provisioner-azure: Don't expose empty env vars

If a certain property is not defined then don't expose it as empty inside the CAA pod. Fixes confidential-containers#974 Signed-off-by: Suraj Deshmukh <suraj.deshmukh@microsoft.com>
surajssd · Jul 18, 2023 · e7430ab · e7430ab
1 parent bdf23ba
commit e7430ab
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/test/provisioner/provision_azure.go b/test/provisioner/provision_azure.go
@@ -379,12 +379,10 @@ func (p *AzureCloudProvisioner) DeleteCluster(ctx context.Context, cfg *envconf.
 }
 
 func (p *AzureCloudProvisioner) GetProperties(ctx context.Context, cfg *envconf.Config) map[string]string {
-	return map[string]string{
+	props := map[string]string{
 		"CLOUD_PROVIDER":        "azure",
 		"AZURE_SUBSCRIPTION_ID": AzureProps.SubscriptionID,
 		"AZURE_CLIENT_ID":       AzureProps.ClientID,
-		"AZURE_CLIENT_SECRET":   AzureProps.ClientSecret,
-		"AZURE_TENANT_ID":       AzureProps.TenantID,
 		"AZURE_RESOURCE_GROUP":  AzureProps.ResourceGroupName,
 		"CLUSTER_NAME":          AzureProps.ClusterName,
 		"AZURE_REGION":          AzureProps.Location,
@@ -394,6 +392,16 @@ func (p *AzureCloudProvisioner) GetProperties(ctx context.Context, cfg *envconf.
 		"AZURE_SUBNET_ID":       AzureProps.SubnetID,
 		"AZURE_INSTANCE_SIZE":   AzureProps.InstanceSize,
 	}
+
+	if AzureProps.ClientSecret != "" {
+		props["AZURE_CLIENT_SECRET"] = AzureProps.ClientSecret
+	}
+
+	if AzureProps.TenantID != "" {
+		props["AZURE_TENANT_ID"] = AzureProps.TenantID
+	}
+
+	return props
 }
 
 func (p *AzureCloudProvisioner) UploadPodvm(imagePath string, ctx context.Context, cfg *envconf.Config) error {