From efd36d8df2145830eb7b23285a58bb94142ad86f Mon Sep 17 00:00:00 2001
From: chian <91816369+chianw@users.noreply.github.com>
Date: Thu, 2 Nov 2023 10:30:40 +0800
Subject: [PATCH] Add support for user-assigned managed identity login for TFE
 agent

---
 agents/tfc/login.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/agents/tfc/login.sh b/agents/tfc/login.sh
index 5231143d..bd790835 100644
--- a/agents/tfc/login.sh
+++ b/agents/tfc/login.sh
@@ -5,8 +5,14 @@ if [[ -v ARM_CLIENT_SECRET ]]; then
   az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET -t $ARM_TENANT_ID --allow-no-subscriptions >/dev/null >&1
 fi
 
-if [[ -v ARM_SUBSCRIPTION_ID ]]; then
+if [[ -v MSI-RESOURCE-ID ]]; then
+  echo "Logging with the user-assigned managed identity. ($MSI-RESOURCE-ID)"
+  az login --identity -u $(MSI-RESOURCE-ID) -t $ARM_TENANT_ID --allow-no-subscriptions >/dev/null >&1
+fi
+
+if [[ -v ARM_SUBSCRIPTION_ID ] || [ -v SUBSCRIPTION_ID ]]; then
+  ARM_SUBSCRIPTION_ID=${ARM_SUBSCRIPTION_ID:="$SUBSCRIPTION_ID"}
   echo "Set the subscription to $ARM_SUBSCRIPTION_ID."
   az account set -s $ARM_SUBSCRIPTION_ID
   az account show -o json | jq
-fi
\ No newline at end of file
+fi