ensure the case folding of cluster MSI resourceID

pkg/cluster/deploybaseresources.go

@@ -197,6 +197,8 @@ func (m *manager) deployBaseResourceTemplate(ctx context.Context) error {
 		m.storageAccount(m.doc.OpenShiftCluster.Properties.ImageRegistryStorageAccountName, azureRegion, ocpSubnets, true),
 		m.storageAccountBlobContainer(m.doc.OpenShiftCluster.Properties.ImageRegistryStorageAccountName, "image-registry"),
 		m.clusterNSG(infraID, azureRegion),
+		m.networkPrivateLinkService(azureRegion),
+		m.networkInternalLoadBalancer(azureRegion),
 	}
 
 	if m.doc.OpenShiftCluster.UsesWorkloadIdentity() {
@@ -210,12 +212,6 @@ func (m *manager) deployBaseResourceTemplate(ctx context.Context) error {
 		resources = append(resources, m.clusterServicePrincipalRBAC())
 	}
 
-	resources = append(
-		resources,
-		m.networkPrivateLinkService(azureRegion),
-		m.networkInternalLoadBalancer(azureRegion),
-	)
-
 	// Create a public load balancer routing if needed
 	if m.doc.OpenShiftCluster.Properties.NetworkProfile.OutboundType == api.OutboundTypeLoadbalancer {
 		m.newPublicLoadBalancer(ctx, &resources)

pkg/cluster/deploybaseresources_additional.go

@@ -101,7 +101,16 @@ func (m *manager) ensureWorkloadIdentityRBAC() ([]*arm.Resource, error) {
 	if err != nil {
 		return nil, err
 	}
-	clusterMSI := m.doc.OpenShiftCluster.Identity.UserAssignedIdentities[clusterMSIResourceId.String()]
+
+	var clusterMSI api.ClusterUserAssignedIdentity
+	// we iterate through the existing identities to find the identity matching
+	// the expected resourceID with casefolding
+	for k, _ := range m.doc.OpenShiftCluster.Identity.UserAssignedIdentities {
+		if strings.EqualFold(k, clusterMSIResourceId.String()) {
+			clusterMSI = m.doc.OpenShiftCluster.Identity.UserAssignedIdentities[k]
+		}
+	}
+
 	if strings.TrimSpace(clusterMSI.PrincipalID) == "" {
 		return nil, fmt.Errorf("cluster MSI principal ID '%s' is invalid for clusterMSIResourceId %s", clusterMSI.PrincipalID, clusterMSIResourceId.String())
 	}