Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Managed identity support #1942

Merged
merged 1 commit into from
Nov 1, 2021
Merged

Managed identity support #1942

merged 1 commit into from
Nov 1, 2021

Conversation

matthchr
Copy link
Member

@matthchr matthchr commented Nov 1, 2021

Closes #1869
Closes #1854

What this PR does / why we need it:
Adds Managed Identity support and documents how to use it. Testing is still an outstanding issue which we need to solve.
See #1941. I will be following up with a separate PR for this.

If applicable:

  • this PR contains documentation
  • this PR contains tests

@matthchr matthchr added this to the codegen-alpha-3 milestone Nov 1, 2021
theunrepentantgeek
theunrepentantgeek approved these changes Nov 1, 2021
View reviewed changes
Copy link
Member

@theunrepentantgeek theunrepentantgeek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor comments, but nothing substantial - great stuff.

Taskfile.yml Outdated Show resolved Hide resolved
docs/hugo/content/docs/authentication.md Outdated
Comment on lines 13 to 15
To use Service Principal authentication, specify an `aso-controller-settings` secret with `AZURE_CLIENT_SECRET` set.
`AZURE_CLIENT_ID` must be set to the Service Principal client ID.
`AZURE_CLIENT_SECRET` must be set to the Service Principal client secret.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
To use Service Principal authentication, specify an `aso-controller-settings` secret with `AZURE_CLIENT_SECRET` set.
`AZURE_CLIENT_ID` must be set to the Service Principal client ID.
`AZURE_CLIENT_SECRET` must be set to the Service Principal client secret.
To use Service Principal authentication, specify an `aso-controller-settings` secret with `AZURE_CLIENT_ID` and `AZURE_CLIENT_SECRET` set.
* `AZURE_CLIENT_ID` must be set to the Service Principal client ID.
* `AZURE_CLIENT_SECRET` must be set to the Service Principal client secret.

Maybe give an example of each, so that people can recognize when they've found the right value to include?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Giving an example here is a bit awkward because both fields are pretty inscrutable (CLIENT_ID is a GUID and the password is some black-box base64'ed string that Azure gives to them when they create the SP). What I've done is call out that client ID is a GUID and also link to the documentation in the Azure CLI that shows how to create an SP (which will return these values).

docs/hugo/content/docs/authentication.md Outdated Show resolved Hide resolved
@matthchr matthchr merged commit 8a0a46c into Azure:main Nov 1, 2021
@matthchr matthchr deleted the feature/managed-identity branch November 1, 2021 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@theunrepentantgeek theunrepentantgeek theunrepentantgeek approved these changes

@babbageclunk babbageclunk Awaiting requested review from babbageclunk babbageclunk is a code owner

@davefellows davefellows Awaiting requested review from davefellows davefellows is a code owner

@Porges Porges Awaiting requested review from Porges

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
codegen-alpha-3
Development

Successfully merging this pull request may close these issues.

Feature: Support managed identity in ASO v2 Ensure that AAD Pod Identity integration in ASOv2 works well
2 participants
@matthchr @theunrepentantgeek