in pkg/proxy/proxy.go [120:154]
func (p *proxy) msiHandler(w http.ResponseWriter, r *http.Request) {
p.logger.Info("received token request", "method", r.Method, "uri", r.RequestURI)
w.Header().Set("Server", userAgent)
clientID, resource := parseTokenRequest(r)
// if clientID not found in request, then we default to the AZURE_CLIENT_ID if present.
// This is to keep consistent with the current behavior in pod identity v1 where we
// default the client id to the one in AzureIdentity.
if clientID == "" {
p.logger.Info("client_id not found in request, defaulting to AZURE_CLIENT_ID", "method", r.Method, "uri", r.RequestURI)
clientID = os.Getenv(webhook.AzureClientIDEnvVar)
}
if clientID == "" {
http.Error(w, "The client_id parameter or AZURE_CLIENT_ID environment variable must be set", http.StatusBadRequest)
return
}
if resource == "" {
http.Error(w, "The resource parameter is required.", http.StatusBadRequest)
return
}
// get the token using the msal
token, err := doTokenRequest(r.Context(), clientID, resource, p.tenantID, p.authorityHost)
if err != nil {
p.logger.Error("failed to get token", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
p.logger.Info("successfully acquired token", "method", r.Method, "uri", r.RequestURI)
// write the token to the response
w.Header().Set("Content-Type", "application/json")
if err := json.NewEncoder(w).Encode(token); err != nil {
p.logger.Error("failed to encode token", err)
}
}