From 204db4d0444b2d1d3929774b5ac11b71893d3fb6 Mon Sep 17 00:00:00 2001
From: Aaron D <moeknows@gmail.com>
Date: Tue, 23 Apr 2019 23:13:09 -0700
Subject: [PATCH] Adding support for Azure MSI user-assigned identity (#54884)

If more than one user-assigned identity is assigned to a host, then an identifier is required to specify which credentials are retrieved.  This change uses the existing support for client_id to retrieve the user-assigned identity by client_id.
---
 lib/ansible/module_utils/azure_rm_common.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/ansible/module_utils/azure_rm_common.py b/lib/ansible/module_utils/azure_rm_common.py
index 0115e31c699..a25fa12cdd3 100644
--- a/lib/ansible/module_utils/azure_rm_common.py
+++ b/lib/ansible/module_utils/azure_rm_common.py
@@ -1149,8 +1149,9 @@ class AzureRMAuth(object):
 
         return None
 
-    def _get_msi_credentials(self, subscription_id_param=None):
-        credentials = MSIAuthentication()
+    def _get_msi_credentials(self, subscription_id_param=None, **kwargs):
+        client_id = kwargs.get('client_id', None)
+        credentials = MSIAuthentication(client_id=client_id)
         subscription_id = subscription_id_param or os.environ.get(AZURE_CREDENTIAL_ENV_MAPPING['subscription_id'], None)
         if not subscription_id:
             try:
@@ -1206,7 +1207,7 @@ class AzureRMAuth(object):
 
         if auth_source == 'msi':
             self.log('Retrieving credenitals from MSI')
-            return self._get_msi_credentials(arg_credentials['subscription_id'])
+            return self._get_msi_credentials(arg_credentials['subscription_id'], client_id=params.get('client_id', None))
 
         if auth_source == 'cli':
             if not HAS_AZURE_CLI_CORE: