From 9087760db005abfd9b3e07319846232214d8dae2 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Fri, 16 Jun 2023 16:03:11 +0200
Subject: [PATCH 15/46] azure_fence: use correct credential_scope and profile
 for stack hub

---
 lib/azure_fence.py.py | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/lib/azure_fence.py.py b/lib/azure_fence.py.py
index 6f1eee5b..ab40b483 100644
--- a/lib/azure_fence.py.py
+++ b/lib/azure_fence.py.py
@@ -353,11 +353,19 @@ def get_azure_compute_client(config):
                 fail_usage("metadata-endpoint not specified")
 
         try:
+            from azure.profiles import KnownProfiles
+            if (config.Cloud.lower() == "stack"):
+                client_profile = KnownProfiles.v2020_09_01_hybrid
+                credential_scope = cloud_environment.endpoints.active_directory_resource_id + "/.default"
+            else:
+                client_profile = KnownProfiles.default
+                credential_scope = cloud_environment.endpoints.resource_manager + "/.default"
             compute_client = ComputeManagementClient(
                 credentials,
                 config.SubscriptionId,
                 base_url=cloud_environment.endpoints.resource_manager,
-                credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"]
+                profile=client_profile,
+                credential_scopes=[credential_scope],
             )
         except TypeError:
             compute_client = ComputeManagementClient(
@@ -383,11 +391,19 @@ def get_azure_network_client(config):
                 fail_usage("metadata-endpoint not specified")
 
         try:
+            from azure.profiles import KnownProfiles
+            if (config.Cloud.lower() == "stack"):
+                client_profile = KnownProfiles.v2020_09_01_hybrid
+                credential_scope = cloud_environment.endpoints.active_directory_resource_id + "/.default"
+            else:
+                client_profile = KnownProfiles.default
+                credential_scope = cloud_environment.endpoints.resource_manager + "/.default"
             network_client = NetworkManagementClient(
                 credentials,
                 config.SubscriptionId,
                 base_url=cloud_environment.endpoints.resource_manager,
-                credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"]
+                profile=client_profile,
+                credential_scopes=[credential_scope],
             )
         except TypeError:
             network_client = NetworkManagementClient(
-- 
2.25.1