OCPGBUGS-56008: creds for Azure image pull

Removing the identity from the Azure nodes in
#9538
broke the acr-credentials-provider, which allows pulling images
from private registries in Azure.

Instead of re-adding the identity attached to the node, we can
add a secret which will add credentials to the cloud provider config.

Upstream is working on a solution that will use credentials requests.
Once that is landed, we can remove this. Track:
kubernetes/enhancements#4412

Author: patrickdillon

pkg/asset/manifests/openshift.go

@@ -280,6 +280,37 @@ func (o *Openshift) Generate(ctx context.Context, dependencies asset.Parents) er
 		assetData["99_baremetal-provisioning-config.yaml"] = applyTemplateData(baremetalConfig.Files()[0].Data, bmTemplateData)
 	}
 
+	if platform == azuretypes.Name && installConfig.Config.CredentialsMode != types.ManualCredentialsMode {
+		// config is used to created compatible secret to trigger azure cloud
+		// controller config merge behaviour
+		// https://github.com/openshift/origin/blob/90c050f5afb4c52ace82b15e126efe98fa798d88/vendor/k8s.io/legacy-cloud-providers/azure/azure_config.go#L83
+		session, err := installConfig.Azure.Session()
+		if err != nil {
+			return err
+		}
+		config := struct {
+			AADClientID     string `json:"aadClientId" yaml:"aadClientId"`
+			AADClientSecret string `json:"aadClientSecret" yaml:"aadClientSecret"`
+		}{
+			AADClientID:     session.Credentials.ClientID,
+			AADClientSecret: session.Credentials.ClientSecret,
+		}
+
+		b, err := yaml.Marshal(config)
+		if err != nil {
+			return err
+		}
+
+		azureCloudProviderSecret := &openshift.AzureCloudProviderSecret{}
+		dependencies.Get(azureCloudProviderSecret)
+		for _, f := range azureCloudProviderSecret.Files() {
+			name := strings.TrimSuffix(filepath.Base(f.Filename), ".template")
+			assetData[name] = applyTemplateData(f.Data, map[string]string{
+				"CloudConfig": string(b),
+			})
+		}
+	}
+
 	o.FileList = []*asset.File{}
 	for name, data := range assetData {
 		if len(data) == 0 {