Skip to content

Commit

Permalink
enable per-sub msi client
Browse files Browse the repository at this point in the history 
Signed-off-by: Jack Francis <[email protected]>
  • Loading branch information
@jackfrancis
jackfrancis committed Apr 9, 2024
1 parent 743d95f commit 4a1621e
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 1 deletion.
13 changes: 13 additions & 0 deletions azure/services/identities/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,19 @@ func NewClient(auth azure.Authorizer) (Client, error) {
return &AzureClient{factory.NewUserAssignedIdentitiesClient()}, nil
}

// NewClientBySub creates a new MSI client with a given subscriptionID

Check failure on line 54 in azure/services/identities/client.go

View workflow job for this annotation

GitHub Actions / coverage 

Comment should end in a period (godot)
func NewClientBySub(auth azure.Authorizer, subscriptionID string) (Client, error) {
opts, err := azure.ARMClientOptions(auth.CloudEnvironment())
if err != nil {
return nil, errors.Wrap(err, "failed to create identities client options")
}
factory, err := armmsi.NewClientFactory(subscriptionID, auth.Token(), opts)
if err != nil {
return nil, errors.Wrap(err, "failed to create armmsi client factory")
}
return &AzureClient{factory.NewUserAssignedIdentitiesClient()}, nil
}

// Get returns a managed service identity.
func (ac *AzureClient) Get(ctx context.Context, resourceGroupName, name string) (armmsi.Identity, error) {
ctx, _, done := tele.StartSpanWithLogger(ctx, "identities.AzureClient.Get")
Expand Down
10 changes: 9 additions & 1 deletion azure/services/virtualmachines/virtualmachines.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,15 @@ func (s *Service) checkUserAssignedIdentities(ctx context.Context, specIdentitie

// Create a map of the expected identities. The ProviderID is converted to match the format of the VM identity.
for _, expectedIdentity := range specIdentities {
expectedClientID, err := s.identitiesGetter.GetClientID(ctx, expectedIdentity.ProviderID)
var identitiesClient identities.Client = s.identitiesGetter

Check failure on line 179 in azure/services/virtualmachines/virtualmachines.go

View workflow job for this annotation

GitHub Actions / coverage 

ST1023: should omit type identities.Client from declaration; it will be inferred from the right-hand side (stylecheck)
parsed, err := azureutil.ParseResourceID(expectedIdentity.ProviderID)
if err != nil {
return err
}
if parsed.SubscriptionID != s.Scope.SubscriptionID() {
identitiesClient, err = identities.NewClientBySub(s.Scope, parsed.SubscriptionID)

Check failure on line 185 in azure/services/virtualmachines/virtualmachines.go

View workflow job for this annotation

GitHub Actions / coverage 

ineffectual assignment to err (ineffassign)
}
expectedClientID, err := identitiesClient.GetClientID(ctx, expectedIdentity.ProviderID)
if err != nil {
return errors.Wrap(err, "failed to get client ID")
}
Expand Down

0 comments on commit 4a1621e

Please sign in to comment.