[Storage][Azdatalake][BugFix] Fix panic on auth failure (Azure#24811)

* fix panic on authentication failure

* fix panic on authentication failure

* Update sdk/storage/azdatalake/directory/client.go

Co-authored-by: Copilot <[email protected]>

---------

Co-authored-by: Copilot <[email protected]>

Author: tanyasethi-msft

sdk/storage/azdatalake/CHANGELOG.md

@@ -7,6 +7,7 @@
 ### Breaking Changes
 
 ### Bugs Fixed
+* Fix panic in File and Directory client DownloadStream and Get Properties on authentication failure.
 
 ### Other Changes
 

sdk/storage/azdatalake/directory/client.go

@@ -279,9 +279,11 @@ func (d *Client) GetProperties(ctx context.Context, options *GetPropertiesOption
 	var respFromCtx *http.Response
 	ctxWithResp := shared.WithCaptureBlobResponse(ctx, &respFromCtx)
 	resp, err := d.blobClient().GetProperties(ctxWithResp, opts)
+	if err != nil {
+		return GetPropertiesResponse{}, exported.ConvertToDFSError(err)
+	}
 	newResp := path.FormatGetPropertiesResponse(&resp, respFromCtx)
-	err = exported.ConvertToDFSError(err)
-	return newResp, err
+	return newResp, nil
 }
 
 // Rename renames a directory. The original directory will no longer exist and the client will be stale.

sdk/storage/azdatalake/directory/client_test.go

@@ -8,7 +8,9 @@ package directory_test
 
 import (
 	"context"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azdatalake"
+	"github.com/Azure/azure-sdk-for-go/sdk/storage/azdatalake/service"
 	"net/http"
 	"strconv"
 	"testing"
@@ -2979,3 +2981,30 @@ func (s *RecordedTestSuite) TestCreateDirectoryClientCustomAudience() {
 	_require.NoError(err)
 
 }
+
+func (s *UnrecordedTestSuite) TestDirectoryClientOnAuthenticationFailure() {
+	_require := require.New(s.T())
+	testName := s.T().Name()
+
+	tenantID := "xxx"
+	clientID := "xxx"
+	clientSecret := "xxx"
+
+	cred, err := azidentity.NewClientSecretCredential(tenantID, clientID, clientSecret, nil)
+	_require.NoError(err)
+
+	accountName, _ := testcommon.GetGenericAccountInfo(testcommon.TestAccountDatalake)
+	url := "https://" + accountName + ".dfs.core.windows.net/"
+
+	srvClient, err := service.NewClient(url, cred, nil)
+	_require.NoError(err)
+
+	fsName := testcommon.GenerateFileSystemName(testName)
+	fsClient := srvClient.NewFileSystemClient(fsName)
+	dirClient := fsClient.NewDirectoryClient("testdir")
+
+	// This should return an error, not panic
+	_, err = dirClient.GetProperties(context.Background(), nil)
+	_require.Error(err, "Expected authentication error")
+	_require.Contains(err.Error(), "ClientSecretCredential")
+}

sdk/storage/azdatalake/file/client.go

@@ -558,6 +558,9 @@ func (f *Client) DownloadStream(ctx context.Context, o *DownloadStreamOptions) (
 	var respFromCtx *http.Response
 	ctxWithResp := shared.WithCaptureBlobResponse(ctx, &respFromCtx)
 	resp, err := f.blobClient().DownloadStream(ctxWithResp, opts)
+	if err != nil {
+		return DownloadStreamResponse{}, exported.ConvertToDFSError(err)
+	}
 	newResp := FormatDownloadStreamResponse(&resp, respFromCtx)
 	fullResp := DownloadStreamResponse{
 		client:           f,
@@ -567,7 +570,7 @@ func (f *Client) DownloadStream(ctx context.Context, o *DownloadStreamOptions) (
 		cpkScope:         o.CPKScopeInfo,
 	}
 
-	return fullResp, exported.ConvertToDFSError(err)
+	return fullResp, nil
 }
 
 // DownloadBuffer downloads an Azure file to a buffer with parallel.

sdk/storage/azdatalake/file/client_test.go

@@ -14,6 +14,7 @@ import (
 	"encoding/binary"
 	"fmt"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/log"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/lease"
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azdatalake/internal/path"
 	"hash/crc64"
@@ -5683,3 +5684,31 @@ func (s *UnrecordedTestSuite) TestGetPropertiesWithInvalidSAS() {
 	_, err = fClientWithInvalidSAS.GetProperties(context.Background(), nil)
 	_require.Error(err)
 }
+
+// TestFileClientAuthenticationFailure tests that GetProperties and DownloadStream handle authentication failures gracefully
+func (s *UnrecordedTestSuite) TestFileClientAuthenticationFailure() {
+	_require := require.New(s.T())
+	tenantID := "invalid-tenant-id"
+	clientID := "invalid-client-id"
+	clientSecret := "invalid-secret"
+
+	cred, err := azidentity.NewClientSecretCredential(tenantID, clientID, clientSecret, nil)
+	_require.NoError(err)
+	accountName, _ := testcommon.GetGenericAccountInfo(testcommon.TestAccountDatalake)
+	url := "https://" + accountName + ".dfs.core.windows.net/"
+
+	srvClient, err := service.NewClient(url, cred, nil)
+	_require.NoError(err)
+
+	fsClient := srvClient.NewFileSystemClient("testfs")
+	fileClient := fsClient.NewFileClient("testfile")
+
+	_, err = fileClient.GetProperties(context.Background(), nil)
+	_require.Error(err, "Expected authentication error")
+	_require.Contains(err.Error(), "ClientSecretCredential")
+
+	// Test DownloadStream - should return an error, not panic
+	_, err = fileClient.DownloadStream(context.Background(), nil)
+	_require.Error(err, "Expected authentication error")
+	_require.Contains(err.Error(), "ClientSecretCredential")
+}