Not clear exactly how to use System-Assigned Managed Identities or User-Assigned Managed Identities

[yangyang919]

What problem are you facing?

As described in this document: https://github.com/upbound/provider-azure/blob/main/AUTHENTICATION.md, right now Authentication with credentials are getting challenged by our Security guys. So we are turning to Managed Identities approach. But not sure exactly how it works or whether it's feasible, considering the scenario as follows:

1. crossplane is installed in k8s cluster (not AKS cluster)
2. create one User-assigned managed identities or System-assigned managed identities
3. configure this managed identity as ProviderConfig
4. Use this managed identity to provision Azure Storage Account and Storage Queue

The question is where to assign relevant roles/permissions to this manage identity considering Storage Account is not created yet. In Azure AD? Or can we integrate with our own OIDC provider?

How could Official Azure Provider help solve your problem?

Enhance the documents...

[github-actions]

This provider repo does not have enough maintainers to address every issue. Since there has been no activity in the last 90 days it is now marked as stale. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.

[github-actions]

This issue is being closed since there has been no activity for 14 days since marking it as stale. If you still need help, feel free to comment or reopen the issue!

[alexinthesky]

Hi, I believe the way to go if kubernetes is NOT in azure, is to use the ( you are correct here ) not documented
source: OIDCTokenFile
https://github.com/crossplane-contrib/provider-upjet-azure/blob/main/internal/clients/azure.go#L63