Merge pull request noobaa#1818 from naveenpaul1/azure-sts-namespacestore

STS | Azure Identity flow support in Namespacestore

Author: naveenpaul1

pkg/namespacestore/reconciler.go

@@ -638,10 +638,19 @@ func (r *Reconciler) MakeExternalConnectionParams() (*nb.AddExternalConnectionPa
 		conn.Endpoint = IBMCos.Endpoint
 
 	case nbv1.NSStoreTypeAzureBlob:
-		conn.EndpointType = nb.EndpointTypeAzure
 		conn.Endpoint = "https://blob.core.windows.net"
-		conn.Identity = nb.MaskedString(r.Secret.StringData["AccountName"])
-		conn.Secret = nb.MaskedString(r.Secret.StringData["AccountKey"])
+		if util.IsAzureSTSClusterNS(r.NamespaceStore) {
+			conn.EndpointType = nb.EndpointTypeAzureSTS
+			conn.AzureSTSCredentials = &nb.AzureSTSCredentials{
+				ClientID: r.Secret.StringData["azure_client_id"],
+				TenantID: r.Secret.StringData["azure_tenant_id"],
+			}
+		} else {
+			conn.EndpointType = nb.EndpointTypeAzure
+			conn.Identity = nb.MaskedString(r.Secret.StringData["AccountName"])
+			conn.Secret = nb.MaskedString(r.Secret.StringData["AccountKey"])
+		}
+
 		tenantID := r.Secret.StringData["TenantID"]
 		appID := r.Secret.StringData["ApplicationID"]
 		appSecret := r.Secret.StringData["ApplicationSecret"]
@@ -723,15 +732,16 @@ func (r *Reconciler) ReconcileExternalConnection() error {
 	}
 
 	checkConnectionParams := &nb.CheckExternalConnectionParams{
-		Name:               r.AddExternalConnectionParams.Name,
-		EndpointType:       r.AddExternalConnectionParams.EndpointType,
-		Endpoint:           r.AddExternalConnectionParams.Endpoint,
-		Identity:           r.AddExternalConnectionParams.Identity,
-		Secret:             r.AddExternalConnectionParams.Secret,
-		AuthMethod:         r.AddExternalConnectionParams.AuthMethod,
-		AWSSTSARN:          r.AddExternalConnectionParams.AWSSTSARN,
-		AzureLogAccessKeys: r.AddExternalConnectionParams.AzureLogAccessKeys,
-		Region:             r.AddExternalConnectionParams.Region,
+		Name:                r.AddExternalConnectionParams.Name,
+		EndpointType:        r.AddExternalConnectionParams.EndpointType,
+		Endpoint:            r.AddExternalConnectionParams.Endpoint,
+		Identity:            r.AddExternalConnectionParams.Identity,
+		Secret:              r.AddExternalConnectionParams.Secret,
+		AuthMethod:          r.AddExternalConnectionParams.AuthMethod,
+		AWSSTSARN:           r.AddExternalConnectionParams.AWSSTSARN,
+		AzureLogAccessKeys:  r.AddExternalConnectionParams.AzureLogAccessKeys,
+		Region:              r.AddExternalConnectionParams.Region,
+		AzureSTSCredentials: r.AddExternalConnectionParams.AzureSTSCredentials,
 	}
 
 	if r.UpdateExternalConnectionParams != nil {

pkg/system/phase2_creating.go

@@ -1031,11 +1031,11 @@ func (r *Reconciler) ReconcileAWSCredentials() error {
 
 // ReconcileAzureCredentials creates a CredentialsRequest resource if cloud credentials operator is available
 func (r *Reconciler) ReconcileAzureCredentials() error {
-	resourcegroupID := os.Getenv(resourcegroupIDEnvVar)
-	if resourcegroupID != "" {
+	clientID := os.Getenv(clientIDEnvVar)
+	if clientID != "" {
 		r.IsAzureSTSCluster = true
 	}
-	clientID := os.Getenv(clientIDEnvVar)
+	resourcegroupID := os.Getenv(resourcegroupIDEnvVar)
 	tenantID := os.Getenv(tenantIDEnvVar)
 	subscriptionID := os.Getenv(subscriptionIDEnvVar)
 	r.Logger.Infof("Getting Azure : %s = %s", clientIDEnvVar, clientID)

pkg/util/util.go

@@ -1149,6 +1149,14 @@ func IsAzureSTSClusterBS(bs *nbv1.BackingStore) bool {
 	return false
 }
 
+// IsAzureSTSClusterNS returns true if it is running on an STS cluster
+func IsAzureSTSClusterNS(ns *nbv1.NamespaceStore) bool {
+	if ns.Spec.Type == nbv1.NSStoreTypeAzureBlob {
+		return ns.Spec.AzureBlob.ClientId != nil
+	}
+	return false
+}
+
 // IsAzurePlatformNonGovernment returns true if this cluster is running on Azure and also not on azure government\DOD cloud
 func IsAzurePlatformNonGovernment() bool {
 	nodesList := &corev1.NodeList{}