Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-3157

Azure Workload Identity Federation

    XMLWordPrintable

Details

    • False
    • None
    • False
    • Not Selected
    • 0
    • 0% 0%

    Description

      1. Proposed title of this feature request

      Support for Azure Workload Identity Federation

      2. What is the nature and description of the request?

      In OpenShift Container Platform 4.11 we already provide workload identity federation functionality for GCP and AWS:

      This request is for supporting workload identity federation also for Azure. The use case for the customer is to allow Pods in OpenShift Container Platform running on Azure to get tokens to access external Azure resources. There is already work planned in the following JIRA:

      3. Why does the customer need this? (List the business requirements here)

      Long-lived tokens present a security risk and it is best practice to use short-lived tokens to access external services. Customer would like to increase the security of his container platform.

      4. List any affected packages or components.

      Cloud Credentials Operator

      Attachments

        Issue Links

          account is impacted by

          Feature Request - Feature requests from customers and/or users RFE-2784 Allow the definition of jwks_uri using Authentication Operator

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Rejected
          impacts account

          Feature Request - Feature requests from customers and/or users RFE-2784 Allow the definition of jwks_uri using Authentication Operator

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Rejected

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-979 Bring Your Own OIDC keys feature is not documented

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • ASSIGNED
          relates to

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-506 ARO Managed Identity

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-513 Azure managed identity with Azure AD workload identity for self-managed OpenShift

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-909 ARO Managed Identity Phase II

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              julim Ju Lim
              rhn-support-skrenger Simon Krenger
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: