Use AZURE_CLIENT_ID & AZURE_TENANT_ID environment vars for AKS Workload Identity

[ronaldvb-k]

There seems to be an inconsistency between the azapi and azurerm providers when setting use_aks_workload_identity to true.
We enable AKS Workload Identity on K8s jobs which runs terraform by adding the azure.workload.identity/use: "true" label.

Pods with this label are mutated by the azure-workload-identity mutating admission webhook to inject the following Azure specific environment variables:

AZURE_CLIENT_ID: xxx
AZURE_TENANT_ID: xxx
AZURE_FEDERATED_TOKEN_FILE:  /var/run/secrets/azure/tokens/azure-identity-token
AZURE_AUTHORITY_HOST=https://login.microsoftonline.com/

This works fine with the azurerm provider because it uses the AZURE_CLIENT_ID & AZURE_TENANT_ID environment variables when use_aks_workload_identity is set to true.

But it does not work with the azapi provider because this provider is using the ARM_CLIENT_ID & ARM_TENANT_ID environment variables as you can see here.

Should we change the azapi provider code, to make it use the AZURE_CLIENT_ID & AZURE_TENANT_ID environment variables when use_aks_workload_identity is set to true?