From b05b682ca5d6bfceffeda5a26cb742e8b655c633 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Thu, 20 Jun 2024 19:19:13 +0530
Subject: [PATCH] plume/azure: Add support for managed identity

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
---
 cmd/plume/prerelease.go | 4 ++++
 cmd/plume/release.go    | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/cmd/plume/prerelease.go b/cmd/plume/prerelease.go
index 787f290cc..13178ebc5 100644
--- a/cmd/plume/prerelease.go
+++ b/cmd/plume/prerelease.go
@@ -83,6 +83,8 @@ var (
 	publishMarketplace bool
 	// username is the default user on instances launched by AWS Marketplace.
 	username string
+	// azureUseIdentity is a bool to use managed identity for authentication
+	azureUseIdentity bool
 )
 
 type imageMetadataAbstract struct {
@@ -117,6 +119,7 @@ func init() {
 	cmdPreRelease.Flags().StringVar(&azureAuth, "azure-auth", "", "Azure Credentials json file")
 	cmdPreRelease.Flags().StringVar(&azureCategory, "azure-category", "", "Azure category (empty/pro)")
 	cmdPreRelease.Flags().StringVar(&azureTestContainer, "azure-test-container", "", "Use test container instead of default")
+	cmdPreRelease.Flags().BoolVar(&azureUseIdentity, "azure-identity", false, "Use VM managed identity for authentication (default false)")
 	cmdPreRelease.Flags().StringVar(&awsCredentialsFile, "aws-credentials", "", "AWS credentials file")
 	cmdPreRelease.Flags().StringVar(&verifyKeyFile,
 		"verify-key", "", "path to ASCII-armored PGP public key to be used in verifying download signatures.")
@@ -314,6 +317,7 @@ func azurePreRelease(ctx context.Context, client *http.Client, src *storage.Buck
 			AzureProfile:      azureProfile,
 			AzureAuthLocation: azureAuth,
 			AzureSubscription: environment.SubscriptionName,
+			UseIdentity:       azureUseIdentity,
 		})
 		if err != nil {
 			return fmt.Errorf("failed to create Azure API: %v", err)
diff --git a/cmd/plume/release.go b/cmd/plume/release.go
index adeb8bf03..7a2753bd0 100644
--- a/cmd/plume/release.go
+++ b/cmd/plume/release.go
@@ -53,6 +53,7 @@ func init() {
 	cmdRelease.Flags().StringVar(&azureProfile, "azure-profile", "", "Azure Profile json file")
 	cmdRelease.Flags().StringVar(&azureAuth, "azure-auth", "", "Azure Credentials json file")
 	cmdRelease.Flags().StringVar(&azureTestContainer, "azure-test-container", "", "Use test container instead of default")
+	cmdRelease.Flags().BoolVar(&azureUseIdentity, "azure-identity", false, "Use VM managed identity for authentication (default false)")
 	cmdRelease.Flags().StringVar(&gceReleaseKey, "gce-release-key", "", "GCE key file for releases")
 	cmdRelease.Flags().BoolVarP(&releaseDryRun, "dry-run", "n", false,
 		"perform a trial run, do not make changes")
@@ -394,6 +395,7 @@ func doAzure(ctx context.Context, client *http.Client, src *storage.Bucket, spec
 			AzureProfile:      azureProfile,
 			AzureAuthLocation: azureAuth,
 			AzureSubscription: environment.SubscriptionName,
+			UseIdentity:       azureUseIdentity,
 		})
 		if err != nil {
 			plog.Fatalf("failed to create Azure API: %v", err)