Merge pull request #19 from avoltz/echairez/ee-workload-identity

temporary patch for workload identity + cloud config as secret
avoltz · Jun 23, 2023 · af783fd · af783fd
2 parents ad0a9b4 + f5334c0
commit af783fd
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/pkg/blob/azure.go b/pkg/blob/azure.go
@@ -93,6 +93,17 @@ func getCloudProvider(kubeconfig, nodeID, secretName, secretNamespace, userAgent
 		if err != nil {
 			klog.V(2).Infof("InitializeCloudFromSecret: failed to get cloud config from secret %s/%s: %v", az.SecretNamespace, az.SecretName, err)
 		}
+
+		if tenantID := os.Getenv("AZURE_TENANT_ID"); tenantID != "" {
+			config.TenantID = tenantID
+		}
+		if clientID := os.Getenv("AZURE_CLIENT_ID"); clientID != "" {
+			config.AADClientID = clientID
+		}
+		if federatedTokenFile := os.Getenv("AZURE_FEDERATED_TOKEN_FILE"); federatedTokenFile != "" {
+			config.AADFederatedTokenFile = federatedTokenFile
+			config.UseFederatedWorkloadIdentityExtension = true
+		}
 	}
 
 	if config == nil {