search

Azure / bicep-types-az

Bicep type definitions for ARM resources
MIT License
84 stars 27 forks source link

Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials #1860

Open flemminglundgls opened 12 months ago

flemminglundgls commented 12 months ago

Bicep version azure-cli version 2.48.1 bicep code in github workflow, results in the same "bug"

Describe the bug If i run my code, where i expect the result to be, Federated credential scenario : Kubernetes Accessing Azure Resources , then i get the Other scenario " Configure an identity managed by an external OpenID Connect Provider to access Azure resources as this application"

I happens both in bicep code, see snippet below resource privateFederation1 'Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials@2023-01-31' = { name: priv1.name parent: priv1 properties: { audiences: [ 'api://AzureADTokenExchange' ] issuer: aksPrivateOicd subject: 'system:serviceaccount:${namespaceInKubernetes}:${priv1.name}-serviceaccount' }

AND also when i try using az cli commands. Like this one below

az identity federated-credential create --name myFicName --identity-name myIdentityName --resource-group myResourceGroup --issuer myIssuer --subject mySubject --audiences myAudiences

Additional context If i re-run existing projects, with our generic code in order to re-federate credentials for existing managed identities, it keeps the right Federated Credential scenario, regarding Kubernetes Accessing Azure Resources, but all new federation get the Other result.

But mores to it, If i do a federation list from the one that is created to be Kubernetes but is results to be Other according to the azure portal.

az identity federated-credential show --name myFicName --identity-name myIdentityName --resource-group myResourceGroup

It will list the exact output from what i got after running the create command az identity federated-credential create --name myFicName --identity-name myIdentityName --resource-group myResourceGroup --issuer myIssuer --subject mySubject --audiences myAudiences

stephaniezyen commented 11 months ago

This appears to be an RP bug, not on the Bicep side. I will bring this to the Managed Identity team's attention, but if you would like to streamline this, please open a support ticket with the Managed Identity team.

microsoft-github-policy-service[bot] commented 11 months ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @varunkch. Please see https://aka.ms/biceptypesinfo for troubleshooting help.