wip

DFE-Digital · Dec 19, 2024 · e862be9 · e862be9
1 parent 440927a
commit e862be9
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/aks/cluster_data/outputs.tf b/aks/cluster_data/outputs.tf
@@ -31,7 +31,13 @@ output "ingress_domain" {
 }
 
 output "kubelogin_args" {
-  value = local.spn_authentication ? local.kubelogin_args_map["spn"] : local.kubelogin_args_map["azurecli"]
+  value = (local.running_in_github_actions ? (
+    local.spn_secret_authentication ?
+    local.kubelogin_args_map["spn"] :
+    local.kubelogin_args_map["workloadidentity"]
+    ) :
+    local.kubelogin_args_map["azurecli"]
+  )
 }
 output "azure_RBAC_enabled" {
   value = local.azure_RBAC_enabled

diff --git a/aks/cluster_data/variables.tf b/aks/cluster_data/variables.tf
@@ -90,10 +90,18 @@ locals {
       "azurecli",
       "--server-id",
       "6dae42f8-4368-4678-94ff-3960e28e3630"
+    ],
+    workloadidentity = [
+      "get-token",
+      "--login",
+      "workloadidentity",
+      "--server-id",
+      "6dae42f8-4368-4678-94ff-3960e28e3630"
     ]
   }
 
   azure_RBAC_enabled = length(data.azurerm_kubernetes_cluster.main.azure_active_directory_role_based_access_control) > 0
 
-  spn_authentication = contains(keys(data.environment_variables.github_actions.items), "GITHUB_ACTIONS")
+  running_in_github_actions = contains(keys(data.environment_variables.github_actions.items), "GITHUB_ACTIONS")
+  spn_secret_authentication = contains(keys(data.environment_variables.github_actions.items), "AAD_SERVICE_PRINCIPAL_CLIENT_SECRET")
 }