Add MSI Support for Azure plugin.

Signed-off-by: yanggang <gang.yang@daocloud.io>
vmware-tanzu · Oct 13, 2023 · a81fa53 · a81fa53
1 parent 9606df6
commit a81fa53
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 6 deletions.
diff --git a/changelogs/unreleased/6938-yanggangtony b/changelogs/unreleased/6938-yanggangtony
@@ -0,0 +1 @@
+Add MSI Support for Azure plugin.
diff --git a/pkg/util/azure/credential.go b/pkg/util/azure/credential.go
@@ -26,7 +26,7 @@ import (
 	"github.com/pkg/errors"
 )
 
-// NewCredential chains the config credential and workload identity credential
+// NewCredential chains the config credential , workload identity credential , managed identity credential
 func NewCredential(creds map[string]string, options policy.ClientOptions) (azcore.TokenCredential, error) {
 	var (
 		credential []azcore.TokenCredential
@@ -60,6 +60,15 @@ func NewCredential(creds map[string]string, options policy.ClientOptions) (azcor
 		errMsgs = append(errMsgs, err.Error())
 	}
 
+	//managed identity credential
+	o := &azidentity.ManagedIdentityCredentialOptions{ClientOptions: options, ID: azidentity.ClientID(creds[CredentialKeyClientID])}
+	msi, err := azidentity.NewManagedIdentityCredential(o)
+	if err == nil {
+		credential = append(credential, msi)
+	} else {
+		errMsgs = append(errMsgs, err.Error())
+	}
+
 	if len(credential) == 0 {
 		return nil, errors.Errorf("failed to create Azure credential: %s", strings.Join(errMsgs, "\n\t"))
 	}

diff --git a/pkg/util/azure/credential_test.go b/pkg/util/azure/credential_test.go
@@ -19,17 +19,20 @@ package azure
 import (
 	"testing"
 
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/stretchr/testify/require"
 )
 
 func TestNewCredential(t *testing.T) {
-	options := policy.ClientOptions{}
+	bslCfg := map[string]string{}
+	creds := map[string]string{
+		CredentialKeyCloudName: "invalid",
+	}
+	clientOpt, _ := GetClientOptions(bslCfg, creds)
+	options := azidentity.DefaultAzureCredentialOptions{AdditionallyAllowedTenants: []string{}, ClientOptions: clientOpt}
 
 	// no credentials
-	creds := map[string]string{}
-	_, err := NewCredential(creds, options)
+	_, err := NewCredential(creds, options.ClientOptions)
 	require.NotNil(t, err)
 
 	// config credential
@@ -38,7 +41,7 @@ func TestNewCredential(t *testing.T) {
 		CredentialKeyClientID:     "clientid",
 		CredentialKeyClientSecret: "secret",
 	}
-	_, err = NewCredential(creds, options)
+	_, err = NewCredential(creds, options.ClientOptions)
 	require.Nil(t, err)
 }