Skip to content

Commit d3cd71d

Browse files
andyzhangxandyzhangx
committed
feat: use kubelet identity by default in msi auth
1 parent d84a738 commit d3cd71d

File tree

1 file changed

+19
-1
lines changed

1 file changed

+19
-1
lines changed

pkg/blob/blob.go

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,7 @@ const (
8383
storageSPNClientIDField = "azurestoragespnclientid"
8484
storageSPNTenantIDField = "azurestoragespntenantid"
8585
storageAuthTypeField = "azurestorageauthtype"
86+
storageAuthTypeMSI = "msi"
8687
storageIdentityClientIDField = "azurestorageidentityclientid"
8788
storageIdentityObjectIDField = "azurestorageidentityobjectid"
8889
storageIdentityResourceIDField = "azurestorageidentityresourceid"
@@ -635,7 +636,7 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
635636
if spnTenantID != "" {
636637
storageSPNTenantID = spnTenantID
637638
}
638-
if err != nil && strings.EqualFold(azureStorageAuthType, "msi") {
639+
if err != nil && strings.EqualFold(azureStorageAuthType, storageAuthTypeMSI) {
639640
klog.V(2).Infof("ignore error(%v) since secret is optional for auth type(%s)", err, azureStorageAuthType)
640641
err = nil
641642
}
@@ -708,6 +709,23 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
708709
authEnv = append(authEnv, "AZURE_STORAGE_SPN_TENANT_ID="+storageSPNTenantID)
709710
}
710711

712+
if azureStorageAuthType == storageAuthTypeMSI {
713+
// check whether authEnv contains AZURE_STORAGE_IDENTITY_ prefix
714+
containsIdentityEnv := false
715+
for _, env := range authEnv {
716+
if strings.HasPrefix(env, "AZURE_STORAGE_IDENTITY_") {
717+
klog.V(2).Infof("AZURE_STORAGE_IDENTITY_ is already set in authEnv, skip setting it again")
718+
containsIdentityEnv = true
719+
break
720+
}
721+
}
722+
if !containsIdentityEnv && d.cloud != nil && d.cloud.Config.AzureAuthConfig.UserAssignedIdentityID != "" {
723+
klog.V(2).Infof("azureStorageAuthType is set to %s, add AZURE_STORAGE_IDENTITY_CLIENT_ID(%s) into authEnv",
724+
azureStorageAuthType, d.cloud.Config.AzureAuthConfig.UserAssignedIdentityID)
725+
authEnv = append(authEnv, "AZURE_STORAGE_IDENTITY_CLIENT_ID="+d.cloud.Config.AzureAuthConfig.UserAssignedIdentityID)
726+
}
727+
}
728+
711729
return rgName, accountName, accountKey, containerName, authEnv, err
712730
}
713731

0 commit comments

Comments
 (0)