Closed baoj-dfo closed 3 weeks ago
shibayan
commented
2 months ago For applications that require completely independent permissions, such as Acmebot, there doesn't seem to be any benefit to sharing permissions using User Assigned Managed Identity.
If you have a more specific use case, please let us know. We will consider it based on the details.
baoj-dfo
commented
2 months ago keyvault-acmebot currently run with system managed identity in app service to access DNS or keyvault. I see code "Startup.cs": return new DefaultAzureCredential(new DefaultAzureCredentialOptions { AuthorityHost = environment.AuthorityHost }); It would be nice if it allow app service to bind with "User Assigned Managed Identity" as well.
shibayan
commented
2 months ago Unless you can tell us how it would be useful and what System Assigned Managed Identity lacks, we cannot consider it.
In my opinion, System Assigned Managed Identity is the best choice because I believe Acmebot should assign unique permissions.
Is your feature request related to a problem? Please describe. Current solution only support "system managed identity", but not support "user managed identity"
Describe the solution you'd like We expect it support "user managed identity"
Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.
Additional context "user managed identity" will be more flexible on the RBAC config of Azure DNS or Keyvault.