Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Work Type:
Strategic Product Work
Story Points:
5
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
Support for Azure Managed Identities for new OpenShift deployments
Feature Link:
OCPSTRAT-506 - ARO Managed Identity

Sprint:
Sprint 235, Sprint 237, Sprint 236, Sprint 238

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

User Story:

As a cluster admin I want to be able to:

use the managed identity from the installer host VM (running in Azure)

so that I can

install a cluster without copying credentials to the installer host

Acceptance Criteria:

Description of criteria:

Installer (azure sdk) & terraform authenticate using identity from host VM (not client secret in file ~/.azure/servicePrincipal.json)
Cluster credential is handled appropriately (presumably we force manual mode)

Engineering Details:

Azure session: https://github.com/openshift/installer/blob/master/pkg/asset/installconfig/azure/session.go#L67-L75
New `azidentity` supports managed identities: https://github.com/Azure/azure-sdk-for-go/blob/main/sdk/azidentity/MIGRATION.md#azidentity-3
Creating a Managed Identity: https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-cli-windows-vm

is blocked by

CORS-1981 Azure: use azidentity for auth and V2 clients (where possible)

Closed

links to

openshift/installer#7108: CORS-2372: Azure: auth Installer with Managed Identity from VM

Assignee:: Rafael Fonseca dos Santos

Reporter:: Patrick Dillon

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2022/10/25 5:00 PM

Updated:: 2024/09/04 7:57 PM

Resolved:: 2023/07/10 5:25 PM