Enable Azure MSI authentication for ARO HCP

For ARO HCP, we need to override the authentication type to be MSI. For more information please see openshift/enhancements#1659.
bryan-cox · Aug 5, 2024 · 1764dd2 · 1764dd2
1 parent a01ed6c
commit 1764dd2
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/pkg/dns/azure/client/auth.go b/pkg/dns/azure/client/auth.go
@@ -70,7 +70,21 @@ func getAuthorizerForResource(config Config) (autorest.Authorizer, error) {
 	}
 
 	var cred azcore.TokenCredential
-	if config.AzureWorkloadIdentityEnabled && strings.TrimSpace(config.ClientSecret) == "" {
+	// MSI Override for ARO HCP
+	msi := os.Getenv("AZURE_MSI_AUTHENTICATION")
+	if msi == "true" {
+		options := azidentity.ManagedIdentityCredentialOptions{
+			ClientOptions: azcore.ClientOptions{
+				Cloud: cloudConfig,
+			},
+		}
+
+		var err error
+		cred, err = azidentity.NewManagedIdentityCredential(&options)
+		if err != nil {
+			return nil, err
+		}
+	} else if config.AzureWorkloadIdentityEnabled && strings.TrimSpace(config.ClientSecret) == "" {
 		options := azidentity.WorkloadIdentityCredentialOptions{
 			ClientOptions: azcore.ClientOptions{
 				Cloud: cloudConfig,