From cb2731ef7864247fc683b8d3b8b52edf6b9b9f32 Mon Sep 17 00:00:00 2001
From: Bartosz Slawianowski <bartosz.slawianowski@natzka.com>
Date: Tue, 16 Jul 2024 01:23:40 +0200
Subject: [PATCH 1/2] fix: Handle case of Azure returning auth error

Signed-off-by: Bartosz Slawianowski <bartosz.slawianowski@natzka.com>
---
 pkg/issuer/acme/dns/azuredns/azuredns.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go
index c6148feff..7fedb0cbd 100644
--- a/pkg/issuer/acme/dns/azuredns/azuredns.go
+++ b/pkg/issuer/acme/dns/azuredns/azuredns.go
@@ -210,7 +210,7 @@ func (c *DNSProvider) updateTXTRecord(ctx context.Context, fqdn string, updater
 	resp, err := c.recordClient.Get(ctx, c.resourceGroupName, zone, name, dns.RecordTypeTXT, nil)
 	if err != nil {
 		var respErr *azcore.ResponseError
-		if errors.As(err, &respErr); respErr.StatusCode == http.StatusNotFound {
+		if errors.As(err, &respErr); respErr != nil && respErr.StatusCode == http.StatusNotFound {
 			set = &dns.RecordSet{
 				Properties: &dns.RecordSetProperties{
 					TTL:        to.Ptr(int64(60)),

From 30d4fce8a8e481ac7907fc2a02dca36b3cd82395 Mon Sep 17 00:00:00 2001
From: Bartosz Slawianowski <bartosz.slawianowski@natzka.com>
Date: Tue, 16 Jul 2024 18:26:23 +0200
Subject: [PATCH 2/2] Add test case

Signed-off-by: Bartosz Slawianowski <bartosz.slawianowski@natzka.com>
---
 pkg/issuer/acme/dns/azuredns/azuredns_test.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/pkg/issuer/acme/dns/azuredns/azuredns_test.go b/pkg/issuer/acme/dns/azuredns/azuredns_test.go
index 5823bab98..7dcf94ed7 100644
--- a/pkg/issuer/acme/dns/azuredns/azuredns_test.go
+++ b/pkg/issuer/acme/dns/azuredns/azuredns_test.go
@@ -128,6 +128,17 @@ func TestInvalidAzureDns(t *testing.T) {
 	assert.Error(t, err)
 }
 
+func TestAuthenticationError(t *testing.T) {
+	provider, err := NewDNSProviderCredentials("", "invalid-client-id", "invalid-client-secret", "subid", "tenid", "rg", "example.com", util.RecursiveNameservers, false, &v1.AzureManagedIdentity{})
+	assert.NoError(t, err)
+
+	err = provider.Present(context.TODO(), "example.com", "_acme-challenge.example.com.", "123d==")
+	assert.Error(t, err)
+
+	err = provider.CleanUp(context.TODO(), "example.com", "_acme-challenge.example.com.", "123d==")
+	assert.Error(t, err)
+}
+
 func populateFederatedToken(t *testing.T, filename string, content string) {
 	t.Helper()