Merge pull request openshift#8786 from jhixson74/capz_managed_identity

OCPBUGS-36361: Azure: If credentialsMode is manual, pass the identity through

Author: openshift-merge-bot[bot]

pkg/asset/manifests/azure/cluster.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/openshift/installer/pkg/asset"
 	"github.com/openshift/installer/pkg/asset/installconfig"
+	azic "github.com/openshift/installer/pkg/asset/installconfig/azure"
 	"github.com/openshift/installer/pkg/asset/manifests/capiutils"
 	"github.com/openshift/installer/pkg/asset/manifests/capiutils/cidr"
 	"github.com/openshift/installer/pkg/types"
@@ -200,6 +201,10 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 			TenantID: session.Credentials.TenantID,
 		},
 	}
+	if session.AuthType == azic.ManagedIdentityAuth {
+		id.Spec.Type = capz.UserAssignedMSI
+		id.Spec.ClientSecret = corev1.SecretReference{}
+	}
 	id.SetGroupVersionKind(capz.GroupVersion.WithKind("AzureClusterIdentity"))
 	manifests = append(manifests, &asset.RuntimeFile{
 		Object: id,

pkg/infrastructure/azure/dns.go

@@ -6,7 +6,6 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
-	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns"
 	"k8s.io/utils/ptr"
@@ -89,11 +88,7 @@ func createDNSEntries(ctx context.Context, in clusterapi.InfraReadyInput, extLBF
 	subscriptionID := session.Credentials.SubscriptionID
 	cloudConfiguration := session.CloudConfig
 
-	tokenCreds, err := azidentity.NewClientSecretCredential(session.Credentials.TenantID, session.Credentials.ClientID, session.Credentials.ClientSecret, nil)
-	if err != nil {
-		return fmt.Errorf("failed to create identity: %w", err)
-	}
-	recordSetClient, err := armdns.NewRecordSetsClient(subscriptionID, tokenCreds,
+	recordSetClient, err := armdns.NewRecordSetsClient(subscriptionID, session.TokenCreds,
 		&arm.ClientOptions{
 			ClientOptions: policy.ClientOptions{
 				Cloud: cloudConfiguration,
@@ -103,7 +98,7 @@ func createDNSEntries(ctx context.Context, in clusterapi.InfraReadyInput, extLBF
 	if err != nil {
 		return fmt.Errorf("failed to create public record client: %w", err)
 	}
-	privateRecordSetClient, err := armprivatedns.NewRecordSetsClient(subscriptionID, tokenCreds,
+	privateRecordSetClient, err := armprivatedns.NewRecordSetsClient(subscriptionID, session.TokenCreds,
 		&arm.ClientOptions{
 			ClientOptions: policy.ClientOptions{
 				Cloud: cloudConfiguration,