Feature: Support for Entra Security Group

Azure / azure-service-operator

Azure Service Operator allows you to create Azure resources using kubectl

https://azure.github.io/azure-service-operator/

MIT License

714 stars 193 forks source link

Feature: Support for Entra Security Group #3459

Open slawekww opened 10 months ago

slawekww commented 10 months ago

Creation UserAssignedIdentity by ASO is already supported.

For many design/automation cases, Azure role could be assigned to specific Entra Security Group. In this scenario, ASO should allow to add created UserAssignedIdentity to Security Group.

slawekww commented 10 months ago

Lets take example of design where Azure role is assumed to Security group, not for one specific Service Principal/ UserAssignedIdentity. In this case, adding UserAssignedIdentity to Security Group could allow to keep design and have benefit of ASO to create UserAssignedIdentity/Federated Credentials and use Workload Identity feature. Good example is AKS cluster with Workload Identity feature with multi-tenant functionality.