Add ManagedIdentity with AZURE_CLIENT_ID

This ensures the Managed Identity authentication works with multiple
identities assigned to a single node.

Signed-off-by: Hidde Beydals <[email protected]>

Author: hiddeco

pkg/azure/blob.go

@@ -358,6 +358,8 @@ func sharedCredentialFromSecret(endpoint string, secret *corev1.Secret) (*azblob
 // azidentity.ChainedTokenCredential if at least one of the following tokens was
 // successfully created:
 // - azidentity.EnvironmentCredential
+// - azidentity.ManagedIdentityCredential with Client ID from AZURE_CLIENT_ID
+//   environment variable, if found.
 // - azidentity.ManagedIdentityCredential
 // If a Secret with an `authorityHost` is provided, this is set on the
 // azidentity.EnvironmentCredentialOptions. It may return nil.
@@ -374,6 +376,13 @@ func chainCredentialWithSecret(secret *corev1.Secret) (azcore.TokenCredential, e
 	if token, _ := azidentity.NewEnvironmentCredential(credOpts); token != nil {
 		creds = append(creds, token)
 	}
+	if clientID := os.Getenv("AZURE_CLIENT_ID"); clientID != "" {
+		if token, _ := azidentity.NewManagedIdentityCredential(&azidentity.ManagedIdentityCredentialOptions{
+			ID: azidentity.ClientID(clientID),
+		}); token != nil {
+			creds = append(creds, token)
+		}
+	}
 	if token, _ := azidentity.NewManagedIdentityCredential(nil); token != nil {
 		creds = append(creds, token)
 	}