-
Story
-
Resolution: Unresolved
-
Blocker
-
None
-
None
-
None
-
False
-
None
-
False
-
OCPSTRAT-979 - Integrate Azure Workload Identities and Managed Service Identity (MSI) for Operators (control plane/data plane) - Part I
-
-
-
Hypershift Sprint 260, Hypershift Sprint 261, Hypershift Sprint 262, Hypershift Sprint 263
-
0
-
0
-
0
General
The image registry would get Azure credentials using Azure SDK's generic NewDefaultAzureCredential function.
Why is this important?
- Different OpenShift components implement different patterns of setting up environment variables to get Azure credentials for different Azure authentication methods.
- Refactoring the pattern to use `NewDefaultAzureCredential` will enable OpenShift components to have the same pattern in setting up Azure credentials
- This is also needed to enable authentication with Service Principal with backing certificates for ARO HCP.
Acceptance Criteria
- Refactored code that uses `NewDefaultAzureCredential`
- Updated documentation
- ARO HCP CI coverage
Dependencies (internal and external)
Azure SDK
Done Checklist
CI - Existing CI is running, tests are automated and merged.
CI - AKS CI is running, tests are automated and merged.
DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
DEV - Downstream build attached to advisory: <link to errata>
QE - Test plans in Polarion: <link or reference to Polarion>
QE - Automated tests merged: <link or reference to automated tests>
DOC - Downstream documentation merged: <link to meaningful PR>
- clones
-
-
- Review
-
- is cloned by
-
-
- Review
-
- links to