No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi everyone!  I would like to have users make clusters that contain federated ident credentials.  However, these users don’t have Application.ReadWrite.all (or equiv) rights in Azure (creation of fed creds on an app rego or user assigned ID requires this).  Is it possible to use delegated rights in Azure to make this happen?  I’ve never done this so I’m looking for some documentation on how I might apply it - in the end I’m interesting in the Azure API rights being restricted to either a resource group or another resource, probably via an SPN.  Thank you!