MSI Support missing in newConfigCredential

[anshulahuja98]

What steps did you take and what happened:

Latest Azure plugin 1.8 does not support MSI based auth due to Workload Identity related changes in core velero azure utils.

What did you expect to happen:
Earlier velero used to work by only providing
AZURE_CLIENT_ID=
AZURE_TENANT_ID=
AZURE_CLOUD_NAME=

Which used MSI based auth.
When these values were provided, velero used to fetch the token from the IMDS endpoint, based on the impl of NewAuthorizerFromEnvironment which is based on prev impl.

// 1. Client credentials
// 2. Client certificate
// 3. Username password
**// 4. MSI**
func NewAuthorizerFromEnvironment() (autorest.Authorizer, error) {

With new changes for WorkloadIdentity, this has stopped working.
We need to add support for MSI in newConfigCredential. This can potentially be done by using ManagedIdentityCredentialOptions

The following information will help us better understand what's going on:

If you are using velero v1.7.0+:
Please use velero debug --backup <backupname> --restore <restorename> to generate the support bundle, and attach to this issue, more options please refer to velero debug --help

If you are using earlier versions:
Please provide the output of the following commands (Pasting long output into a GitHub gist or other pastebin is fine.)

• kubectl logs deployment/velero -n velero
• velero backup describe <backupname> or kubectl get backup/<backupname> -n velero -o yaml
• velero backup logs <backupname>
• velero restore describe <restorename> or kubectl get restore/<restorename> -n velero -o yaml
• velero restore logs <restorename>

Anything else you would like to add:

Environment:

• Velero version (use velero version):
• Velero features (use velero client config get features):
• Kubernetes version (use kubectl version):
• Kubernetes installer & version:
• Cloud provider or hardware configuration:
• OS (e.g. from /etc/os-release):

Vote on this issue!

This is an invitation to the Velero community to vote on issues, you can see the project's top voted issues listed here.
Use the "reaction smiley face" up to the right of this comment to vote.

• 👍 for "I would like to see this bug fixed as soon as possible"
• 👎 for "There are more important bugs to focus on right now"

[yanggangtony]

@anshulahuja98 @ywk253100
Hi , is this task begin to handle?
if not , can i take it over and work on it? because i want to do more plugins works in velero.

[anshulahuja98]

I think it should be fine if you pick the impl@yanggangtony
But I'll wait to hear from @ywk253100 on his thoughts around this issue first.

You can pick the impl once we have consensus

[yanggangtony]

Thanks. i will follow it.

[ywk253100]

@anshulahuja98 The changes were introduced only on the main branch, so the issue should only exist on the dev version of Velero and the plugin, right?

[anshulahuja98]

Yes correct @ywk253100

[ywk253100]

@yanggangtony Assigned it to you, thanks

[yanggangtony]

@ywk253100
Ok, i will take it , and later sent a code patch.

[yanggangtony]

@ywk253100 @anshulahuja98
Hi , would you take some time for review the code.
If have any problems , please tell me, thanks.