wip

Signed-off-by: Bryan Cox <[email protected]>

Author: bryan-cox

pkg/storage/azure/azure.go

@@ -334,6 +334,8 @@ func NewDriver(ctx context.Context, c *imageregistryv1.ImageRegistryConfigStorag
 }
 
 func (d *driver) newAzClient(cfg *Azure, environment autorestazure.Environment, tagset map[string]*string) (*azureclient.Client, error) {
+	klog.V(2).Infof("Creating new azureclient with shared credential cache: %p", &d.azureCredentials)
+
 	client, err := azureclient.New(&azureclient.Options{
 		Environment:        environment,
 		TenantID:           cfg.TenantID,
@@ -343,6 +345,7 @@ func (d *driver) newAzClient(cfg *Azure, environment autorestazure.Environment,
 		SubscriptionID:     cfg.SubscriptionID,
 		TagSet:             tagset,
 		Policies:           d.policies,
+		CredentialCache:    &d.azureCredentials, // Share the driver's credential cache
 	})
 	if err != nil {
 		return nil, err

pkg/storage/azure/azureclient/azureclient.go

@@ -51,6 +51,7 @@ type Options struct {
 	TagSet             map[string]*string
 	Policies           []policy.Policy
 	Creds              azcore.TokenCredential
+	CredentialCache    *sync.Map // Optional external credential cache to share across instances
 }
 
 type PrivateEndpointCreateOptions struct {
@@ -97,6 +98,13 @@ func New(opts *Options) (*Client, error) {
 	}, nil
 }
 
+func (c *Client) getCredentialCache() *sync.Map {
+	if c.opts.CredentialCache != nil {
+		return c.opts.CredentialCache
+	}
+	return &c.azureCredentials
+}
+
 func (c *Client) getCreds(ctx context.Context) (azcore.TokenCredential, error) {
 	if c.creds != nil {
 		return c.creds, nil
@@ -110,9 +118,14 @@ func (c *Client) getCreds(ctx context.Context) (azcore.TokenCredential, error) {
 	if userAssignedIdentityCredentialsFilePath != "" {
 		var ok bool
 
+		// Use shared credential cache if available
+		credCache := c.getCredentialCache()
+		klog.V(2).Infof("Using credential cache: %p", credCache)
+
 		// We need to only store the Azure credentials once and reuse them after that.
-		storedCreds, found := c.azureCredentials.Load(azureCredentialsKey)
+		storedCreds, found := credCache.Load(azureCredentialsKey)
 		if !found {
+			klog.V(2).Infof("Cache miss - creating new credentials")
 			klog.V(2).Info("Using UserAssignedIdentityCredentials for Azure authentication for managed Azure HCP")
 			clientOptions := azcore.ClientOptions{
 				Cloud: c.clientOpts.Cloud,
@@ -121,8 +134,10 @@ func (c *Client) getCreds(ctx context.Context) (azcore.TokenCredential, error) {
 			if err != nil {
 				return nil, err
 			}
-			c.azureCredentials.Store(azureCredentialsKey, creds)
+			credCache.Store(azureCredentialsKey, creds)
+			klog.V(2).Infof("Stored credentials in cache: %p", creds)
 		} else {
+			klog.V(2).Infof("Cache hit - reusing existing credentials")
 			creds, ok = storedCreds.(azcore.TokenCredential)
 			if !ok {
 				return nil, fmt.Errorf("expected %T to be a TokenCredential", storedCreds)