Removal of Microsoft ADAL identity and to use azidentity(MSAL)

go.mod

@@ -10,7 +10,6 @@ require (
 	cloud.google.com/go/secretmanager v1.13.5
 	cloud.google.com/go/storage v1.43.0
 	dario.cat/mergo v1.0.0
-	github.com/Azure/azure-amqp-common-go/v4 v4.2.0
 	github.com/Azure/azure-kusto-go v0.16.1
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
@@ -23,7 +22,6 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azqueue v1.0.0
 	github.com/Azure/go-autorest/autorest v0.11.29
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.13
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2
 	github.com/DataDog/datadog-api-client-go v1.16.0
 	github.com/Huawei/gophercloud v1.0.21
 	github.com/IBM/sarama v1.43.2
@@ -119,6 +117,11 @@ require (
 	sigs.k8s.io/kustomize/kustomize/v5 v5.4.3
 )
 
+require (
+	github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
+)
+
 // Remove this when they merge the PR and cut a release https://github.com/open-policy-agent/cert-controller/pull/202
 replace github.com/open-policy-agent/cert-controller => github.com/jorturfer/cert-controller v0.0.0-20240427003941-363ba56751d7
 
@@ -177,7 +180,6 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
 	github.com/Azure/go-amqp v1.0.5 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
 	github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect

go.sum

@@ -778,8 +778,6 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8=
 git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc=
-github.com/Azure/azure-amqp-common-go/v4 v4.2.0 h1:q/jLx1KJ8xeI8XGfkOWMN9XrXzAfVTkyvCxPvHCjd2I=
-github.com/Azure/azure-amqp-common-go/v4 v4.2.0/go.mod h1:GD3m/WPPma+621UaU6KNjKEo5Hl09z86viKwQjTpV0Q=
 github.com/Azure/azure-kusto-go v0.16.1 h1:vCBWcQghmC1qIErUUgVNWHxGhZVStu1U/hki6iBA14k=
 github.com/Azure/azure-kusto-go v0.16.1/go.mod h1:9F2zvXH8B6eWzgI1S4k1ZXAIufnBZ1bv1cW1kB1n3D0=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=

pkg/scalers/azure/azure_azidentity_chain.go

@@ -42,3 +42,14 @@ func NewChainedCredential(logger logr.Logger, podIdentity v1alpha1.AuthPodIdenti
 	// Create the chained credential based on the previous 3
 	return azidentity.NewChainedTokenCredential(creds, nil)
 }
+
+func NewADWorkloadIdentityCredential(identityID, identityTenantID string) (*azidentity.WorkloadIdentityCredential, error) {
+	options := &azidentity.WorkloadIdentityCredentialOptions{}
+	if identityID != "" {
+		options.ClientID = identityID
+	}
+	if identityTenantID != "" {
+		options.TenantID = identityTenantID
+	}
+	return azidentity.NewWorkloadIdentityCredential(options)
+}

pkg/scalers/rabbitmq_scaler.go

@@ -4,6 +4,8 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"io"
 	"net/http"
 	"net/url"
@@ -64,7 +66,7 @@ type rabbitMQScaler struct {
 	connection *amqp.Connection
 	channel    *amqp.Channel
 	httpClient *http.Client
-	azureOAuth *azure.ADWorkloadIdentityTokenProvider
+	azureOAuth *azidentity.WorkloadIdentityCredential
 	logger     logr.Logger
 }
 
@@ -567,15 +569,22 @@ func getJSON(ctx context.Context, s *rabbitMQScaler, url string) (queueInfo, err
 
 	if s.metadata.workloadIdentityResource != "" {
 		if s.azureOAuth == nil {
-			s.azureOAuth = azure.NewAzureADWorkloadIdentityTokenProvider(ctx, s.metadata.workloadIdentityClientID, s.metadata.workloadIdentityTenantID, s.metadata.workloadIdentityAuthorityHost, s.metadata.workloadIdentityResource)
+			s.azureOAuth, err = azure.NewADWorkloadIdentityCredential(s.metadata.workloadIdentityClientID, s.metadata.workloadIdentityTenantID)
+		}
+		if err != nil {
+			return result, err
 		}
 
-		err = s.azureOAuth.Refresh()
+		token, err := s.azureOAuth.GetToken(ctx, policy.TokenRequestOptions{
+			Scopes: []string{
+				s.metadata.workloadIdentityResource,
+			},
+		})
 		if err != nil {
 			return result, err
 		}
 
-		request.Header.Set("Authorization", "Bearer "+s.azureOAuth.OAuthToken())
+		request.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
 	}
 
 	r, err := s.httpClient.Do(request)