plume/azure: Add support for managed identity

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
flatcar · Jun 20, 2024 · b05b682 · b05b682
1 parent aaf7801
commit b05b682
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/cmd/plume/prerelease.go b/cmd/plume/prerelease.go
@@ -83,6 +83,8 @@ var (
 	publishMarketplace bool
 	// username is the default user on instances launched by AWS Marketplace.
 	username string
+	// azureUseIdentity is a bool to use managed identity for authentication
+	azureUseIdentity bool
 )
 
 type imageMetadataAbstract struct {
@@ -117,6 +119,7 @@ func init() {
 	cmdPreRelease.Flags().StringVar(&azureAuth, "azure-auth", "", "Azure Credentials json file")
 	cmdPreRelease.Flags().StringVar(&azureCategory, "azure-category", "", "Azure category (empty/pro)")
 	cmdPreRelease.Flags().StringVar(&azureTestContainer, "azure-test-container", "", "Use test container instead of default")
+	cmdPreRelease.Flags().BoolVar(&azureUseIdentity, "azure-identity", false, "Use VM managed identity for authentication (default false)")
 	cmdPreRelease.Flags().StringVar(&awsCredentialsFile, "aws-credentials", "", "AWS credentials file")
 	cmdPreRelease.Flags().StringVar(&verifyKeyFile,
 		"verify-key", "", "path to ASCII-armored PGP public key to be used in verifying download signatures.")
@@ -314,6 +317,7 @@ func azurePreRelease(ctx context.Context, client *http.Client, src *storage.Buck
 			AzureProfile:      azureProfile,
 			AzureAuthLocation: azureAuth,
 			AzureSubscription: environment.SubscriptionName,
+			UseIdentity:       azureUseIdentity,
 		})
 		if err != nil {
 			return fmt.Errorf("failed to create Azure API: %v", err)

diff --git a/cmd/plume/release.go b/cmd/plume/release.go
@@ -53,6 +53,7 @@ func init() {
 	cmdRelease.Flags().StringVar(&azureProfile, "azure-profile", "", "Azure Profile json file")
 	cmdRelease.Flags().StringVar(&azureAuth, "azure-auth", "", "Azure Credentials json file")
 	cmdRelease.Flags().StringVar(&azureTestContainer, "azure-test-container", "", "Use test container instead of default")
+	cmdRelease.Flags().BoolVar(&azureUseIdentity, "azure-identity", false, "Use VM managed identity for authentication (default false)")
 	cmdRelease.Flags().StringVar(&gceReleaseKey, "gce-release-key", "", "GCE key file for releases")
 	cmdRelease.Flags().BoolVarP(&releaseDryRun, "dry-run", "n", false,
 		"perform a trial run, do not make changes")
@@ -394,6 +395,7 @@ func doAzure(ctx context.Context, client *http.Client, src *storage.Bucket, spec
 			AzureProfile:      azureProfile,
 			AzureAuthLocation: azureAuth,
 			AzureSubscription: environment.SubscriptionName,
+			UseIdentity:       azureUseIdentity,
 		})
 		if err != nil {
 			plog.Fatalf("failed to create Azure API: %v", err)