Add MSI Support for Azure plugin.

Signed-off-by: yanggang <[email protected]>

Author: yanggang

changelogs/unreleased/6938-yanggangtony

@@ -0,0 +1 @@
+Add MSI Support for Azure plugin.

pkg/util/azure/credential.go

@@ -49,6 +49,20 @@ func NewCredential(creds map[string]string, options policy.ClientOptions) (azcor
 		errMsgs = append(errMsgs, err.Error())
 	}
 
+	//msiEndpoint credential
+	msiEndpoint := creds[CredentialMSIENDPOINT]
+	identityEndpoint := creds[CredentialIDENTITYENDPOINT]
+
+	if msiEndpoint != "" || identityEndpoint != "" {
+		o := &azidentity.ManagedIdentityCredentialOptions{ClientOptions: options, ID: azidentity.ClientID(creds[CredentialKeyClientID])}
+		msi, err := azidentity.NewManagedIdentityCredential(o)
+		if err == nil {
+			credential = append(credential, msi)
+		} else {
+			errMsgs = append(errMsgs, err.Error())
+		}
+	}
+
 	// workload identity credential
 	wic, err := azidentity.NewWorkloadIdentityCredential(&azidentity.WorkloadIdentityCredentialOptions{
 		AdditionallyAllowedTenants: additionalTenants,

pkg/util/azure/util.go

@@ -49,6 +49,12 @@ const (
 	CredentialKeyUsername                   = "AZURE_USERNAME"                      // #nosec
 	CredentialKeyPassword                   = "AZURE_PASSWORD"                      // #nosec
 
+	CredentialIMDSENDPOINT             = "IMDS_ENDPOINT"              // #nosec
+	CredentialIDENTITYENDPOINT         = "IDENTITY_ENDPOINT"          // #nosec
+	CredentialIDENTITYHEADER           = "IDENTITY_HEADER"            // #nosec
+	CredentialIDENTITYSERVERTHUMBPRINT = "IDENTITY_SERVER_THUMBPRINT" // #nosec
+	CredentialMSIENDPOINT              = "MSI_ENDPOINT"               // #nosec
+
 	credentialFile = "credentialsFile"
 )