Add MSI Support for Azure plugin.

Signed-off-by: yanggang <gang.yang@daocloud.io>
vmware-tanzu · Oct 10, 2023 · 4de800a · 4de800a
1 parent b316101
commit 4de800a
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 0 deletions.
diff --git a/changelogs/unreleased/6927-yanggangtony b/changelogs/unreleased/6927-yanggangtony
@@ -0,0 +1 @@
+Add MSI Support for Azure plugin.
diff --git a/pkg/util/azure/credential.go b/pkg/util/azure/credential.go
@@ -129,5 +129,14 @@ func newConfigCredential(creds map[string]string, options configCredentialOption
 		return nil, errors.Errorf("%s is required", CredentialKeyPassword)
 	}
 
+	//msiEndpoint
+	msiEndpoint := creds[CredentialMSI_ENDPOINT]
+	identityEndpoint := creds[CredentialIDENTITY_ENDPOINT]
+
+	if msiEndpoint != "" || identityEndpoint != "" {
+		o := &azidentity.ManagedIdentityCredentialOptions{ClientOptions: options.ClientOptions, ID: azidentity.ClientID(clientID)}
+		return azidentity.NewManagedIdentityCredential(o)
+	}
+
 	return nil, errors.New("incomplete credential configuration. Only AZURE_TENANT_ID and AZURE_CLIENT_ID are set")
 }
diff --git a/pkg/util/azure/util.go b/pkg/util/azure/util.go
@@ -49,6 +49,12 @@ const (
 	CredentialKeyUsername                   = "AZURE_USERNAME"                      // #nosec
 	CredentialKeyPassword                   = "AZURE_PASSWORD"                      // #nosec
 
+	CredentialIMDS_ENDPOINT              = "IMDS_ENDPOINT"              // #nosec
+	CredentialIDENTITY_ENDPOINT          = "IDENTITY_ENDPOINT"          // #nosec
+	CredentialIDENTITY_HEADER            = "IDENTITY_HEADER"            // #nosec
+	CredentialIDENTITY_SERVER_THUMBPRINT = "IDENTITY_SERVER_THUMBPRINT" // #nosec
+	CredentialMSI_ENDPOINT               = "MSI_ENDPOINT"               // #nosec
+
 	credentialFile = "credentialsFile"
 )