go.mod: bump msi-dataplane to v0.4.0 (#4095)

Signed-off-by: Steve Kuznetsov <[email protected]>

Author: stevekuznetsov

go.mod

@@ -23,7 +23,7 @@ require (
 	github.com/Azure/go-autorest/autorest/to v0.4.0
 	github.com/Azure/go-autorest/autorest/validation v0.3.1
 	github.com/Azure/go-autorest/tracing v0.6.0
-	github.com/Azure/msi-dataplane v0.3.0
+	github.com/Azure/msi-dataplane v0.4.0
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/codahale/etm v0.0.0-20141003032925-c00c9e6fb4c9
 	github.com/containers/image/v5 v5.31.0

go.sum

@@ -66,8 +66,8 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
-github.com/Azure/msi-dataplane v0.3.0 h1:ng54QWSDGct4crZJ0Ea7Zt/ZbaQLO2s7yXicWRPyLP4=
-github.com/Azure/msi-dataplane v0.3.0/go.mod h1:y+euhWbc8/wgVM1hyJLQf4DnByegnwxAcDV0OKNM9+k=
+github.com/Azure/msi-dataplane v0.4.0 h1:lofdhX74IgMEvIe6cw8tdwr3zfZkdk77TXetFv0/By8=
+github.com/Azure/msi-dataplane v0.4.0/go.mod h1:y+euhWbc8/wgVM1hyJLQf4DnByegnwxAcDV0OKNM9+k=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU=

pkg/cluster/clustermsi.go

@@ -120,11 +120,6 @@ func (m *manager) initializeClusterMsiClients(ctx context.Context) error {
 		return err
 	}
 
-	cloud, err := m.env.Environment().CloudNameForMsiDataplane()
-	if err != nil {
-		return err
-	}
-
 	msiResourceId, err := m.doc.OpenShiftCluster.ClusterMsiResourceId()
 	if err != nil {
 		return err
@@ -134,7 +129,7 @@ func (m *manager) initializeClusterMsiClients(ctx context.Context) error {
 	for _, identity := range kvSecret.ExplicitIdentities {
 		if identity.ResourceID != nil && strings.EqualFold(*identity.ResourceID, msiResourceId.String()) {
 			var err error
-			azureCred, err = dataplane.GetCredential(cloud, identity)
+			azureCred, err = dataplane.GetCredential(m.env.Environment().AzureClientOptions(), identity)
 			if err != nil {
 				return fmt.Errorf("failed to get credential for msi identity %q: %v", msiResourceId, err)
 			}

pkg/util/azureclient/environments.go

@@ -13,7 +13,6 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/go-autorest/autorest/azure"
-	"github.com/Azure/msi-dataplane/pkg/dataplane"
 
 	"github.com/Azure/ARO-RP/pkg/util/azureclient/azuresdk/common"
 	utilgraph "github.com/Azure/ARO-RP/pkg/util/graph"
@@ -120,43 +119,39 @@ func (e *AROEnvironment) ArmClientOptions(middlewares ...policy.Policy) *arm.Cli
 func (e *AROEnvironment) ClientCertificateCredentialOptions(additionalTenants []string) *azidentity.ClientCertificateCredentialOptions {
 	return &azidentity.ClientCertificateCredentialOptions{
 		AdditionallyAllowedTenants: additionalTenants,
-		ClientOptions: azcore.ClientOptions{
-			Cloud: e.Cloud,
-		},
+		ClientOptions:              e.AzureClientOptions(),
 		// Required for Subject Name/Issuer (SNI) authentication
 		SendCertificateChain: true,
 	}
 }
 
 func (e *AROEnvironment) ClientSecretCredentialOptions() *azidentity.ClientSecretCredentialOptions {
 	return &azidentity.ClientSecretCredentialOptions{
-		ClientOptions: azcore.ClientOptions{
-			Cloud: e.Cloud,
-		},
+		ClientOptions: e.AzureClientOptions(),
 	}
 }
 
 func (e *AROEnvironment) DefaultAzureCredentialOptions() *azidentity.DefaultAzureCredentialOptions {
 	return &azidentity.DefaultAzureCredentialOptions{
-		ClientOptions: azcore.ClientOptions{
-			Cloud: e.Cloud,
-		},
+		ClientOptions: e.AzureClientOptions(),
 	}
 }
 
 func (e *AROEnvironment) EnvironmentCredentialOptions() *azidentity.EnvironmentCredentialOptions {
 	return &azidentity.EnvironmentCredentialOptions{
-		ClientOptions: azcore.ClientOptions{
-			Cloud: e.Cloud,
-		},
+		ClientOptions: e.AzureClientOptions(),
 	}
 }
 
 func (e *AROEnvironment) ManagedIdentityCredentialOptions() *azidentity.ManagedIdentityCredentialOptions {
 	return &azidentity.ManagedIdentityCredentialOptions{
-		ClientOptions: azcore.ClientOptions{
-			Cloud: e.Cloud,
-		},
+		ClientOptions: e.AzureClientOptions(),
+	}
+}
+
+func (e *AROEnvironment) AzureClientOptions() azcore.ClientOptions {
+	return azcore.ClientOptions{
+		Cloud: e.Cloud,
 	}
 }
 
@@ -173,12 +168,3 @@ func (e *AROEnvironment) NewGraphServiceClient(tokenCredential azcore.TokenCrede
 
 	return client, nil
 }
-
-// CloudNameForMsiDataplane returns the cloud name to be passed in when instantiating
-// an MSI dataplane client or an error if it encounters an issue getting the correct
-// cloud name. This function might seem a little strange, but it's necessary because
-// the cloud names stored in the AROEnvironments are in all-caps, whereas the ones
-// defined as constants in the dataplane module are in camel case.
-func (e *AROEnvironment) CloudNameForMsiDataplane() (dataplane.AzureCloud, error) {
-	return dataplane.AzureCloud(e.Name), nil
-}

vendor/github.com/Azure/msi-dataplane/pkg/dataplane/constants.go

@@ -138,7 +138,7 @@ github.com/Azure/go-autorest/logger
 # github.com/Azure/go-autorest/tracing v0.6.0
 ## explicit; go 1.12
 github.com/Azure/go-autorest/tracing
-# github.com/Azure/msi-dataplane v0.3.0
+# github.com/Azure/msi-dataplane v0.4.0
 ## explicit; go 1.22
 github.com/Azure/msi-dataplane/pkg/dataplane
 github.com/Azure/msi-dataplane/pkg/dataplane/internal/challenge