Skip to content

Commit 0c41894

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #2083 from k8s-infra-cherrypick-robot/cherry-pick-2081-to-release-1.25
[release-1.25] feat: use kubelet identity by default in msi auth
2 parents a9fd67f + 7393f83 commit 0c41894

File tree

1 file changed

+19
-1
lines changed

1 file changed

+19
-1
lines changed

pkg/blob/blob.go

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,6 +85,7 @@ const (
8585
storageSPNClientIDField = "azurestoragespnclientid"
8686
storageSPNTenantIDField = "azurestoragespntenantid"
8787
storageAuthTypeField = "azurestorageauthtype"
88+
storageAuthTypeMSI = "msi"
8889
storageIdentityClientIDField = "azurestorageidentityclientid"
8990
storageIdentityObjectIDField = "azurestorageidentityobjectid"
9091
storageIdentityResourceIDField = "azurestorageidentityresourceid"
@@ -635,7 +636,7 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
635636
if spnTenantID != "" {
636637
storageSPNTenantID = spnTenantID
637638
}
638-
if err != nil && strings.EqualFold(azureStorageAuthType, "msi") {
639+
if err != nil && strings.EqualFold(azureStorageAuthType, storageAuthTypeMSI) {
639640
klog.V(2).Infof("ignore error(%v) since secret is optional for auth type(%s)", err, azureStorageAuthType)
640641
err = nil
641642
}
@@ -708,6 +709,23 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
708709
authEnv = append(authEnv, "AZURE_STORAGE_SPN_TENANT_ID="+storageSPNTenantID)
709710
}
710711

712+
if azureStorageAuthType == storageAuthTypeMSI {
713+
// check whether authEnv contains AZURE_STORAGE_IDENTITY_ prefix
714+
containsIdentityEnv := false
715+
for _, env := range authEnv {
716+
if strings.HasPrefix(env, "AZURE_STORAGE_IDENTITY_") {
717+
klog.V(2).Infof("AZURE_STORAGE_IDENTITY_ is already set in authEnv, skip setting it again")
718+
containsIdentityEnv = true
719+
break
720+
}
721+
}
722+
if !containsIdentityEnv && d.cloud != nil && d.cloud.Config.AzureAuthConfig.UserAssignedIdentityID != "" {
723+
klog.V(2).Infof("azureStorageAuthType is set to %s, add AZURE_STORAGE_IDENTITY_CLIENT_ID(%s) into authEnv",
724+
azureStorageAuthType, d.cloud.Config.AzureAuthConfig.UserAssignedIdentityID)
725+
authEnv = append(authEnv, "AZURE_STORAGE_IDENTITY_CLIENT_ID="+d.cloud.Config.AzureAuthConfig.UserAssignedIdentityID)
726+
}
727+
}
728+
711729
return rgName, accountName, accountKey, containerName, authEnv, err
712730
}
713731

0 commit comments

Comments
 (0)