feat: use cluster identity for using azcopy in volume cloning

[umagnus]

What type of PR is this?

/kind feature

What this PR does / why we need it:

azcopy already supports managed identity in a different way: Authorize access to blobs with AzCopy & Microsoft Entra ID | Microsoft Learn, and it supports file in the latest version.
if user only provides storage account key, then we should use sas token; otherwise we should leverage aks cluster identity(managed identity or spn) for volume cloning which is better way.
Which issue(s) this PR fixes:

Fixes #

Requirements:

• uses conventional commit messages
• includes documentation
• adds unit tests
• tested upgrade from previous version

Special notes for your reviewer:

Release note:

none

[k8s-ci-robot]

Hi @umagnus. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[andyzhangx]

/ok-to-test

[andyzhangx]

TestAuthorizeAzcopyWithIdentity

[umagnus]

done

[andyzhangx]

you could leverage getSASToken func to get sas token? thus don't need to duplicate code

[umagnus]

done, give a useSasToken parameter to get sas token

[andyzhangx]

remove this since it's already using sastoken

[umagnus]

done

[andyzhangx]

if len(accountSASToken) > 0 && strings.Contains(string(out), authorizationPermissionMismatch) {

[umagnus]

I think it should be accountSASToken =="" which means we use identity and get permission mismatch

[andyzhangx]

this is a loop, don't change srcPath, dstPath, otherwise this append may happen multiple times

[umagnus]

done

[andyzhangx]

pls also follow this PR to refine getSASToken func:

kubernetes-sigs/blob-csi-driver#1207

[umagnus]

/retest

[umagnus]

/retest

[umagnus]

/retest

[andyzhangx]

neither the service principal nor the managed identity has been set

[umagnus]

done

[andyzhangx]

if !useSasToken && len(secrets) == 0 && len(secretName) == 0

[umagnus]

done

[andyzhangx]

it's better set a defaultAzcopyMountOption var to replace "--recursive", "--check-length=false"

[umagnus]

done

[andyzhangx]

it's better set a defaultAzcopyMountOption var to replace "--recursive", "--check-length=false"

[umagnus]

done

[umagnus]

/retest

[andyzhangx]

can you squash all commits? thanks.

[umagnus]

/retest

[andyzhangx]

/retest

[andyzhangx]

/retest

[andyzhangx]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andyzhangx, umagnus

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [andyzhangx]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[andyzhangx]

/retest

[andyzhangx]

/cherrypick release-1.29

[k8s-infra-cherrypick-robot]

@andyzhangx: new pull request created: #1657

In response to this:

/cherrypick release-1.29

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[andyzhangx]

/cherrypick release-1.28

[k8s-infra-cherrypick-robot]

@andyzhangx: #1654 failed to apply on top of branch "release-1.28":

Applying: use cluster identity for azcopy
error: mode change for hack/update-mock.sh, which is not in current HEAD
error: could not build fake ancestor
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 use cluster identity for azcopy
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherrypick release-1.28

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[andyzhangx]

/cherrypick release-1.29

[k8s-infra-cherrypick-robot]

@andyzhangx: #1654 failed to apply on top of branch "release-1.29":

Applying: use cluster identity for azcopy
Using index info to reconstruct a base tree...
M	pkg/azurefile/azurefile.go
M	pkg/azurefile/controllerserver.go
M	pkg/azurefile/controllerserver_test.go
M	pkg/util/util_mock.go
M	pkg/util/util_test.go
Falling back to patching base and 3-way merge...
Auto-merging pkg/util/util_test.go
Auto-merging pkg/util/util_mock.go
Auto-merging pkg/azurefile/controllerserver_test.go
Auto-merging pkg/azurefile/controllerserver.go
Auto-merging pkg/azurefile/azurefile.go
CONFLICT (content): Merge conflict in pkg/azurefile/azurefile.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 use cluster identity for azcopy
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherrypick release-1.29

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.