Merge pull request #1082 from bryan-cox/IR-467

IR-467: Enable MSI override for ARO HCP

Author: openshift-merge-bot[bot]

pkg/storage/azure/azure.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"os"
 	"reflect"
 	"regexp"
 	"strings"
@@ -340,7 +341,21 @@ func (d *driver) storageAccountsClient(cfg *Azure, environment autorestazure.Env
 		cred azcore.TokenCredential
 		err  error
 	)
-	if strings.TrimSpace(cfg.ClientSecret) == "" {
+	// MSI Override for ARO HCP
+	msi := os.Getenv("AZURE_MSI_AUTHENTICATION")
+	if msi == "true" {
+		options := azidentity.ManagedIdentityCredentialOptions{
+			ClientOptions: azcore.ClientOptions{
+				Cloud: cloudConfig,
+			},
+		}
+
+		var err error
+		cred, err = azidentity.NewManagedIdentityCredential(&options)
+		if err != nil {
+			return storage.AccountsClient{}, err
+		}
+	} else if strings.TrimSpace(cfg.ClientSecret) == "" {
 		options := azidentity.WorkloadIdentityCredentialOptions{
 			ClientOptions: azcore.ClientOptions{
 				Cloud: cloudConfig,

pkg/storage/azure/azureclient/azureclient.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net/http"
+	"os"
 	"strings"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
@@ -85,7 +86,20 @@ func New(opts *Options) (*Client, error) {
 	creds := opts.Creds
 	if creds == nil {
 		var err error
-		if strings.TrimSpace(opts.ClientSecret) == "" {
+
+		// MSI Override for ARO HCP
+		msi := os.Getenv("AZURE_MSI_AUTHENTICATION")
+		if msi == "true" {
+			options := azidentity.ManagedIdentityCredentialOptions{
+				ClientOptions: azcore.ClientOptions{
+					Cloud: cloudConfig,
+				},
+			}
+			creds, err = azidentity.NewManagedIdentityCredential(&options)
+			if err != nil {
+				return nil, err
+			}
+		} else if strings.TrimSpace(opts.ClientSecret) == "" {
 			options := azidentity.WorkloadIdentityCredentialOptions{
 				ClientOptions: coreOpts,
 				ClientID:      opts.ClientID,
@@ -110,7 +124,6 @@ func New(opts *Options) (*Client, error) {
 				return nil, err
 			}
 		}
-
 	}
 
 	coreOpts.Retry = policy.RetryOptions{