-
Notifications
You must be signed in to change notification settings - Fork 189
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature] Upgrade Azure SDK for GO, support Azure Workload Identity #421
Comments
We too have this problem. We want o have workload identity on the plugin sidecar container and we couldn't do it. I think the Looking forward to seeing this integrated into the plugin! |
+1 |
+1 |
Should work without any code change when azure-identity library will be updated to 1.9.2 Then => Use existing type: On the service account argocd-repo-server, add the azure application client id
On the deployment argocd-repo-server, add the pod label
Then follow variables should be automatically injected on the argocd-repo-server pod AZURE_CLIENT_ID=... |
Sorry that was wrong .... Actually argocd-vault-plugin use the mod autorest/azure/auth that is out of support by March 31, 2023 ... This mod should be replaced by https://github.com/Azure/azure-sdk-for-go/tree/sdk/security/keyvault/azkeys/v1.0.1/sdk/security/keyvault/azkeys/ And use the function NewDefaultAzureCredential that support Azure Workload Identity |
Signed-off-by: Yves Galante <yves.galante@zelros.com>
Signed-off-by: Yves Galante <yves.galante@zelros.com>
Signed-off-by: Yves Galante <yves.galante@zelros.com>
Signed-off-by: Yves Galante <yves.galante@zelros.com>
Signed-off-by: Yves Galante <yves.galante@zelros.com>
Signed-off-by: Yves Galante <yves.galante@zelros.com>
Signed-off-by: Yves Galante <yves.galante@zelros.com>
Signed-off-by: Yves Galante <yves.galante@zelros.com>
Signed-off-by: Yves Galante <yves.galante@zelros.com>
Signed-off-by: Yves Galante <yves.galante@zelros.com>
Signed-off-by: Yves Galante <yves.galante@zelros.com>
Signed-off-by: Yves Galante <yves.galante@zelros.com>
Signed-off-by: Yves Galante <yves.galante@zelros.com>
Signed-off-by: Yves Galante <yves.galante@zelros.com>
Is your feature request related to a problem? Please describe.
Request to update the Azure SDK for Go version to v7.0. This will require a change in how the SDK is used.
My underlying request: Microsoft has a new option to authenticate with Azure resources. https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview To use the new authentication method, the Azure SDK For Go should be updated. Example implementation is here: https://github.com/Azure/azure-workload-identity/tree/main/examples/msal-go
(By implementing this, one would not need to store a client secret, token, or username/password in the cluster to authenticate with the vault resource. Which would be awesome.)
Describe the solution you'd like
Ways this could be implemented:
Describe alternatives you've considered
No alternates yet, although I do hope to clone the repo and implement soon.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: