From 6565bcd0c2d1c84c679dc85c43716cbc297d351e Mon Sep 17 00:00:00 2001
From: Robin Deeboonchai <rdeeboonchai@microsoft.com>
Date: Wed, 22 May 2024 12:58:39 -0700
Subject: [PATCH] chore: rename "credential-from-environment" to
 "workload-identity"

---
 karpenter-values-template.yaml |  2 +-
 pkg/auth/autorest_auth.go      |  2 +-
 pkg/auth/config.go             | 12 ++++++------
 pkg/auth/config_test.go        | 10 +++++-----
 pkg/auth/cred.go               |  2 +-
 pkg/auth/cred_test.go          |  4 ++--
 6 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/karpenter-values-template.yaml b/karpenter-values-template.yaml
index 164b373b6..0deb08e90 100644
--- a/karpenter-values-template.yaml
+++ b/karpenter-values-template.yaml
@@ -39,7 +39,7 @@ controller:
     - name: AZURE_NODE_RESOURCE_GROUP
       value: ${AZURE_RESOURCE_GROUP_MC}
     - name: ARM_AUTH_METHOD
-      value: "credential-from-environment"
+      value: "workload-identity"
 serviceAccount:
   name: ${KARPENTER_SERVICE_ACCOUNT_NAME}
   annotations:
diff --git a/pkg/auth/autorest_auth.go b/pkg/auth/autorest_auth.go
index 05f8290c8..a7e6b5204 100644
--- a/pkg/auth/autorest_auth.go
+++ b/pkg/auth/autorest_auth.go
@@ -30,7 +30,7 @@ import (
 
 func NewAuthorizer(config *Config, env *azure.Environment) (autorest.Authorizer, error) {
 	// TODO (charliedmcb): need to get track 2 support for the skewer API, and align all auth under workload identity in the same way within cred.go
-	if config.AuthMethod == authMethodCredFromEnv {
+	if config.AuthMethod == authMethodWorkloadIdentity {
 		klog.V(2).Infoln("auth: using workload identity for new authorizer")
 		cred, err := azidentity.NewDefaultAzureCredential(nil)
 		if err != nil {
diff --git a/pkg/auth/config.go b/pkg/auth/config.go
index f2cec20f8..6f2c9b6d7 100644
--- a/pkg/auth/config.go
+++ b/pkg/auth/config.go
@@ -27,8 +27,8 @@ import (
 
 const (
 	// auth methods
-	authMethodSysMSI      = "system-assigned-msi"
-	authMethodCredFromEnv = "credential-from-environment"
+	authMethodSysMSI           = "system-assigned-msi"
+	authMethodWorkloadIdentity = "workload-identity"
 )
 
 const (
@@ -61,8 +61,8 @@ type Config struct {
 	VMType         string `json:"vmType" yaml:"vmType"`
 
 	// AuthMethod determines how to authorize requests for the Azure cloud.
-	// Valid options are "system-assigned-msi" and "credential-from-environment"
-	// The default is "credential-from-environment".
+	// Valid options are "system-assigned-msi" and "workload-identity"
+	// The default is "workload-identity".
 	AuthMethod string `json:"authMethod" yaml:"authMethod"`
 
 	// Managed identity for Kubelet (not to be confused with Azure cloud authorization)
@@ -123,7 +123,7 @@ func (cfg *Config) Default() error {
 	}
 
 	if cfg.AuthMethod == "" {
-		cfg.AuthMethod = authMethodCredFromEnv
+		cfg.AuthMethod = authMethodWorkloadIdentity
 	}
 
 	return nil
@@ -145,7 +145,7 @@ func (cfg *Config) Validate() error {
 		}
 	}
 
-	if cfg.AuthMethod != authMethodSysMSI && cfg.AuthMethod != authMethodCredFromEnv {
+	if cfg.AuthMethod != authMethodSysMSI && cfg.AuthMethod != authMethodWorkloadIdentity {
 		return fmt.Errorf("unsupported authorization method: %s", cfg.AuthMethod)
 	}
 
diff --git a/pkg/auth/config_test.go b/pkg/auth/config_test.go
index 4f484dc24..913d3507a 100644
--- a/pkg/auth/config_test.go
+++ b/pkg/auth/config_test.go
@@ -41,7 +41,7 @@ func TestBuildAzureConfig(t *testing.T) {
 				ResourceGroup:     "my-rg",
 				NodeResourceGroup: "my-node-rg",
 				VMType:            "vmss",
-				AuthMethod:        "credential-from-environment",
+				AuthMethod:        "workload-identity",
 			},
 			wantErr: false,
 			env: map[string]string{
@@ -60,7 +60,7 @@ func TestBuildAzureConfig(t *testing.T) {
 				ResourceGroup:     "my-rg",
 				NodeResourceGroup: "my-node-rg",
 				VMType:            "vm",
-				AuthMethod:        "credential-from-environment",
+				AuthMethod:        "workload-identity",
 			},
 			wantErr: false,
 			env: map[string]string{
@@ -108,13 +108,13 @@ func TestBuildAzureConfig(t *testing.T) {
 			},
 		},
 		{
-			name: "auth method credential from environment",
+			name: "auth method workload identity",
 			expected: &Config{
 				SubscriptionID:    "12345",
 				ResourceGroup:     "my-rg",
 				NodeResourceGroup: "my-node-rg",
 				VMType:            "vmss",
-				AuthMethod:        "credential-from-environment",
+				AuthMethod:        "workload-identity",
 			},
 			wantErr: false,
 			env: map[string]string{
@@ -124,7 +124,7 @@ func TestBuildAzureConfig(t *testing.T) {
 				"AZURE_SUBNET_ID":           "12345",
 				"AZURE_SUBNET_NAME":         "my-subnet",
 				"AZURE_VNET_NAME":           "my-vnet",
-				"ARM_AUTH_METHOD":           "credential-from-environment",
+				"ARM_AUTH_METHOD":           "workload-identity",
 			},
 		},
 		{
diff --git a/pkg/auth/cred.go b/pkg/auth/cred.go
index b19d74134..042a5c982 100644
--- a/pkg/auth/cred.go
+++ b/pkg/auth/cred.go
@@ -30,7 +30,7 @@ func NewCredential(cfg *Config) (azcore.TokenCredential, error) {
 		return nil, fmt.Errorf("failed to create credential, nil config provided")
 	}
 
-	if cfg.AuthMethod == authMethodCredFromEnv {
+	if cfg.AuthMethod == authMethodWorkloadIdentity {
 		klog.V(2).Infoln("cred: using workload identity for new credential")
 		return azidentity.NewDefaultAzureCredential(nil)
 	}
diff --git a/pkg/auth/cred_test.go b/pkg/auth/cred_test.go
index ceafa4fd5..832fa685f 100644
--- a/pkg/auth/cred_test.go
+++ b/pkg/auth/cred_test.go
@@ -63,9 +63,9 @@ func TestNewCredential(t *testing.T) {
 			wantErr: false,
 		},
 		{
-			name: "auth method credential-from-environment",
+			name: "auth method workload-identity",
 			cfg: &Config{
-				AuthMethod: authMethodCredFromEnv,
+				AuthMethod: authMethodWorkloadIdentity,
 			},
 			want:    reflect.TypeOf(&azidentity.DefaultAzureCredential{}),
 			wantErr: false,