(SURE-2565) Support for managed identity in AKS

[kkaempf]

See also rancher/rancher#27559

We got an issue when using Rancher to provision Windows nodes using Managed identities for Azure resources (formerly known as Managed Service Identity - MSI).

Rancher provisioning script only handles cases where we authenticate using service principal and will not work properly with managed identity.

Relevant code: https://github.com/rancher/rke-tools/blob/a23ff70c7a1ae0b8ec5c91bc56d51b0ad9f541ad/windows/cloud-provider.psm1#L70

Currently, we have to patch the file in runtime to use az login --identity instead of az login --service-principal

Steps to reproduce (least amount of steps as possible):

Create an AKS cluster without specifying any Service Principal

Result:

An AKS cluster is created using the --enable-managed-identity flag.

Other details that may be helpful:

The feature is stable in AKS: https://docs.microsoft.com/en-us/azure/aks/use-managed-identity

Environment information

Rancher version (rancher/rancher/rancher/server image tag or shown bottom left in the UI): 2.4.4
Installation option (single install/HA): single container

The UI presents mandatory fields to enter the SP for AKS; I propose to add a ratio button where the user can select to create a MI instead.

[cpinjani]

Validated on build: v2.8-7113f094007e3105a906b414fe18ee370c77bb5e-head

As stated in issue description and reported version v2.4 - "The UI presents mandatory fields to enter the SP for AKS; I propose to add a ratio button where the user can select to create a MI instead."

Rancher v2.4:

However, we still use service principal for AKS clusters (not managed identity)
prerequisites-in-microsoft-azure

@kkaempf @davidstauffer Please review this, as support for it is not added yet.

[cpinjani]

Moving to Backlog, cc: @mjura