Skip to content

Commit dc5b1dc

Browse files
nojnhuhnojnhuh
committed
include auth type in client cache key
1 parent fecdf4d commit dc5b1dc

File tree

2 files changed

+12
-1
lines changed

2 files changed

+12
-1
lines changed

azure/scope/clients.go

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ import (
2727
"github.com/Azure/azure-sdk-for-go/sdk/azcore"
2828
azureautorest "github.com/Azure/go-autorest/autorest/azure"
2929
"github.com/Azure/go-autorest/autorest/azure/auth"
30+
infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
3031
)
3132

3233
// AzureClients contains all the Azure clients used by the scopes.
@@ -36,6 +37,8 @@ type AzureClients struct {
3637
TokenCredential azcore.TokenCredential
3738
ResourceManagerEndpoint string
3839
ResourceManagerVMDNSSuffix string
40+
41+
authType infrav1.IdentityType
3942
}
4043

4144
// CloudEnvironment returns the Azure environment the controller runs in.
@@ -73,7 +76,7 @@ func (c *AzureClients) Token() azcore.TokenCredential {
7376
// ClientID).
7477
func (c *AzureClients) HashKey() string {
7578
hasher := sha256.New()
76-
_, _ = hasher.Write([]byte(c.TenantID() + c.CloudEnvironment() + c.SubscriptionID() + c.ClientID()))
79+
_, _ = hasher.Write([]byte(c.TenantID() + c.CloudEnvironment() + c.SubscriptionID() + c.ClientID() + string(c.authType)))
7780
return base64.URLEncoding.EncodeToString(hasher.Sum(nil))
7881
}
7982

@@ -107,6 +110,8 @@ func (c *AzureClients) setCredentialsWithProvider(ctx context.Context, subscript
107110
}
108111
c.Values["AZURE_CLIENT_SECRET"] = strings.TrimSuffix(clientSecret, "\n")
109112

113+
c.authType = credentialsProvider.Type()
114+
110115
tokenCredential, err := credentialsProvider.GetTokenCredential(ctx, c.ResourceManagerEndpoint, c.Environment.ActiveDirectoryEndpoint, c.Environment.TokenAudience)
111116
if err != nil {
112117
return err

azure/scope/identity.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ type CredentialsProvider interface {
4141
GetClientSecret(ctx context.Context) (string, error)
4242
GetTenantID() string
4343
GetTokenCredential(ctx context.Context, resourceManagerEndpoint, activeDirectoryEndpoint, tokenAudience string) (azcore.TokenCredential, error)
44+
Type() infrav1.IdentityType
4445
}
4546

4647
// AzureCredentialsProvider represents a credential provider with azure cluster identity.
@@ -228,6 +229,11 @@ func (p *AzureCredentialsProvider) GetTenantID() string {
228229
return p.Identity.Spec.TenantID
229230
}
230231

232+
// Type returns the auth mechanism used.
233+
func (p *AzureCredentialsProvider) Type() infrav1.IdentityType {
234+
return p.Identity.Spec.Type
235+
}
236+
231237
// hasClientSecret returns true if the identity has a Service Principal Client Secret.
232238
// This does not include managed identities.
233239
func (p *AzureCredentialsProvider) hasClientSecret() bool {

0 commit comments

Comments
 (0)