diff --git a/controllers/azurejson_machine_controller.go b/controllers/azurejson_machine_controller.go index 9425b4561c7..77c7b2cd1cd 100644 --- a/controllers/azurejson_machine_controller.go +++ b/controllers/azurejson_machine_controller.go @@ -31,6 +31,7 @@ import ( "k8s.io/utils/ptr" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" "sigs.k8s.io/cluster-api-provider-azure/azure/scope" + "sigs.k8s.io/cluster-api-provider-azure/azure/services/identities" "sigs.k8s.io/cluster-api-provider-azure/util/reconciler" "sigs.k8s.io/cluster-api-provider-azure/util/tele" clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" @@ -214,7 +215,15 @@ func (r *AzureJSONMachineReconciler) Reconcile(ctx context.Context, req ctrl.Req // Construct secret for this machine userAssignedIdentityIfExists := "" if len(azureMachine.Spec.UserAssignedIdentities) > 0 { - userAssignedIdentityIfExists = azureMachine.Spec.UserAssignedIdentities[0].ProviderID + idsClient, err := identities.NewClient(clusterScope) + if err != nil { + return reconcile.Result{}, errors.Wrap(err, "failed to create identities client") + } + userAssignedIdentityIfExists, err = idsClient.GetClientID( + ctx, azureMachine.Spec.UserAssignedIdentities[0].ProviderID) + if err != nil { + return reconcile.Result{}, errors.Wrap(err, "failed to get user-assigned identity ClientID") + } } if azureMachine.Spec.Identity == infrav1.VMIdentityNone { diff --git a/controllers/azurejson_machinepool_controller.go b/controllers/azurejson_machinepool_controller.go index 1573ee59dba..7019785e405 100644 --- a/controllers/azurejson_machinepool_controller.go +++ b/controllers/azurejson_machinepool_controller.go @@ -30,6 +30,7 @@ import ( "k8s.io/utils/ptr" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" "sigs.k8s.io/cluster-api-provider-azure/azure/scope" + "sigs.k8s.io/cluster-api-provider-azure/azure/services/identities" infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1" "sigs.k8s.io/cluster-api-provider-azure/util/reconciler" "sigs.k8s.io/cluster-api-provider-azure/util/tele" @@ -174,7 +175,15 @@ func (r *AzureJSONMachinePoolReconciler) Reconcile(ctx context.Context, req ctrl // Construct secret for this machine userAssignedIdentityIfExists := "" if len(azureMachinePool.Spec.UserAssignedIdentities) > 0 { - userAssignedIdentityIfExists = azureMachinePool.Spec.UserAssignedIdentities[0].ProviderID + idsClient, err := identities.NewClient(clusterScope) + if err != nil { + return reconcile.Result{}, errors.Wrap(err, "failed to create identities client") + } + userAssignedIdentityIfExists, err = idsClient.GetClientID( + ctx, azureMachinePool.Spec.UserAssignedIdentities[0].ProviderID) + if err != nil { + return reconcile.Result{}, errors.Wrap(err, "failed to get user-assigned identity ClientID") + } } apiVersion, kind := infrav1.GroupVersion.WithKind("AzureMachinePool").ToAPIVersionAndKind() diff --git a/controllers/azurejson_machinetemplate_controller.go b/controllers/azurejson_machinetemplate_controller.go index fa37ecc5155..c9f3675000d 100644 --- a/controllers/azurejson_machinetemplate_controller.go +++ b/controllers/azurejson_machinetemplate_controller.go @@ -30,6 +30,7 @@ import ( "k8s.io/utils/ptr" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" "sigs.k8s.io/cluster-api-provider-azure/azure/scope" + "sigs.k8s.io/cluster-api-provider-azure/azure/services/identities" "sigs.k8s.io/cluster-api-provider-azure/util/reconciler" "sigs.k8s.io/cluster-api-provider-azure/util/tele" clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" @@ -174,7 +175,15 @@ func (r *AzureJSONTemplateReconciler) Reconcile(ctx context.Context, req ctrl.Re // Construct secret for this machine template userAssignedIdentityIfExists := "" if len(azureMachineTemplate.Spec.Template.Spec.UserAssignedIdentities) > 0 { - userAssignedIdentityIfExists = azureMachineTemplate.Spec.Template.Spec.UserAssignedIdentities[0].ProviderID + idsClient, err := identities.NewClient(clusterScope) + if err != nil { + return reconcile.Result{}, errors.Wrap(err, "failed to create identities client") + } + userAssignedIdentityIfExists, err = idsClient.GetClientID( + ctx, azureMachineTemplate.Spec.Template.Spec.UserAssignedIdentities[0].ProviderID) + if err != nil { + return reconcile.Result{}, errors.Wrap(err, "failed to get user-assigned identity ClientID") + } } if azureMachineTemplate.Spec.Template.Spec.Identity == infrav1.VMIdentityNone {