Skip to content

Commit 6f3d73d

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #2084 from k8s-infra-cherrypick-robot/cherry-pick-2081-to-release-1.24
[release-1.24] feat: use kubelet identity by default in msi auth
2 parents 9b3f9ba + 3239eb9 commit 6f3d73d

File tree

1 file changed

+19
-1
lines changed

1 file changed

+19
-1
lines changed

pkg/blob/blob.go

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,7 @@ const (
8484
storageSPNClientIDField = "azurestoragespnclientid"
8585
storageSPNTenantIDField = "azurestoragespntenantid"
8686
storageAuthTypeField = "azurestorageauthtype"
87+
storageAuthTypeMSI = "msi"
8788
storageIdentityClientIDField = "azurestorageidentityclientid"
8889
storageIdentityObjectIDField = "azurestorageidentityobjectid"
8990
storageIdentityResourceIDField = "azurestorageidentityresourceid"
@@ -600,7 +601,7 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
600601
if spnTenantID != "" {
601602
storageSPNTenantID = spnTenantID
602603
}
603-
if err != nil && strings.EqualFold(azureStorageAuthType, "msi") {
604+
if err != nil && strings.EqualFold(azureStorageAuthType, storageAuthTypeMSI) {
604605
klog.V(2).Infof("ignore error(%v) since secret is optional for auth type(%s)", err, azureStorageAuthType)
605606
err = nil
606607
}
@@ -673,6 +674,23 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
673674
authEnv = append(authEnv, "AZURE_STORAGE_SPN_TENANT_ID="+storageSPNTenantID)
674675
}
675676

677+
if azureStorageAuthType == storageAuthTypeMSI {
678+
// check whether authEnv contains AZURE_STORAGE_IDENTITY_ prefix
679+
containsIdentityEnv := false
680+
for _, env := range authEnv {
681+
if strings.HasPrefix(env, "AZURE_STORAGE_IDENTITY_") {
682+
klog.V(2).Infof("AZURE_STORAGE_IDENTITY_ is already set in authEnv, skip setting it again")
683+
containsIdentityEnv = true
684+
break
685+
}
686+
}
687+
if !containsIdentityEnv && d.cloud != nil && d.cloud.Config.AzureAuthConfig.UserAssignedIdentityID != "" {
688+
klog.V(2).Infof("azureStorageAuthType is set to %s, add AZURE_STORAGE_IDENTITY_CLIENT_ID(%s) into authEnv",
689+
azureStorageAuthType, d.cloud.Config.AzureAuthConfig.UserAssignedIdentityID)
690+
authEnv = append(authEnv, "AZURE_STORAGE_IDENTITY_CLIENT_ID="+d.cloud.Config.AzureAuthConfig.UserAssignedIdentityID)
691+
}
692+
}
693+
676694
return rgName, accountName, accountKey, containerName, authEnv, err
677695
}
678696

0 commit comments

Comments
 (0)