Skip to content

Commit

Permalink
chore: rename "credential-from-environment" to "workload-identity"
Browse files Browse the repository at this point in the history
  • Loading branch information
comtalyst committed Jun 7, 2024
1 parent 69f83e2 commit 133ffec
Show file tree
Hide file tree
Showing 6 changed files with 16 additions and 16 deletions.
2 changes: 1 addition & 1 deletion karpenter-values-template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ controller:
- name: AZURE_NODE_RESOURCE_GROUP
value: ${AZURE_RESOURCE_GROUP_MC}
- name: ARM_AUTH_METHOD
value: "credential-from-environment"
value: "workload-identity"
serviceAccount:
name: ${KARPENTER_SERVICE_ACCOUNT_NAME}
annotations:
Expand Down
2 changes: 1 addition & 1 deletion pkg/auth/autorest_auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ import (

func NewAuthorizer(config *Config, env *azure.Environment) (autorest.Authorizer, error) {
// TODO (charliedmcb): need to get track 2 support for the skewer API, and align all auth under workload identity in the same way within cred.go
if config.AuthMethod == authMethodCredFromEnv {
if config.AuthMethod == authMethodWorkloadIdentity {
klog.V(2).Infoln("auth: using workload identity for new authorizer")
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
Expand Down
12 changes: 6 additions & 6 deletions pkg/auth/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@ import (

const (
// auth methods
authMethodSysMSI = "system-assigned-msi"
authMethodCredFromEnv = "credential-from-environment"
authMethodSysMSI = "system-assigned-msi"
authMethodWorkloadIdentity = "workload-identity"
)

const (
Expand Down Expand Up @@ -61,8 +61,8 @@ type Config struct {
VMType string `json:"vmType" yaml:"vmType"`

// AuthMethod determines how to authorize requests for the Azure cloud.
// Valid options are "system-assigned-msi" and "credential-from-environment"
// The default is "credential-from-environment".
// Valid options are "system-assigned-msi" and "workload-identity"
// The default is "workload-identity".
AuthMethod string `json:"authMethod" yaml:"authMethod"`

// Managed identity for Kubelet (not to be confused with Azure cloud authorization)
Expand Down Expand Up @@ -123,7 +123,7 @@ func (cfg *Config) Default() error {
}

if cfg.AuthMethod == "" {
cfg.AuthMethod = authMethodCredFromEnv
cfg.AuthMethod = authMethodWorkloadIdentity
}

return nil
Expand All @@ -145,7 +145,7 @@ func (cfg *Config) Validate() error {
}
}

if cfg.AuthMethod != authMethodSysMSI && cfg.AuthMethod != authMethodCredFromEnv {
if cfg.AuthMethod != authMethodSysMSI && cfg.AuthMethod != authMethodWorkloadIdentity {
return fmt.Errorf("unsupported authorization method: %s", cfg.AuthMethod)
}

Expand Down
10 changes: 5 additions & 5 deletions pkg/auth/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ func TestBuildAzureConfig(t *testing.T) {
ResourceGroup: "my-rg",
NodeResourceGroup: "my-node-rg",
VMType: "vmss",
AuthMethod: "credential-from-environment",
AuthMethod: "workload-identity",
},
wantErr: false,
env: map[string]string{
Expand All @@ -60,7 +60,7 @@ func TestBuildAzureConfig(t *testing.T) {
ResourceGroup: "my-rg",
NodeResourceGroup: "my-node-rg",
VMType: "vm",
AuthMethod: "credential-from-environment",
AuthMethod: "workload-identity",
},
wantErr: false,
env: map[string]string{
Expand Down Expand Up @@ -108,13 +108,13 @@ func TestBuildAzureConfig(t *testing.T) {
},
},
{
name: "auth method credential from environment",
name: "auth method workload identity",
expected: &Config{
SubscriptionID: "12345",
ResourceGroup: "my-rg",
NodeResourceGroup: "my-node-rg",
VMType: "vmss",
AuthMethod: "credential-from-environment",
AuthMethod: "workload-identity",
},
wantErr: false,
env: map[string]string{
Expand All @@ -124,7 +124,7 @@ func TestBuildAzureConfig(t *testing.T) {
"AZURE_SUBNET_ID": "12345",
"AZURE_SUBNET_NAME": "my-subnet",
"AZURE_VNET_NAME": "my-vnet",
"ARM_AUTH_METHOD": "credential-from-environment",
"ARM_AUTH_METHOD": "workload-identity",
},
},
{
Expand Down
2 changes: 1 addition & 1 deletion pkg/auth/cred.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ func NewCredential(cfg *Config) (azcore.TokenCredential, error) {
return nil, fmt.Errorf("failed to create credential, nil config provided")
}

if cfg.AuthMethod == authMethodCredFromEnv {
if cfg.AuthMethod == authMethodWorkloadIdentity {
klog.V(2).Infoln("cred: using workload identity for new credential")
return azidentity.NewDefaultAzureCredential(nil)
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/auth/cred_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,9 +63,9 @@ func TestNewCredential(t *testing.T) {
wantErr: false,
},
{
name: "auth method credential-from-environment",
name: "auth method workload-identity",
cfg: &Config{
AuthMethod: authMethodCredFromEnv,
AuthMethod: authMethodWorkloadIdentity,
},
want: reflect.TypeOf(&azidentity.DefaultAzureCredential{}),
wantErr: false,
Expand Down

0 comments on commit 133ffec

Please sign in to comment.