As a requirement of the migration of Azure tests to the new Azure-sponsored community prow infra environment, we won't be able to leverage secrets (e.g., passwords) during CI runs.
azuredisk-csi-driver seems to use service principal + secrets for all of its E2E scenarios:
In order to continue running E2E tests after the community infra migration (deadline is 1 August) we'll need to update the test implementation to use workload identity instead of service principal secrets.
Here are the relevant large CAPZ PRs that did this work in CAPZ:
As a requirement of the migration of Azure tests to the new Azure-sponsored community prow infra environment, we won't be able to leverage secrets (e.g., passwords) during CI runs.
azuredisk-csi-driver seems to use service principal + secrets for all of its E2E scenarios:
Documentation suggests that the project has first class support for workload identity:
In order to continue running E2E tests after the community infra migration (deadline is 1 August) we'll need to update the test implementation to use workload identity instead of service principal secrets.
Here are the relevant large CAPZ PRs that did this work in CAPZ:
This is the new environment variable configuration that we expect to ship to prow jobs as part of the conversion:
Note that the
AZURE_CLIENT_ID
reference above is the user-assigned ID.