Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AKS Learn feedback: missing audience in federated id #123594

Closed
provMichaelGugino opened this issue Jul 1, 2024 · 3 comments
Closed

AKS Learn feedback: missing audience in federated id #123594

provMichaelGugino opened this issue Jul 1, 2024 · 3 comments
Assignees
@Nickomang
Labels
aks-security/subsvc assigned-to-author azure-kubernetes-service/svc doc-bug Pri3 triaged

Comments

@provMichaelGugino
Copy link

provMichaelGugino commented Jul 1, 2024
edited by TPavanBalaji
Loading

Type of issue

Missing information

Feedback

Code block:

export FEDERATED_IDENTITY_NAME="aksfederatedidentity" # can be changed as needed

az identity federated-credential create --name $FEDERATED_IDENTITY_NAME --identity-name $UAMI --resource-group $RESOURCE_GROUP --issuer ${AKS_OIDC_ISSUER} --subject system:serviceaccount:${SERVICE_ACCOUNT_NAMESPACE}:${SERVICE_ACCOUNT_NAME}

Should include audiences flag. While an optional parameter, it's not really optional. It should be set to "api://AzureADTokenExchange"

Page URL

https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-identity-access

Content source URL

https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/aks/csi-secrets-store-identity-access.md

Author

@Nickomang

Document Id

f553a5a4-a20f-8efd-3712-e64112c35676

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
@TPavanBalaji
Copy link
Contributor

@provMichaelGugino
Thanks for your feedback! We will investigate and update as appropriate.

@ManoharLakkoju-MSFT
Copy link
Contributor

@provMichaelGugino
Thank you for bringing this to our attention.
I've delegated this to content author @Nickomang, who will review it and offer their insightful opinions.

@rayoef
Copy link
Contributor

rayoef commented Jul 26, 2024

Thank you for your dedication to our documentation. Unfortunately, at this time we have been unable to review your issue in a timely manner, and we sincerely apologize for the delayed response. The requested updates have not been made since the creation of this issue, and the timeline for resolution may vary based on resourcing, so we've created an internal work item to incorporate your suggestions. We are closing this issue for now, but feel free to comment here as necessary.

#please-close

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Nickomang Nickomang

Labels
aks-security/subsvc assigned-to-author azure-kubernetes-service/svc doc-bug Pri3 triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Nickomang @rayoef @ManoharLakkoju-MSFT @provMichaelGugino @TPavanBalaji