Identity cleanup mi codepaths (Azure#44698)

* Remove unused MI client from IdentitySyncClient

* IdentityClient is the only remaining consumer of getManagedIdentityConfidentialClient. Moved it up. Rename everything downstream of authenticateWithManagedIdentityConfidentialClient to indicate it is for AKS support now.

* Clean up

Author: billwert

sdk/identity/azure-identity/src/main/java/com/azure/identity/AksExchangeTokenCredential.java

@@ -7,7 +7,6 @@
 import com.azure.core.credential.TokenRequestContext;
 import com.azure.core.util.logging.ClientLogger;
 import com.azure.identity.implementation.IdentityClient;
-
 import reactor.core.publisher.Mono;
 
 /**
@@ -33,6 +32,6 @@ public Mono<AccessToken> authenticate(TokenRequestContext request) {
                 + " 'AZURE_CLIENT_ID' environment variable or through the credential builder."
                 + " Please ensure client id is provided to authenticate via token exchange in AKS environment.")));
         }
-        return identityClient.authenticateWithManagedIdentityConfidentialClient(request);
+        return identityClient.authenticateWithAksConfidentialClient(request);
     }
 }

sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredential.java

@@ -12,8 +12,6 @@
 import com.azure.core.util.logging.ClientLogger;
 import com.azure.identity.implementation.IdentityClientBuilder;
 import com.azure.identity.implementation.IdentityClientOptions;
-import com.azure.identity.implementation.ManagedIdentityParameters;
-import com.azure.identity.implementation.ManagedIdentityType;
 import com.azure.identity.implementation.util.LoggingUtil;
 import com.microsoft.aad.msal4j.ManagedIdentityApplication;
 import com.microsoft.aad.msal4j.ManagedIdentitySourceType;
@@ -120,12 +118,7 @@ public final class ManagedIdentityCredential implements TokenCredential {
          * Choose credential based on available environment variables in this order:
          *
          * Azure Arc: IDENTITY_ENDPOINT, IMDS_ENDPOINT
-         * Service Fabric: IDENTITY_ENDPOINT, IDENTITY_HEADER, IDENTITY_SERVER_THUMBPRINT
-         * App Service 2019-08-01: IDENTITY_ENDPOINT, IDENTITY_HEADER (MSI_ENDPOINT and MSI_SECRET will also be set.)
-         * App Service 2017-09-01: MSI_ENDPOINT, MSI_SECRET
-         * Cloud Shell: MSI_ENDPOINT
-         * Pod Identity V2 (AksExchangeToken): AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_FEDERATED_TOKEN_FILE
-         * IMDS/Pod Identity V1: No variables set.
+         * Other scenarios: Delegated to MSAL.
          */
         if (configuration.contains(Configuration.PROPERTY_AZURE_TENANT_ID)
             && configuration.get(AZURE_FEDERATED_TOKEN_FILE) != null) {
@@ -136,51 +129,13 @@ public final class ManagedIdentityCredential implements TokenCredential {
             clientBuilder.clientAssertionPath(configuration.get(AZURE_FEDERATED_TOKEN_FILE));
             clientBuilder.clientAssertionTimeout(Duration.ofMinutes(5));
             managedIdentityServiceCredential = new AksExchangeTokenCredential(clientIdentifier,
-                clientBuilder
-                    .identityClientOptions(
-                        updateIdentityClientOptions(ManagedIdentityType.AKS, identityClientOptions, configuration))
-                    .build());
+                clientBuilder.identityClientOptions(identityClientOptions).build());
         } else {
-            identityClientOptions.setManagedIdentityType(getManagedIdentityEnv(configuration));
             managedIdentityServiceCredential = new ManagedIdentityMsalCredential(clientId, clientBuilder.build());
         }
         LoggingUtil.logAvailableEnvironmentVariables(LOGGER, configuration);
     }
 
-    private IdentityClientOptions updateIdentityClientOptions(ManagedIdentityType managedIdentityType,
-        IdentityClientOptions clientOptions, Configuration configuration) {
-        switch (managedIdentityType) {
-            case APP_SERVICE:
-                return clientOptions.setManagedIdentityType(ManagedIdentityType.APP_SERVICE)
-                    .setManagedIdentityParameters(new ManagedIdentityParameters()
-                        .setMsiEndpoint(configuration.get(Configuration.PROPERTY_MSI_ENDPOINT))
-                        .setMsiSecret(configuration.get(Configuration.PROPERTY_MSI_SECRET))
-                        .setIdentityEndpoint(configuration.get(Configuration.PROPERTY_IDENTITY_ENDPOINT))
-                        .setIdentityHeader(configuration.get(Configuration.PROPERTY_IDENTITY_HEADER)));
-
-            case SERVICE_FABRIC:
-                return clientOptions.setManagedIdentityType(ManagedIdentityType.SERVICE_FABRIC)
-                    .setManagedIdentityParameters(new ManagedIdentityParameters()
-                        .setIdentityServerThumbprint(configuration.get(PROPERTY_IDENTITY_SERVER_THUMBPRINT))
-                        .setIdentityEndpoint(configuration.get(Configuration.PROPERTY_IDENTITY_ENDPOINT))
-                        .setIdentityHeader(configuration.get(Configuration.PROPERTY_IDENTITY_HEADER)));
-
-            case ARC:
-                return clientOptions.setManagedIdentityType(ManagedIdentityType.ARC)
-                    .setManagedIdentityParameters(new ManagedIdentityParameters()
-                        .setIdentityEndpoint(configuration.get(Configuration.PROPERTY_IDENTITY_ENDPOINT)));
-
-            case VM:
-                return clientOptions.setManagedIdentityType(ManagedIdentityType.VM);
-
-            case AKS:
-                return clientOptions.setManagedIdentityType(ManagedIdentityType.AKS);
-
-            default:
-                return clientOptions;
-        }
-    }
-
     /**
      * Gets the client ID of user assigned or system assigned identity.
      * @return the client ID of user assigned or system assigned identity.
@@ -223,29 +178,6 @@ public Mono<AccessToken> getToken(TokenRequestContext request) {
             .doOnError(error -> LoggingUtil.logTokenError(LOGGER, identityClientOptions, request, error));
     }
 
-    ManagedIdentityType getManagedIdentityEnv(Configuration configuration) {
-        if (configuration.contains(Configuration.PROPERTY_MSI_ENDPOINT)) {
-            return ManagedIdentityType.APP_SERVICE;
-        } else if (configuration.contains(Configuration.PROPERTY_IDENTITY_ENDPOINT)) {
-            if (configuration.contains(Configuration.PROPERTY_IDENTITY_HEADER)) {
-                if (configuration.get(PROPERTY_IDENTITY_SERVER_THUMBPRINT) != null) {
-                    return ManagedIdentityType.SERVICE_FABRIC;
-                } else {
-                    return ManagedIdentityType.APP_SERVICE;
-                }
-            } else if (configuration.get(PROPERTY_IMDS_ENDPOINT) != null) {
-                return ManagedIdentityType.ARC;
-            } else {
-                return ManagedIdentityType.VM;
-            }
-        } else if (configuration.contains(Configuration.PROPERTY_AZURE_TENANT_ID)
-            && configuration.get(AZURE_FEDERATED_TOKEN_FILE) != null) {
-            return ManagedIdentityType.AKS;
-        } else {
-            return ManagedIdentityType.VM;
-        }
-    }
-
     String fetchManagedIdentityId(String clientId, String resourceId, String objectId) {
         if (clientId != null) {
             return clientId;