Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support of workload identity based authorization #293

Open
KernelPryanic opened this issue Jan 26, 2023 · 5 comments
Open

Add support of workload identity based authorization #293

KernelPryanic opened this issue Jan 26, 2023 · 5 comments
Assignees
@YanaXu
Labels
idle Inactive for 14 days product enhancement New feature or request

Comments

@KernelPryanic
Copy link

KernelPryanic commented Jan 26, 2023
edited

Hello! We're using self-hosted GitHub runners and it would be really nice to have OIDC utilizing the configured workload identity on the runner pod.
@KernelPryanic KernelPryanic added the need-to-triage Requires investigation label Jan 26, 2023
@KernelPryanic KernelPryanic changed the title Add support of workload identity based autorization Add support of workload identity based authorization Jan 26, 2023
@BALAGA-GAYATRI BALAGA-GAYATRI added product enhancement New feature or request and removed need-to-triage Requires investigation labels Feb 1, 2023
@github-actions
Copy link

This issue is idle because it has been open for 14 days with no activity.

@github-actions github-actions bot added the idle Inactive for 14 days label Feb 15, 2023
@YanaXu YanaXu self-assigned this May 31, 2023
@YanaXu
Copy link
Collaborator

YanaXu commented May 31, 2023

Hi @KernelPryanic ,

We don't have a plan to support AKS pod-identity or workload-identity right now. Could you share more details about your workflow settings with us, to help us understand your situation better? E.g., the reason to choose AKS instead of normal VMs, how you use AKS to run GitHub Aciton in your daily work, etc.
Thanks.

@BenjaminHerbert
Copy link

Currently, azure-cli does not seem to support it directly: Azure/azure-cli#26858

They mention a workaround:

az login --federated-token "$(cat $AZURE_FEDERATED_TOKEN_FILE)" --service-principal -u $AZURE_CLIENT_ID -t $AZURE_TENANT_ID

@YanaXu
Copy link
Collaborator

YanaXu commented Jul 18, 2023

@BenjaminHerbert Thanks. Yes, you're right. It's not supported yet.

@Veljen
Copy link

Veljen commented Mar 11, 2024

how to get this azure_federate_token_file for the shell script task in the azure devops? i need to get this value using the federated service conection details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@YanaXu YanaXu

Labels
idle Inactive for 14 days product enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@BenjaminHerbert @KernelPryanic @YanaXu @BALAGA-GAYATRI @Veljen