From 48bdef217ba87abbd61cb22723c95116b5770540 Mon Sep 17 00:00:00 2001
From: Charlie McBride <33269602+charliedmcb@users.noreply.github.com>
Date: Tue, 9 Jan 2024 18:49:17 +0000
Subject: [PATCH] update sku to use new workload id auth patterning as the
 backing with wrapper

---
 Makefile-az.mk            |  1 -
 go.mod                    |  1 +
 go.sum                    |  2 ++
 pkg/auth/autorest_auth.go | 13 ++++++++++++-
 skaffold.yaml             |  2 +-
 5 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/Makefile-az.mk b/Makefile-az.mk
index 4f75a0671..f3f84c6d6 100755
--- a/Makefile-az.mk
+++ b/Makefile-az.mk
@@ -70,7 +70,6 @@ az-patch-skaffold: 	## Update Azure client env vars and settings in skaffold con
 	$(eval SSH_PUBLIC_KEY=$(shell cat ~/.ssh/id_rsa.pub) azureuser)
 	yq -i '(.manifests.helm.releases[0].overrides.controller.env[] | select(.name=="ARM_SUBSCRIPTION_ID"))           .value = "$(AZURE_SUBSCRIPTION_ID)"'   skaffold.yaml
 	yq -i '(.manifests.helm.releases[0].overrides.controller.env[] | select(.name=="LOCATION"))                      .value = "$(AZURE_LOCATION)"'          skaffold.yaml
-	yq -i '(.manifests.helm.releases[0].overrides.controller.env[] | select(.name=="ARM_USER_ASSIGNED_IDENTITY_ID")) .value = "$(KARPENTER_USER_ASSIGNED_CLIENT_ID)"'         skaffold.yaml
 	yq -i '(.manifests.helm.releases[0].overrides.controller.env[] | select(.name=="AZURE_NODE_RESOURCE_GROUP"))     .value = "$(AZURE_RESOURCE_GROUP_MC)"' skaffold.yaml
 	yq -i  '.manifests.helm.releases[0].overrides.settings.azure.clusterName =                                                "$(AZURE_CLUSTER_NAME)"'      skaffold.yaml
 	yq -i  '.manifests.helm.releases[0].overrides.settings.azure.clusterEndpoint =                                            "$(CLUSTER_ENDPOINT)"'        skaffold.yaml
diff --git a/go.mod b/go.mod
index 1a2e57bc5..1d68aa1a7 100644
--- a/go.mod
+++ b/go.mod
@@ -92,6 +92,7 @@ require (
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 // indirect
 	github.com/hashicorp/golang-lru v1.0.2 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/jongio/azidext/go/azidext v0.5.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kelseyhightower/envconfig v1.4.0 // indirect
diff --git a/go.sum b/go.sum
index a4d781a82..874354921 100644
--- a/go.sum
+++ b/go.sum
@@ -283,6 +283,8 @@ github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
 github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/jongio/azidext/go/azidext v0.5.0 h1:uPInXD4NZ3J0k79FPwIA0YXknFn+WcqZqSgs3/jPgvQ=
+github.com/jongio/azidext/go/azidext v0.5.0/go.mod h1:TVRX/hJhzbsCKaOIzicH6a8IvOH0hpjWk/JwZZgtXeU=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
diff --git a/pkg/auth/autorest_auth.go b/pkg/auth/autorest_auth.go
index aa653b926..8554caaf4 100644
--- a/pkg/auth/autorest_auth.go
+++ b/pkg/auth/autorest_auth.go
@@ -23,10 +23,21 @@ import (
 	"github.com/Azure/go-autorest/autorest"
 	"github.com/Azure/go-autorest/autorest/adal"
 	"github.com/Azure/go-autorest/autorest/azure"
-	klog "k8s.io/klog/v2"
+	"k8s.io/klog/v2"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/jongio/azidext/go/azidext"
 )
 
 func NewAuthorizer(config *Config, env *azure.Environment) (autorest.Authorizer, error) {
+	if config.UseNewCredWorkflow {
+		cred, err := azidentity.NewDefaultAzureCredential(nil)
+		if err != nil {
+			return nil, fmt.Errorf("default cred: %w", err)
+		}
+		return azidext.NewTokenCredentialAdapter(cred, []string{azidext.DefaultManagementScope}), nil
+	}
+
 	token, err := newServicePrincipalTokenFromCredentials(config, env)
 	if err != nil {
 		return nil, fmt.Errorf("retrieve service principal token: %w", err)
diff --git a/skaffold.yaml b/skaffold.yaml
index 715c69256..b98930a94 100644
--- a/skaffold.yaml
+++ b/skaffold.yaml
@@ -52,7 +52,7 @@ manifests:
               - name: ARM_USE_NEW_CRED_WORKFLOW
                 value: "true"
               - name: ARM_USE_MANAGED_IDENTITY_EXTENSION
-                value: "true"
+                value: "false"
               - name: ARM_USER_ASSIGNED_IDENTITY_ID
                 value: ""
               - name: AZURE_NODE_RESOURCE_GROUP