unify token providers and allow setting the clientID

Signed-off-by: Jorge Turrado <[email protected]>
kedacore · Sep 14, 2022 · ad919c6 · ad919c6
1 parent c5835cc
commit ad919c6
Showing 1 changed file with 16 additions and 13 deletions.
diff --git a/pkg/scalers/azure_servicebus_scaler.go b/pkg/scalers/azure_servicebus_scaler.go
@@ -263,30 +263,33 @@ func (s *azureServiceBusScaler) getServiceBusAdminClient(ctx context.Context) (*
 		if err != nil {
 			return nil, err
 		}
-	case kedav1alpha1.PodIdentityProviderAzure:
-		// Once azure-sdk-for-go supports Workload Identity we can use this for Workload identity too
-		chain, err := azidentity.NewDefaultAzureCredential(nil)
-		if err != nil {
-			return nil, err
-		}
-		adminClient, err = admin.NewClient(s.metadata.fullyQualifiedNamespace, chain, nil)
-		if err != nil {
-			return nil, err
-		}
-	case kedav1alpha1.PodIdentityProviderAzureWorkload:
-		// Once azure-sdk-for-go supports Workload Identity we can remove this and use default implementation
-		// https://github.com/Azure/azure-sdk-for-go/issues/15615
+
+	case kedav1alpha1.PodIdentityProviderAzure, kedav1alpha1.PodIdentityProviderAzureWorkload:
 		var creds []azcore.TokenCredential
 		options := &azidentity.DefaultAzureCredentialOptions{}
 
+		// Used for local debug based on az-cli user
 		cliCred, err := azidentity.NewAzureCLICredential(&azidentity.AzureCLICredentialOptions{TenantID: options.TenantID})
 		if err == nil {
 			creds = append(creds, cliCred)
 		}
 
+		// Once azure-sdk-for-go supports Workload Identity we can remove this and use default implementation
+		// https://github.com/Azure/azure-sdk-for-go/issues/15615
 		wiCred := azure.NewADWorkloadIdentityCredential(ctx, s.podIdentity.IdentityID, serviceBusResource)
 		creds = append(creds, wiCred)
 
+		// Used for aad-pod-identity
+		o := &azidentity.ManagedIdentityCredentialOptions{ClientOptions: options.ClientOptions}
+		if s.podIdentity.IdentityID != "" {
+			o.ID = azidentity.ClientID(s.podIdentity.IdentityID)
+		}
+		msiCred, err := azidentity.NewManagedIdentityCredential(o)
+		if err == nil {
+			creds = append(creds, msiCred)
+		}
+
+		// Create the chained credential based on the previous 3
 		chain, err := azidentity.NewChainedTokenCredential(creds, nil)
 		if err != nil {
 			return nil, err