Enable Azure MSI authentication

Author: bryan-cox

pkg/storage/azure/azure.go

@@ -341,17 +341,33 @@ func (d *driver) storageAccountsClient(cfg *Azure, environment autorestazure.Env
 		err  error
 	)
 	if strings.TrimSpace(cfg.ClientSecret) == "" {
-		options := azidentity.WorkloadIdentityCredentialOptions{
-			ClientOptions: azcore.ClientOptions{
-				Cloud: cloudConfig,
-			},
-			ClientID:      cfg.ClientID,
-			TenantID:      cfg.TenantID,
-			TokenFilePath: cfg.FederatedTokenFile,
-		}
-		cred, err = azidentity.NewWorkloadIdentityCredential(&options)
-		if err != nil {
-			return storage.AccountsClient{}, err
+		if strings.TrimSpace(cfg.FederatedTokenFile) != "" {
+			options := azidentity.WorkloadIdentityCredentialOptions{
+				ClientOptions: azcore.ClientOptions{
+					Cloud: cloudConfig,
+				},
+				ClientID:      cfg.ClientID,
+				TenantID:      cfg.TenantID,
+				TokenFilePath: cfg.FederatedTokenFile,
+			}
+			cred, err = azidentity.NewWorkloadIdentityCredential(&options)
+			if err != nil {
+				return storage.AccountsClient{}, err
+			}
+		} else {
+			options := azidentity.ManagedIdentityCredentialOptions{
+				ClientOptions: azcore.ClientOptions{
+					Cloud: cloudConfig,
+				},
+			}
+			if cfg.ClientID != "" {
+				options.ID = azidentity.ClientID(cfg.ClientID)
+			}
+			var err error
+			cred, err = azidentity.NewManagedIdentityCredential(&options)
+			if err != nil {
+				return storage.AccountsClient{}, err
+			}
 		}
 	} else {
 		options := azidentity.ClientSecretCredentialOptions{

pkg/storage/azure/azureclient/azureclient.go

@@ -86,15 +86,31 @@ func New(opts *Options) (*Client, error) {
 	if creds == nil {
 		var err error
 		if strings.TrimSpace(opts.ClientSecret) == "" {
-			options := azidentity.WorkloadIdentityCredentialOptions{
-				ClientOptions: coreOpts,
-				ClientID:      opts.ClientID,
-				TenantID:      opts.TenantID,
-				TokenFilePath: opts.FederatedTokenFile,
-			}
-			creds, err = azidentity.NewWorkloadIdentityCredential(&options)
-			if err != nil {
-				return nil, err
+			if strings.TrimSpace(opts.FederatedTokenFile) != "" {
+				options := azidentity.WorkloadIdentityCredentialOptions{
+					ClientOptions: coreOpts,
+					ClientID:      opts.ClientID,
+					TenantID:      opts.TenantID,
+					TokenFilePath: opts.FederatedTokenFile,
+				}
+				creds, err = azidentity.NewWorkloadIdentityCredential(&options)
+				if err != nil {
+					return nil, err
+				}
+			} else {
+				options := azidentity.ManagedIdentityCredentialOptions{
+					ClientOptions: azcore.ClientOptions{
+						Cloud: cloudConfig,
+					},
+				}
+				if opts.ClientID != "" {
+					options.ID = azidentity.ClientID(opts.ClientID)
+				}
+				var err error
+				creds, err = azidentity.NewManagedIdentityCredential(&options)
+				if err != nil {
+					return nil, err
+				}
 			}
 		} else {
 			options := azidentity.ClientSecretCredentialOptions{