Merge pull request #1079 from bryan-cox/revert-1020-IR-467

openshift-merge-bot[bot] · web-flow · commit 08badfeeb71e · 2024-08-02T10:03:02.000Z
Revert "IR-467: Enable Azure MSI authentication"
diff --git a/pkg/storage/azure/azure.go b/pkg/storage/azure/azure.go
@@ -341,33 +341,17 @@ func (d *driver) storageAccountsClient(cfg *Azure, environment autorestazure.Env
 		err  error
 	)
 	if strings.TrimSpace(cfg.ClientSecret) == "" {
-		if strings.TrimSpace(cfg.FederatedTokenFile) != "" {
-			options := azidentity.WorkloadIdentityCredentialOptions{
-				ClientOptions: azcore.ClientOptions{
-					Cloud: cloudConfig,
-				},
-				ClientID:      cfg.ClientID,
-				TenantID:      cfg.TenantID,
-				TokenFilePath: cfg.FederatedTokenFile,
-			}
-			cred, err = azidentity.NewWorkloadIdentityCredential(&options)
-			if err != nil {
-				return storage.AccountsClient{}, err
-			}
-		} else {
-			options := azidentity.ManagedIdentityCredentialOptions{
-				ClientOptions: azcore.ClientOptions{
-					Cloud: cloudConfig,
-				},
-			}
-			if cfg.ClientID != "" {
-				options.ID = azidentity.ClientID(cfg.ClientID)
-			}
-			var err error
-			cred, err = azidentity.NewManagedIdentityCredential(&options)
-			if err != nil {
-				return storage.AccountsClient{}, err
-			}
+		options := azidentity.WorkloadIdentityCredentialOptions{
+			ClientOptions: azcore.ClientOptions{
+				Cloud: cloudConfig,
+			},
+			ClientID:      cfg.ClientID,
+			TenantID:      cfg.TenantID,
+			TokenFilePath: cfg.FederatedTokenFile,
+		}
+		cred, err = azidentity.NewWorkloadIdentityCredential(&options)
+		if err != nil {
+			return storage.AccountsClient{}, err
 		}
 	} else {
 		options := azidentity.ClientSecretCredentialOptions{
diff --git a/pkg/storage/azure/azureclient/azureclient.go b/pkg/storage/azure/azureclient/azureclient.go
@@ -86,31 +86,15 @@ func New(opts *Options) (*Client, error) {
 	if creds == nil {
 		var err error
 		if strings.TrimSpace(opts.ClientSecret) == "" {
-			if strings.TrimSpace(opts.FederatedTokenFile) != "" {
-				options := azidentity.WorkloadIdentityCredentialOptions{
-					ClientOptions: coreOpts,
-					ClientID:      opts.ClientID,
-					TenantID:      opts.TenantID,
-					TokenFilePath: opts.FederatedTokenFile,
-				}
-				creds, err = azidentity.NewWorkloadIdentityCredential(&options)
-				if err != nil {
-					return nil, err
-				}
-			} else {
-				options := azidentity.ManagedIdentityCredentialOptions{
-					ClientOptions: azcore.ClientOptions{
-						Cloud: cloudConfig,
-					},
-				}
-				if opts.ClientID != "" {
-					options.ID = azidentity.ClientID(opts.ClientID)
-				}
-				var err error
-				creds, err = azidentity.NewManagedIdentityCredential(&options)
-				if err != nil {
-					return nil, err
-				}
+			options := azidentity.WorkloadIdentityCredentialOptions{
+				ClientOptions: coreOpts,
+				ClientID:      opts.ClientID,
+				TenantID:      opts.TenantID,
+				TokenFilePath: opts.FederatedTokenFile,
+			}
+			creds, err = azidentity.NewWorkloadIdentityCredential(&options)
+			if err != nil {
+				return nil, err
 			}
 		} else {
 			options := azidentity.ClientSecretCredentialOptions{
