This effort is dependent on the completion of work for
CCO-187, and effort in dependent modules is planned to be worked on by the CCO team unless individual repo owners can help. Operators owners/teams will be expected to review merge requests and complete appropriate QE effort for an openshift release.
- azure-sdk-for-go module dependency updated to support workload identity federation.
- Mount the OIDC token in the operator pod. This needs to go in the deployment. See example from addition to the cluster-image-registry-operator here
- CIRO should retrieve the "azure_resourcegroup" from the cluster Infrastructure object instead of the CCO created secret (this key will not be present when workload identity is in use)
- CIRO's CredentialsRequest specifies the service account names (see the: cluster-storage-operator for an example)
- CIRO is able to create storage accounts and containers when configured with azure workload identity.