ic: azure: validate credentials mode for managed identities

r4f4 · r4f4 · commit 2798e6a25964 · 2023-05-31T15:47:18.000+02:00
CredentialsMode must be set to 'Manual' when using Managed Identities
authentication. This change adds a validation check and errors out if
that's not the case with:

```
INFO Credentials loaded from file "/home/azureuser/.azure/osServicePrincipal.json"
WARNING Using Managed Identity to authenticate. Please be warned cluster does not support MSI and only the installer does.
FATAL failed to fetch Bootstrap Ignition Config: failed to fetch dependency of "Bootstrap Ignition Config": failed to fetch dependency of "CVO Ignore": failed to fetch dependency of "Common Manifests": failed to fetch dependency of "DNS Config": failed to generate asset "Platform Credentials Check": authentication with client certificates or managed identity is only supported in manual credentials mode
```
diff --git a/pkg/asset/installconfig/platformcredscheck.go b/pkg/asset/installconfig/platformcredscheck.go
@@ -7,6 +7,7 @@ import (
 	"github.com/pkg/errors"
 
 	"github.com/openshift/installer/pkg/asset"
+	azureconfig "github.com/openshift/installer/pkg/asset/installconfig/azure"
 	gcpconfig "github.com/openshift/installer/pkg/asset/installconfig/gcp"
 	ibmcloudconfig "github.com/openshift/installer/pkg/asset/installconfig/ibmcloud"
 	openstackconfig "github.com/openshift/installer/pkg/asset/installconfig/openstack"
@@ -94,8 +95,11 @@ func (a *PlatformCredsCheck) Generate(dependencies asset.Parents) error {
 		if err != nil {
 			return errors.Wrap(err, "creating Azure session")
 		}
-		if azureSession.Credentials.ClientCertificatePath != "" && ic.Config.CredentialsMode != types.ManualCredentialsMode {
-			return fmt.Errorf("authentication with client certificates is only supported in manual credentials mode")
+		switch azureSession.AuthType {
+		case azureconfig.ClientCertificateAuth, azureconfig.ManagedIdentityAuth:
+			if ic.Config.CredentialsMode != types.ManualCredentialsMode {
+				return fmt.Errorf("authentication with client certificates or managed identity is only supported in manual credentials mode")
+			}
 		}
 	case ovirt.Name:
 		con, err := ovirtconfig.NewConnection()
