From 0de58013dbba84d0e297090a2c24c5a63e8a138d Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 20 Jan 2025 10:12:40 +0000
Subject: [PATCH] fix(deps): update github.com/thanos-io/objstore digest to
 4b72edf

---
 go.mod                                        |  2 +-
 go.sum                                        |  4 +--
 .../thanos-io/objstore/CHANGELOG.md           |  2 ++
 .../objstore/providers/azure/azure.go         | 11 ++++++++
 .../objstore/providers/azure/helpers.go       | 26 +++++++++++--------
 .../thanos-io/objstore/providers/s3/s3.go     | 18 +++++++++++--
 vendor/modules.txt                            |  2 +-
 7 files changed, 48 insertions(+), 17 deletions(-)

diff --git a/go.mod b/go.mod
index d6ac60ff726..d182c7e9a95 100644
--- a/go.mod
+++ b/go.mod
@@ -76,7 +76,7 @@ require (
 	github.com/pierrec/lz4/v4 v4.1.22
 	github.com/prometheus/procfs v0.15.1
 	github.com/shirou/gopsutil/v4 v4.24.12
-	github.com/thanos-io/objstore v0.0.0-20250114133649-ed170e907b25
+	github.com/thanos-io/objstore v0.0.0-20250120094545-4b72edf06a59
 	github.com/tjhop/slog-gokit v0.1.2
 	github.com/twmb/franz-go v1.18.0
 	github.com/twmb/franz-go/pkg/kadm v1.14.0
diff --git a/go.sum b/go.sum
index 5af9cfeb62a..d8831119b6d 100644
--- a/go.sum
+++ b/go.sum
@@ -1723,8 +1723,8 @@ github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf
 github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
 github.com/tencentyun/cos-go-sdk-v5 v0.7.40 h1:W6vDGKCHe4wBACI1d2UgE6+50sJFhRWU4O8IB2ozzxM=
 github.com/tencentyun/cos-go-sdk-v5 v0.7.40/go.mod h1:4dCEtLHGh8QPxHEkgq+nFaky7yZxQuYwgSJM87icDaw=
-github.com/thanos-io/objstore v0.0.0-20250114133649-ed170e907b25 h1:aOB5Uc9HDomqzO+kPq77X0xDji60kPqYvw6+yws1j3s=
-github.com/thanos-io/objstore v0.0.0-20250114133649-ed170e907b25/go.mod h1:Quz9HUDjGidU0RQpoytzK4KqJ7kwzP+DMAm4K57/usM=
+github.com/thanos-io/objstore v0.0.0-20250120094545-4b72edf06a59 h1:baslL6W/++17WFDtNd/hXC3H9LUBqTd3mzU2iKwStPU=
+github.com/thanos-io/objstore v0.0.0-20250120094545-4b72edf06a59/go.mod h1:Quz9HUDjGidU0RQpoytzK4KqJ7kwzP+DMAm4K57/usM=
 github.com/tjhop/slog-gokit v0.1.2 h1:pmQI4SvU9h4gA0vIQsdhJQSqQg4mOmsPykG2/PM3j1I=
 github.com/tjhop/slog-gokit v0.1.2/go.mod h1:8fhlcp8C8ELbg3GCyKv06tgt4B5sDq2P1r2DQAu1HuM=
 github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFAEVmqU=
diff --git a/vendor/github.com/thanos-io/objstore/CHANGELOG.md b/vendor/github.com/thanos-io/objstore/CHANGELOG.md
index a755503033c..679d6705d18 100644
--- a/vendor/github.com/thanos-io/objstore/CHANGELOG.md
+++ b/vendor/github.com/thanos-io/objstore/CHANGELOG.md
@@ -11,9 +11,11 @@ We use *breaking :warning:* to mark changes that are not backward compatible (re
 ## Unreleased
 - [#38](https://github.com/thanos-io/objstore/pull/38) GCS: Upgrade cloud.google.com/go/storage version to `v1.43.0`.
 - [#145](https://github.com/thanos-io/objstore/pull/145) Include content length in the response of Get and GetRange.
+- [#157](https://github.com/thanos-io/objstore/pull/157) Azure: Add `az_tenant_id`, `client_id` and `client_secret` configs.
 
 ### Fixed
 - [#153](https://github.com/thanos-io/objstore/pull/153) Metrics: Fix `objstore_bucket_operation_duration_seconds_*` for `get` and `get_range` operations.
+- [#141](https://github.com/thanos-io/objstore/pull/142) S3: Fix missing encryption configuration for `Bucket.Exists()` and `Bucket.Attributes()` calls.
 - [#117](https://github.com/thanos-io/objstore/pull/117) Metrics: Fix `objstore_bucket_operation_failures_total` incorrectly incremented if context is cancelled while reading object contents.
 - [#115](https://github.com/thanos-io/objstore/pull/115) GCS: Fix creation of bucket with GRPC connections. Also update storage client to `v1.40.0`.
 - [#102](https://github.com/thanos-io/objstore/pull/102) Azure: bump azblob sdk to get concurrency fixes.
diff --git a/vendor/github.com/thanos-io/objstore/providers/azure/azure.go b/vendor/github.com/thanos-io/objstore/providers/azure/azure.go
index 8d055e77e24..05fbdb55c0c 100644
--- a/vendor/github.com/thanos-io/objstore/providers/azure/azure.go
+++ b/vendor/github.com/thanos-io/objstore/providers/azure/azure.go
@@ -46,6 +46,9 @@ var DefaultConfig = Config{
 
 // Config Azure storage configuration.
 type Config struct {
+	AzTenantID              string             `yaml:"az_tenant_id"`
+	ClientID                string             `yaml:"client_id"`
+	ClientSecret            string             `yaml:"client_secret"`
 	StorageAccountName      string             `yaml:"storage_account"`
 	StorageAccountKey       string             `yaml:"storage_account_key"`
 	StorageConnectionString string             `yaml:"storage_connection_string"`
@@ -84,6 +87,14 @@ func (conf *Config) validate() error {
 		errMsg = append(errMsg, "user_assigned_id cannot be set when using storage_connection_string authentication")
 	}
 
+	if conf.UserAssignedID != "" && conf.ClientID != "" {
+		errMsg = append(errMsg, "user_assigned_id cannot be set when using client_id authentication")
+	}
+
+	if (conf.AzTenantID != "" || conf.ClientSecret != "" || conf.ClientID != "") && (conf.AzTenantID == "" || conf.ClientSecret == "" || conf.ClientID == "") {
+		errMsg = append(errMsg, "az_tenant_id, client_id, and client_secret must be set together")
+	}
+
 	if conf.StorageAccountKey != "" && conf.StorageConnectionString != "" {
 		errMsg = append(errMsg, "storage_account_key and storage_connection_string cannot both be set")
 	}
diff --git a/vendor/github.com/thanos-io/objstore/providers/azure/helpers.go b/vendor/github.com/thanos-io/objstore/providers/azure/helpers.go
index deb86d03d07..0b76ddb3fa5 100644
--- a/vendor/github.com/thanos-io/objstore/providers/azure/helpers.go
+++ b/vendor/github.com/thanos-io/objstore/providers/azure/helpers.go
@@ -71,17 +71,7 @@ func getContainerClient(conf Config, wrapRoundtripper func(http.RoundTripper) ht
 	}
 
 	// Otherwise use a token credential
-	var cred azcore.TokenCredential
-
-	// Use Managed Identity Credential if a user assigned ID is set
-	if conf.UserAssignedID != "" {
-		msiOpt := &azidentity.ManagedIdentityCredentialOptions{}
-		msiOpt.ID = azidentity.ClientID(conf.UserAssignedID)
-		cred, err = azidentity.NewManagedIdentityCredential(msiOpt)
-	} else {
-		// Otherwise use Default Azure Credential
-		cred, err = azidentity.NewDefaultAzureCredential(nil)
-	}
+	cred, err := getTokenCredential(conf)
 
 	if err != nil {
 		return nil, err
@@ -94,3 +84,17 @@ func getContainerClient(conf Config, wrapRoundtripper func(http.RoundTripper) ht
 
 	return containerClient, nil
 }
+
+func getTokenCredential(conf Config) (azcore.TokenCredential, error) {
+	if conf.ClientSecret != "" && conf.AzTenantID != "" && conf.ClientID != "" {
+		return azidentity.NewClientSecretCredential(conf.AzTenantID, conf.ClientID, conf.ClientSecret, &azidentity.ClientSecretCredentialOptions{})
+	}
+
+	if conf.UserAssignedID == "" {
+		return azidentity.NewDefaultAzureCredential(nil)
+	}
+
+	msiOpt := &azidentity.ManagedIdentityCredentialOptions{}
+	msiOpt.ID = azidentity.ClientID(conf.UserAssignedID)
+	return azidentity.NewManagedIdentityCredential(msiOpt)
+}
diff --git a/vendor/github.com/thanos-io/objstore/providers/s3/s3.go b/vendor/github.com/thanos-io/objstore/providers/s3/s3.go
index cda78838ec4..62107ec4828 100644
--- a/vendor/github.com/thanos-io/objstore/providers/s3/s3.go
+++ b/vendor/github.com/thanos-io/objstore/providers/s3/s3.go
@@ -513,7 +513,14 @@ func (b *Bucket) GetRange(ctx context.Context, name string, off, length int64) (
 
 // Exists checks if the given object exists.
 func (b *Bucket) Exists(ctx context.Context, name string) (bool, error) {
-	_, err := b.client.StatObject(ctx, b.name, name, minio.StatObjectOptions{})
+	sse, err := b.getServerSideEncryption(ctx)
+	if err != nil {
+		return false, err
+	}
+
+	_, err = b.client.StatObject(ctx, b.name, name, minio.StatObjectOptions{
+		ServerSideEncryption: sse,
+	})
 	if err != nil {
 		if b.IsObjNotFoundErr(err) {
 			return false, nil
@@ -576,7 +583,14 @@ func (b *Bucket) Upload(ctx context.Context, name string, r io.Reader) error {
 
 // Attributes returns information about the specified object.
 func (b *Bucket) Attributes(ctx context.Context, name string) (objstore.ObjectAttributes, error) {
-	objInfo, err := b.client.StatObject(ctx, b.name, name, minio.StatObjectOptions{})
+	sse, err := b.getServerSideEncryption(ctx)
+	if err != nil {
+		return objstore.ObjectAttributes{}, err
+	}
+
+	objInfo, err := b.client.StatObject(ctx, b.name, name, minio.StatObjectOptions{
+		ServerSideEncryption: sse,
+	})
 	if err != nil {
 		return objstore.ObjectAttributes{}, err
 	}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index ef6b7896753..d38f23d2753 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1177,7 +1177,7 @@ github.com/stretchr/testify/assert
 github.com/stretchr/testify/assert/yaml
 github.com/stretchr/testify/mock
 github.com/stretchr/testify/require
-# github.com/thanos-io/objstore v0.0.0-20250114133649-ed170e907b25
+# github.com/thanos-io/objstore v0.0.0-20250120094545-4b72edf06a59
 ## explicit; go 1.22
 github.com/thanos-io/objstore
 github.com/thanos-io/objstore/exthttp