For SDE-1447 we need Hive (and installer as a result) to support first party service principal. First party apps are special kind of apps which must be used by a resource providers (RPs) to access resources in customer tanants.

Currently Hive and installer only support cluster provisioning and management using a service principal provided by a customer. This is the service principal specified in  ClusterDeployment: spec.platform.azure.credentialsSecretRef. It is the same service principal which ends up in inside of the provisioned cluster for further in-cluster operations such as machine set scaling, etc.

Now that we are adding Hive into Azure Red Hat OpenShift RP this has to change to meet the requirements for the first party resource providers. We need to split responsibilities between two service principals:

• First party service principal must be used for cluster provisioning, deprovisioning and any other operations which require a call from RP (Hive/installer) to Azure API to manage resources in a customer subscription.
• "Regular" service principal provided by a customer must be used for in-cluster operations (machine set scaling, etc)