diff --git a/controllers/azurejson_machine_controller.go b/controllers/azurejson_machine_controller.go index 9425b4561c74..880727d2caae 100644 --- a/controllers/azurejson_machine_controller.go +++ b/controllers/azurejson_machine_controller.go @@ -31,6 +31,7 @@ import ( "k8s.io/utils/ptr" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" "sigs.k8s.io/cluster-api-provider-azure/azure/scope" + "sigs.k8s.io/cluster-api-provider-azure/azure/services/identities" "sigs.k8s.io/cluster-api-provider-azure/util/reconciler" "sigs.k8s.io/cluster-api-provider-azure/util/tele" clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" @@ -214,7 +215,13 @@ func (r *AzureJSONMachineReconciler) Reconcile(ctx context.Context, req ctrl.Req // Construct secret for this machine userAssignedIdentityIfExists := "" if len(azureMachine.Spec.UserAssignedIdentities) > 0 { - userAssignedIdentityIfExists = azureMachine.Spec.UserAssignedIdentities[0].ProviderID + // TODO: remove this ClientID lookup code when the fixed cloud-provider-azure is default + idsClient := identities.NewClient(clusterScope) + userAssignedIdentityIfExists, err = idsClient.GetClientID( + ctx, azureMachine.Spec.UserAssignedIdentities[0].ProviderID) + if err != nil { + return reconcile.Result{}, errors.Wrap(err, "failed to get user-assigned identity ClientID") + } } if azureMachine.Spec.Identity == infrav1.VMIdentityNone { diff --git a/controllers/azurejson_machinepool_controller.go b/controllers/azurejson_machinepool_controller.go index 1573ee59dbae..d94c95f084bb 100644 --- a/controllers/azurejson_machinepool_controller.go +++ b/controllers/azurejson_machinepool_controller.go @@ -30,6 +30,7 @@ import ( "k8s.io/utils/ptr" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" "sigs.k8s.io/cluster-api-provider-azure/azure/scope" + "sigs.k8s.io/cluster-api-provider-azure/azure/services/identities" infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1" "sigs.k8s.io/cluster-api-provider-azure/util/reconciler" "sigs.k8s.io/cluster-api-provider-azure/util/tele" @@ -174,7 +175,13 @@ func (r *AzureJSONMachinePoolReconciler) Reconcile(ctx context.Context, req ctrl // Construct secret for this machine userAssignedIdentityIfExists := "" if len(azureMachinePool.Spec.UserAssignedIdentities) > 0 { - userAssignedIdentityIfExists = azureMachinePool.Spec.UserAssignedIdentities[0].ProviderID + // TODO: remove this ClientID lookup code when the fixed cloud-provider-azure is default + idsClient := identities.NewClient(clusterScope) + userAssignedIdentityIfExists, err = idsClient.GetClientID( + ctx, azureMachinePool.Spec.UserAssignedIdentities[0].ProviderID) + if err != nil { + return reconcile.Result{}, errors.Wrap(err, "failed to get user-assigned identity ClientID") + } } apiVersion, kind := infrav1.GroupVersion.WithKind("AzureMachinePool").ToAPIVersionAndKind() diff --git a/controllers/azurejson_machinetemplate_controller.go b/controllers/azurejson_machinetemplate_controller.go index fa37ecc5155f..90675cdd5ea0 100644 --- a/controllers/azurejson_machinetemplate_controller.go +++ b/controllers/azurejson_machinetemplate_controller.go @@ -30,6 +30,7 @@ import ( "k8s.io/utils/ptr" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" "sigs.k8s.io/cluster-api-provider-azure/azure/scope" + "sigs.k8s.io/cluster-api-provider-azure/azure/services/identities" "sigs.k8s.io/cluster-api-provider-azure/util/reconciler" "sigs.k8s.io/cluster-api-provider-azure/util/tele" clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" @@ -174,7 +175,13 @@ func (r *AzureJSONTemplateReconciler) Reconcile(ctx context.Context, req ctrl.Re // Construct secret for this machine template userAssignedIdentityIfExists := "" if len(azureMachineTemplate.Spec.Template.Spec.UserAssignedIdentities) > 0 { - userAssignedIdentityIfExists = azureMachineTemplate.Spec.Template.Spec.UserAssignedIdentities[0].ProviderID + // TODO: remove this ClientID lookup code when the fixed cloud-provider-azure is default + idsClient := identities.NewClient(clusterScope) + userAssignedIdentityIfExists, err = idsClient.GetClientID( + ctx, azureMachineTemplate.Spec.Template.Spec.UserAssignedIdentities[0].ProviderID) + if err != nil { + return reconcile.Result{}, errors.Wrap(err, "failed to get user-assigned identity ClientID") + } } if azureMachineTemplate.Spec.Template.Spec.Identity == infrav1.VMIdentityNone {