You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 13, 2024. It is now read-only.
When we want to run ADO runners on Hosted Agents (thus inside Azure and with Sys/User Managed Identities) and trying out the az capi extension, it seems there is only support for SP (alrways looking for AZURE CLIENT ID and Secret).
However, in the CAPV Crd there is support for ManagedIdentities (MSI) so we know it can be done via CAPV and clusterctl.
Would it be possible to pass the --identity or other flag so that if the az capi command is execute on a machine with a System or User Assigned ID, it can work with just the CLIENT_ID (and thus no SP Key is exposed ? - Service Princpals are getting harder and harder to come by in big orgs.)
Cheers!
The text was updated successfully, but these errors were encountered:
Hello
When we want to run ADO runners on Hosted Agents (thus inside Azure and with Sys/User Managed Identities) and trying out the az capi extension, it seems there is only support for SP (alrways looking for AZURE CLIENT ID and Secret).
However, in the CAPV Crd there is support for ManagedIdentities (MSI) so we know it can be done via CAPV and clusterctl.
Would it be possible to pass the --identity or other flag so that if the az capi command is execute on a machine with a System or User Assigned ID, it can work with just the CLIENT_ID (and thus no SP Key is exposed ? - Service Princpals are getting harder and harder to come by in big orgs.)
Cheers!
The text was updated successfully, but these errors were encountered: