Skip to content

Commit

Permalink
Add ManagedIdentity with AZURE_CLIENT_ID
Browse files Browse the repository at this point in the history
This ensures the Managed Identity authentication works with multiple
identities assigned to a single node.

Signed-off-by: Hidde Beydals <hello@hidde.co>
  • Loading branch information
hiddeco committed Mar 8, 2022
1 parent 26f00da commit 1346696
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions pkg/azure/blob.go
Original file line number Diff line number Diff line change
Expand Up @@ -358,6 +358,8 @@ func sharedCredentialFromSecret(endpoint string, secret *corev1.Secret) (*azblob
// azidentity.ChainedTokenCredential if at least one of the following tokens was
// successfully created:
// - azidentity.EnvironmentCredential
// - azidentity.ManagedIdentityCredential with Client ID from AZURE_CLIENT_ID
// environment variable, if found.
// - azidentity.ManagedIdentityCredential
// If a Secret with an `authorityHost` is provided, this is set on the
// azidentity.EnvironmentCredentialOptions. It may return nil.
Expand All @@ -374,6 +376,13 @@ func chainCredentialWithSecret(secret *corev1.Secret) (azcore.TokenCredential, e
if token, _ := azidentity.NewEnvironmentCredential(credOpts); token != nil {
creds = append(creds, token)
}
if clientID := os.Getenv("AZURE_CLIENT_ID"); clientID != "" {
if token, _ := azidentity.NewManagedIdentityCredential(&azidentity.ManagedIdentityCredentialOptions{
ID: azidentity.ClientID(clientID),
}); token != nil {
creds = append(creds, token)
}
}
if token, _ := azidentity.NewManagedIdentityCredential(nil); token != nil {
creds = append(creds, token)
}
Expand Down

0 comments on commit 1346696

Please sign in to comment.