<@U038021B1CJ> I saw you were writing about OIDC a...
# azure
@melodic-tomato-39005 I saw you were writing about OIDC authentication for pulumi and I have specific questions related to that. I've followed this tutorial to setup workload identity on GKE to communicate with Azure, and it is working well, I see the following vairables automatically propagated inside my pods on GKE cluster:
Copy code
But these are different from Pulumi required vairable, I was testing something like this:
Copy code
- name: ARM_USE_OIDC
    value: "true"
  - name: ARM_CLIENT_ID
    value: XXXXXXX
  - name: ARM_TENANT_ID
    value: XXXXXXXX
  - name: ARM_OIDC_TOKEN # this is wrong as pulumi expects an actual token, not a path to a token
    value: /var/run/secrets/azure/tokens/azure-identity-token
Are there some option to integrate workload identity as is, without mapping
variables to
variables? I was expecting pulumi to handle this natively as Azure clients do
hehe, was OIDC support added just 5 days ago? if that's the case, I can understand not all use-cases are covered yet
Hi Maksym, we don’t support the
variables currently and they weren’t on our radar. Terraform, for instance, doesn’t seem to support them either? However, feel free to file an issue about it.
Created an issue, thanks Thomas. I may be wrong, but I think implementing that change will make the authentication process better overall.