Merge pull request #1942 from k8s-infra-cherrypick-robot/cherry-pick-1939-to-release-1.25

[release-1.25] fix: allow clientID, tenantID workload identity parameters in storage class

Author: k8s-ci-robot

pkg/blob/blob.go

@@ -100,8 +100,8 @@ const (
 	ephemeralField                 = "csi.storage.k8s.io/ephemeral"
 	podNamespaceField              = "csi.storage.k8s.io/pod.namespace"
 	serviceAccountTokenField       = "csi.storage.k8s.io/serviceAccount.tokens"
-	clientIDField                  = "clientID"
-	tenantIDField                  = "tenantID"
+	clientIDField                  = "clientid"
+	tenantIDField                  = "tenantid"
 	mountOptionsField              = "mountoptions"
 	falseValue                     = "false"
 	trueValue                      = "true"
@@ -541,9 +541,9 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
 			if getLatestAccountKey, err = strconv.ParseBool(v); err != nil {
 				return rgName, accountName, accountKey, containerName, authEnv, fmt.Errorf("invalid %s: %s in volume context", getLatestAccountKeyField, v)
 			}
-		case strings.ToLower(clientIDField):
+		case clientIDField:
 			clientID = v
-		case strings.ToLower(tenantIDField):
+		case tenantIDField:
 			tenantID = v
 		case strings.ToLower(serviceAccountTokenField):
 			serviceAccountToken = v
@@ -582,7 +582,9 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
 		}
 
 		authEnv = append(authEnv, "AZURE_STORAGE_SPN_CLIENT_ID="+clientID)
-		authEnv = append(authEnv, "AZURE_STORAGE_SPN_TENANT_ID="+tenantID)
+		if tenantID != "" {
+			authEnv = append(authEnv, "AZURE_STORAGE_SPN_TENANT_ID="+tenantID)
+		}
 		authEnv = append(authEnv, "WORKLOAD_IDENTITY_TOKEN="+workloadIdentityToken)
 
 		return rgName, accountName, accountKey, containerName, authEnv, err

pkg/blob/controllerserver.go

@@ -187,6 +187,8 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 		case storageIdentityClientIDField:
 		case storageIdentityObjectIDField:
 		case storageIdentityResourceIDField:
+		case clientIDField:
+		case tenantIDField:
 		case msiEndpointField:
 		case storageAADEndpointField:
 			// no op, only used in NodeStageVolume

pkg/blob/controllerserver_test.go

@@ -449,6 +449,8 @@ func TestCreateVolume(t *testing.T) {
 				mp[mountPermissionsField] = "0750"
 				mp[storageAuthTypeField] = "msi"
 				mp[storageIdentityClientIDField] = "msi"
+				mp[clientIDField] = "clientID"
+				mp[tenantIDField] = "tenantID"
 				mp[storageIdentityObjectIDField] = "msi"
 				mp[storageIdentityResourceIDField] = "msi"
 				mp[msiEndpointField] = "msi"