From 1764dd2b04552bcba4735106d0fda70af6997756 Mon Sep 17 00:00:00 2001
From: Bryan Cox <brcox@redhat.com>
Date: Mon, 5 Aug 2024 16:15:55 -0400
Subject: [PATCH] Enable Azure MSI authentication for ARO HCP

For ARO HCP, we need to override the authentication type to be MSI. For more information please see https://github.com/openshift/enhancements/pull/1659.
---
 pkg/dns/azure/client/auth.go | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/pkg/dns/azure/client/auth.go b/pkg/dns/azure/client/auth.go
index a4dcf1814c..4a61f0c1c0 100644
--- a/pkg/dns/azure/client/auth.go
+++ b/pkg/dns/azure/client/auth.go
@@ -70,7 +70,21 @@ func getAuthorizerForResource(config Config) (autorest.Authorizer, error) {
 	}
 
 	var cred azcore.TokenCredential
-	if config.AzureWorkloadIdentityEnabled && strings.TrimSpace(config.ClientSecret) == "" {
+	// MSI Override for ARO HCP
+	msi := os.Getenv("AZURE_MSI_AUTHENTICATION")
+	if msi == "true" {
+		options := azidentity.ManagedIdentityCredentialOptions{
+			ClientOptions: azcore.ClientOptions{
+				Cloud: cloudConfig,
+			},
+		}
+
+		var err error
+		cred, err = azidentity.NewManagedIdentityCredential(&options)
+		if err != nil {
+			return nil, err
+		}
+	} else if config.AzureWorkloadIdentityEnabled && strings.TrimSpace(config.ClientSecret) == "" {
 		options := azidentity.WorkloadIdentityCredentialOptions{
 			ClientOptions: azcore.ClientOptions{
 				Cloud: cloudConfig,