sbebrys
commented
1 year ago It looks as solved in 1.7.2 by #1564, @akshaysngupta is it?
Closed sbebrys closed 1 year ago
akshaysngupta
commented
1 year ago Yes, this was fixed in 1.7.2
Authorization via WorkloadIdentity not works in China.
I set all options correctly (cloud region, tenant and subscription) but I got error during authorization:
Error details: error invalid_resource error_description: AADSTS500011: The resource principal named https://management.azure.com was not found in the tenant named ...It came from hardcoded scope as global resource URI: https://github.com/Azure/application-gateway-kubernetes-ingress/blob/732d8ae7adf0334f03029a3feb04b06fad158ce6/pkg/azure/defaultazurecredential/authorizer.go#L42
I reproduced that also locally via raw AzureIdentity and it looks that scope should be for China:
https://management.chinacloudapi.cn/.default