Update override environment variable name

Originally, we thought we did not need to set a client ID when creating a new managed identity credential due to the code documentation here - https://github.com/Azure/azure-sdk-for-go/blob/bd891cb0615f6148f9884be97bff7a3e2598bcc6/sdk/azidentity/managed_identity_credential.go#L128. This is not the case and a valid client ID will need to be passed to the operators. Signed-off-by: Bryan Cox <[email protected]>
openshift · Oct 7, 2024 · e050c0d · e050c0d
1 parent 09752c2
commit e050c0d
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/enhancements/hypershift/msi-enablement-for-aro-hcp.md b/enhancements/hypershift/msi-enablement-for-aro-hcp.md
@@ -49,26 +49,26 @@ running on the data plane/guest cluster side use workload identity authenticatio
 
 ### Goals
 
-* Agreement from ingress, image registry, network, and storage representatives on a standard approach to authenticate with MSI for ARO HCP
+* Agreement from ingress, image registry, network, and storage representatives on a standard approach to authenticate with MSI for ARO HCP.
 
 ### Non-Goals
 
 * Implementing MSI for image registry, ingress, cloud network config, and storage operators outside the override.
 
 ## Proposal
 
-We propose setting an environment variable, AZURE_MSI_AUTHENTICATION, upon deployment of image registry, ingress, cloud 
+We propose setting an environment variable, ARO_HCP_MI_CLIENT_ID, upon deployment of image registry, ingress, cloud 
 network config, and storage operators in the control plane of an ARO HCP cluster. This variable will be checked by each 
 operator; if set, it will override the default authentication mechanism, using a managed identity to authenticate with 
-Azure cloud services instead.
+Azure cloud services instead. ARO_HCP_MI_CLIENT_ID will contain the client ID to create the new managed identity.
 
 For operators with operands that they manage in the control plane, the operator would be responsible for propagating the 
 environment variable to those operands (if the operands need cloud access).
 
 ### Workflow Description
 
-* HostedCluster control plane operator will set AZURE_MSI_AUTHENTICATION on deployment of image registry, ingress, cluster network operator (which will pass the value to cloud network config), and storage operators
-* When each operator is configuring the Azure authentication type, if the AZURE_MSI_AUTHENTICATION is set, the operator will ignore any other Azure cloud configuration and use MSI
+* HostedCluster control plane operator will set ARO_HCP_MI_CLIENT_ID on deployment of image registry, ingress, cluster network operator (which will pass the value to cloud network config), and storage operators
+* When each operator is configuring the Azure authentication type, if the ARO_HCP_MI_CLIENT_ID is set, the operator will ignore any other Azure cloud configuration and use Managed Identity with the client ID being set to the value in ARO_HCP_MI_CLIENT_ID
 
 ### API Extensions
 

diff --git a/guidelines/enhancement_template.md b/guidelines/enhancement_template.md
@@ -17,7 +17,7 @@ see-also:
 replaces:
   - "/enhancements/that-less-than-great-idea.md"
 superseded-by:
-  - "/enhancements/our-past-effort.md"
+  - "https://github.com/openshift/enhancements/pull/1694"
 ---
 
 To get started with this template: