Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Managed Identity in prod and staging Azure subscription to be used by github actions #821

Closed
6 tasks
arealmaas opened this issue Jul 4, 2024 · 0 comments
Closed
6 tasks

Add Managed Identity in prod and staging Azure subscription to be used by github actions #821

arealmaas opened this issue Jul 4, 2024 · 0 comments
Assignees
@andreasisnes @bengtfredh
Labels
area/product-infra Issues related to infrastructure for product/teams (Espen,Simon,Andreas) kind/user-story Used for issues that describes functionality for our users.

Comments

@arealmaas
Copy link

Description

In order to set up our staging and production environments, we need a Managed Identity that we can use in our github actions. All our Azure resources are created in Github Actions.

We want to use OIDC in order to authenticate the Managed Identity. https://github.com/azure/login/tree/v1/?tab=readme-ov-file#login-with-openid-connect-oidc-recommended

In order to do so we either need access to create user assigned managed identities in our subscriptions, or would need to have these set up by Platform. If we go for the latter, I added a detailed description of how to do this below.

Additional Information

For production:

  1. Create the user-assigned managed identity: with the name: dialogporten-github-actions

  2. Configure a federated identity credential on a user-assigned managed identity

Name: Production
Entity type: Tag: v*.*.*

Provide us with the managed identity Client ID and Tenant ID.

For staging:

  1. Create the user-assigned managed identity: with the name: dialogporten-github-actions

  2. Configure a federated identity credential on a user-assigned managed identity

Name: Staging
Entity type: Tag: v*.*.*
Entity type: Branch: main

Provide us with the managed identity Client ID and Tenant ID.

Tasks

  • Create the user-assigned managed identity for production
  • Configure a federated identity credential on the identity for production
  • Provide Dialogporten with Client ID and Tenant ID for production
  • Create the user-assigned managed identity for staging
  • Configure a federated identity credential on the identity for staging
  • Provide Dialogporten with Client ID and Tenant ID for staging

Acceptance Criterias

As the Dialogporten team, we would like to have access to or for the platform team to create a managed identity, so we can deploy resources in the new staging and production environments
@arealmaas arealmaas added kind/user-story Used for issues that describes functionality for our users. status/draft Status: When you create an issue before you have enough info to properly describe the issue. labels Jul 4, 2024
This was referenced Jul 4, 2024
Closed
Closed
Closed
@bengtfredh bengtfredh added area/service-owner-infra Issues related service owner infra/subscriptions (Bengt,Espen,Sebastian) area/product-infra Issues related to infrastructure for product/teams (Espen,Simon,Andreas) and removed status/draft Status: When you create an issue before you have enough info to properly describe the issue. area/service-owner-infra Issues related service owner infra/subscriptions (Bengt,Espen,Sebastian) labels Jul 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andreasisnes andreasisnes

@bengtfredh bengtfredh

Labels
area/product-infra Issues related to infrastructure for product/teams (Espen,Simon,Andreas) kind/user-story Used for issues that describes functionality for our users.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@arealmaas @andreasisnes @bengtfredh