResourceID, "identityResourceID"); err != nil {
-			return nil, err
-		}
+	msiType, endpoint, err := getMSIType()
+	if err != nil {
+		logger.Instance.Writef(logger.LogError, "Error determining managed identity environment: %v", err)
+		return nil, err
 	}
-	// We set the oauth config token endpoint to be MSI's endpoint
-	msiEndpointURL, err := url.Parse(msiEndpoint)
+	logger.Instance.Writef(logger.LogInfo, "Managed identity environment is %s, endpoint is %s", msiType, endpoint)
+	if msiEndpoint != "" {
+		endpoint = msiEndpoint
+		logger.Instance.Writef(logger.LogInfo, "Managed identity custom endpoint is %s", endpoint)
+	}
+	msiEndpointURL, err := url.Parse(endpoint)
 	if err != nil {
 		return nil, err
 	}
-
-	v := url.Values{}
-	v.Set("resource", resource)
-	// we only support token API version 2017-09-01 for app services
-	clientIDParam := "client_id"
-	if isASEEndpoint(*msiEndpointURL) {
-		v.Set("api-version", appServiceAPIVersion)
-		clientIDParam = "clientid"
-	} else {
-		v.Set("api-version", msiAPIVersion)
+	// cloud shell sends its data in the request body
+	if msiType != msiTypeCloudShell {
+		v := url.Values{}
+		v.Set("resource", resource)
+		clientIDParam := "client_id"
+		switch msiType {
+		case msiTypeAppServiceV20170901:
+			clientIDParam = "clientid"
+			v.Set("api-version", appServiceAPIVersion2017)
+			break
+		case msiTypeIMDS:
+			v.Set("api-version", msiAPIVersion)
+		}
+		if userAssignedID != "" {
+			v.Set(clientIDParam, userAssignedID)
+		} else if identityResourceID != "" {
+			v.Set("mi_res_id", identityResourceID)
+		}
+		msiEndpointURL.RawQuery = v.Encode()
 	}
-	if userAssignedID != nil {
-		v.Set(clientIDParam, *userAssignedID)
-	}
-	if identityResourceID != nil {
-		v.Set("mi_res_id", *identityResourceID)
-	}
-	msiEndpointURL.RawQuery = v.Encode()

 	spt := &ServicePrincipalToken{
 		inner: servicePrincipalToken{
@@ -759,10 +839,14 @@ func newServicePrincipalTokenFromMSI(msiEndpoint, resource string, userAssignedI
 			OauthConfig: OAuthConfig{
 				TokenEndpoint: *msiEndpointURL,
 			},
-			Secret:        &ServicePrincipalMSISecret{},
+			Secret: &ServicePrincipalMSISecret{
+				msiType:          msiType,
+				clientResourceID: identityResourceID,
+			},
 			Resource:      resource,
 			AutoRefresh:   true,
 			RefreshWithin: defaultRefresh,
+			ClientID:      userAssignedID,
 		},
 		refreshLock:           &sync.RWMutex{},
 		sender:                sender(),
@@ -770,10 +854,6 @@ func newServicePrincipalTokenFromMSI(msiEndpoint, resource string, userAssignedI
 		MaxMSIRefreshAttempts: defaultMaxMSIRefreshAttempts,
 	}

-	if userAssignedID != nil {
-		spt.inner.ClientID = *userAssignedID
-	}
-
 	return spt, nil
 }

@@ -870,31 +950,6 @@ func (spt *ServicePrincipalToken) getGrantType() string {
 	}
 }

-func isIMDS(u url.URL) bool {
-	return isMSIEndpoint(u) == true || isASEEndpoint(u) == true
-}
-
-func isMSIEndpoint(endpoint url.URL) bool {
-	msi, err := url.Parse(msiEndpoint)
-	if err != nil {
-		return false
-	}
-	return endpoint.Host == msi.Host && endpoint.Path == msi.Path
-}
-
-func isASEEndpoint(endpoint url.URL) bool {
-	aseEndpoint, err := GetMSIAppServiceEndpoint()
-	if err != nil {
-		// app service environment isn't enabled
-		return false
-	}
-	ase, err := url.Parse(aseEndpoint)
-	if err != nil {
-		return false
-	}
-	return endpoint.Host == ase.Host && endpoint.Path == ase.Path
-}
-
 func (spt *ServicePrincipalToken) refreshInternal(ctx context.Context, resource string) error {
 	if spt.customRefreshFunc != nil {
 		token, err := spt.customRefreshFunc(ctx, resource)
@@ -909,13 +964,40 @@ func (spt *ServicePrincipalToken) refreshInternal(ctx context.Context, resource
 		return fmt.Errorf("adal: Failed to build the refresh request. Error = '%v'", err)
 	}
 	req.Header.Add("User-Agent", UserAgent())
-	// Add header when runtime is on App Service or Functions
-	if isASEEndpoint(spt.inner.OauthConfig.TokenEndpoint) {
-		asMSISecret, _ := os.LookupEnv(asMSISecretEnv)
-		req.Header.Add(secretHeader, asMSISecret)
-	}
 	req = req.WithContext(ctx)
-	if !isIMDS(spt.inner.OauthConfig.TokenEndpoint) {
+	var resp *http.Response
+	authBodyFilter := func(b []byte) []byte {
+		if logger.Level() != logger.LogAuth {
+			return []byte("**REDACTED** authentication body")
+		}
+		return b
+	}
+	if msiSecret, ok := spt.inner.Secret.(*ServicePrincipalMSISecret); ok {
+		switch msiSecret.msiType {
+		case msiTypeAppServiceV20170901:
+			req.Method = http.MethodGet
+			req.Header.Set("secret", os.Getenv(msiSecretEnv))
+			break
+		case msiTypeCloudShell:
+			req.Header.Set("Metadata", "true")
+			data := url.Values{}
+			data.Set("resource", spt.inner.Resource)
+			if spt.inner.ClientID != "" {
+				data.Set("client_id", spt.inner.ClientID)
+			} else if msiSecret.clientResourceID != "" {
+				data.Set("msi_res_id", msiSecret.clientResourceID)
+			}
+			req.Body = ioutil.NopCloser(strings.NewReader(data.Encode()))
+			req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+			break
+		case msiTypeIMDS:
+			req.Method = http.MethodGet
+			req.Header.Set("Metadata", "true")
+			break
+		}
+		logger.Instance.WriteRequest(req, logger.Filter{Body: authBodyFilter})
+		resp, err = retryForIMDS(spt.sender, req, spt.MaxMSIRefreshAttempts)
+	} else {
 		v := url.Values{}
 		v.Set("client_id", spt.inner.ClientID)
 		v.Set("resource", resource)
@@ -944,35 +1026,18 @@ func (spt *ServicePrincipalToken) refreshInternal(ctx context.Context, resource
 		req.ContentLength = int64(len(s))
 		req.Header.Set(contentType, mimeTypeFormPost)
 		req.Body = body
-	}
-
-	if _, ok := spt.inner.Secret.(*ServicePrincipalMSISecret); ok {
-		req.Method = http.MethodGet
-		// the metadata header isn't applicable for ASE
-		if !isASEEndpoint(spt.inner.OauthConfig.TokenEndpoint) {
-			req.Header.Set(metadataHeader, "true")
-		}
-	}
-
-	var resp *http.Response
-	if isMSIEndpoint(spt.inner.OauthConfig.TokenEndpoint) {
-		resp, err = getMSIEndpoint(ctx, spt.sender)
-		if err != nil {
-			// return a TokenRefreshError here so that we don't keep retrying
-			return newTokenRefreshError(fmt.Sprintf("the MSI endpoint is not available. Failed HTTP request to MSI endpoint: %v", err), nil)
-		}
-		resp.Body.Close()
-	}
-	if isIMDS(spt.inner.OauthConfig.TokenEndpoint) {
-		resp, err = retryForIMDS(spt.sender, req, spt.MaxMSIRefreshAttempts)
-	} else {
+		logger.Instance.WriteRequest(req, logger.Filter{Body: authBodyFilter})
 		resp, err = spt.sender.Do(req)
 	}
+
+	// don't return a TokenRefreshError here; this will allow retry logic to apply
 	if err != nil {
-		// don't return a TokenRefreshError here; this will allow retry logic to apply
 		return fmt.Errorf("adal: Failed to execute the refresh request. Error = '%v'", err)
+	} else if resp == nil {
+		return fmt.Errorf("adal: received nil response and error")
 	}

+	logger.Instance.WriteResponse(resp, logger.Filter{Body: authBodyFilter})
 	defer resp.Body.Close()
 	rb, err := ioutil.ReadAll(resp.Body)

@@ -1264,3 +1329,8 @@ func MSIAvailable(ctx context.Context, sender Sender) bool {
 	}
 	return err == nil
 }
+
+// used for testing purposes
+var msiAvailableHook = func(ctx context.Context, sender Sender) bool {
+	return MSIAvailable(ctx, sender)
+}
--- a/vendor/github.com/Azure/go-autorest/autorest/adal/token_1.13.go
+++ b/vendor/github.com/Azure/go-autorest/autorest/adal/token_1.13.go
@@ -24,8 +24,6 @@ import (
 )

 func getMSIEndpoint(ctx context.Context, sender Sender) (*http.Response, error) {
-	// this cannot fail, the return sig is due to legacy reasons
-	msiEndpoint, _ := GetMSIVMEndpoint()
 	tempCtx, cancel := context.WithTimeout(ctx, 500*time.Millisecond)
 	defer cancel()
 	// http.NewRequestWithContext() was added in Go 1.13
--- a/vendor/github.com/Azure/go-autorest/autorest/adal/token_legacy.go
+++ b/vendor/github.com/Azure/go-autorest/autorest/adal/token_legacy.go
@@ -23,8 +23,6 @@ import (
 )

 func getMSIEndpoint(ctx context.Context, sender Sender) (*http.Response, error) {
-	// this cannot fail, the return sig is due to legacy reasons
-	msiEndpoint, _ := GetMSIVMEndpoint()
 	tempCtx, cancel := context.WithTimeout(ctx, 500*time.Millisecond)
 	defer cancel()
 	req, _ := http.NewRequest(http.MethodGet, msiEndpoint, nil)
--- a/vendor/github.com/Azure/go-autorest/autorest/client.go
+++ b/vendor/github.com/Azure/go-autorest/autorest/client.go
@@ -17,6 +17,7 @@ package autorest
 import (
 	"bytes"
 	"crypto/tls"
+	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -260,6 +261,9 @@ func (c Client) Do(r *http.Request) (*http.Response, error) {
 		},
 	})
 	resp, err := SendWithSender(c.sender(tls.RenegotiateNever), r)
+	if resp == nil && err == nil {
+		err = errors.New("autorest: received nil response and error")
+	}
 	logger.Instance.WriteResponse(resp, logger.Filter{})
 	Respond(resp, c.ByInspecting())
 	return resp, err
--- a/vendor/github.com/Azure/go-autorest/autorest/go.mod
+++ b/vendor/github.com/Azure/go-autorest/autorest/go.mod
@@ -4,9 +4,9 @@ go 1.12

 require (
 	github.com/Azure/go-autorest v14.2.0+incompatible
-	github.com/Azure/go-autorest/autorest/adal v0.9.5
+	github.com/Azure/go-autorest/autorest/adal v0.9.13
 	github.com/Azure/go-autorest/autorest/mocks v0.4.1
-	github.com/Azure/go-autorest/logger v0.2.0
+	github.com/Azure/go-autorest/logger v0.2.1
 	github.com/Azure/go-autorest/tracing v0.6.0
 	golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0
 )
--- a/vendor/github.com/Azure/go-autorest/autorest/go.sum
+++ b/vendor/github.com/Azure/go-autorest/autorest/go.sum
@@ -1,13 +1,13 @@
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest/autorest/adal v0.9.5 h1:Y3bBUV4rTuxenJJs41HU3qmqsb+auo+a3Lz+PlJPpL0=
-github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
+github.com/Azure/go-autorest/autorest/adal v0.9.13 h1:Mp5hbtOePIzM8pJVRa3YLrWWmZtoxRXqUEzCfJt3+/Q=
+github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
 github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
 github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/logger v0.2.0 h1:e4RVHVZKC5p6UANLJHkM4OfR1UKZPj8Wt8Pcx+3oqrE=
-github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
+github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
+github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=
--- a/vendor/github.com/Azure/go-autorest/autorest/to/go.mod
+++ b/vendor/github.com/Azure/go-autorest/autorest/to/go.mod
@@ -1,3 +1,5 @@
 module github.com/Azure/go-autorest/autorest/to

 go 1.12
+
+require github.com/Azure/go-autorest v14.2.0+incompatible
--- a/vendor/github.com/Azure/go-autorest/autorest/to/go.sum
+++ b/vendor/github.com/Azure/go-autorest/autorest/to/go.sum
@@ -0,0 +1,2 @@
+github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
+github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
--- a/vendor/github.com/Azure/go-autorest/autorest/to/go_mod_tidy_hack.go
+++ b/vendor/github.com/Azure/go-autorest/autorest/to/go_mod_tidy_hack.go
@@ -0,0 +1,24 @@
+// +build modhack
+
+package to
+
+// Copyright 2017 Microsoft Corporation
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+
+// This file, and the github.com/Azure/go-autorest import, won't actually become part of
+// the resultant binary.
+
+// Necessary for safely adding multi-module repo.
+// See: https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository
+import _ "github.com/Azure/go-autorest"
--- a/vendor/github.com/Azure/go-autorest/logger/logger.go
+++ b/vendor/github.com/Azure/go-autorest/logger/logger.go
@@ -55,6 +55,10 @@ const (

 	// LogDebug tells a logger to log all LogDebug, LogInfo, LogWarning, LogError, LogPanic and LogFatal entries passed to it.
 	LogDebug
+
+	// LogAuth is a special case of LogDebug, it tells a logger to also log the body of an authentication request and response.
+	// NOTE: this can disclose sensitive information, use with care.
+	LogAuth
 )

 const (
@@ -65,6 +69,7 @@ const (
 	logWarning = "WARNING"
 	logInfo    = "INFO"
 	logDebug   = "DEBUG"
+	logAuth    = "AUTH"
 	logUnknown = "UNKNOWN"
 )

@@ -83,6 +88,8 @@ func ParseLevel(s string) (lt LevelType, err error) {
 		lt = LogInfo
 	case logDebug:
 		lt = LogDebug
+	case logAuth:
+		lt = LogAuth
 	default:
 		err = fmt.Errorf("bad log level '%s'", s)
 	}
@@ -106,6 +113,8 @@ func (lt LevelType) String() string {
 		return logInfo
 	case LogDebug:
 		return logDebug
+	case LogAuth:
+		return logAuth
 	default:
 		return logUnknown
 	}