From e862be972b6c0b5326734ace712bac1dbf6e808e Mon Sep 17 00:00:00 2001 From: Colin Saliceti Date: Thu, 19 Dec 2024 12:17:59 +0000 Subject: [PATCH] wip --- aks/cluster_data/outputs.tf | 8 +++++++- aks/cluster_data/variables.tf | 10 +++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/aks/cluster_data/outputs.tf b/aks/cluster_data/outputs.tf index 82b8892..8f6a4e8 100644 --- a/aks/cluster_data/outputs.tf +++ b/aks/cluster_data/outputs.tf @@ -31,7 +31,13 @@ output "ingress_domain" { } output "kubelogin_args" { - value = local.spn_authentication ? local.kubelogin_args_map["spn"] : local.kubelogin_args_map["azurecli"] + value = (local.running_in_github_actions ? ( + local.spn_secret_authentication ? + local.kubelogin_args_map["spn"] : + local.kubelogin_args_map["workloadidentity"] + ) : + local.kubelogin_args_map["azurecli"] + ) } output "azure_RBAC_enabled" { value = local.azure_RBAC_enabled diff --git a/aks/cluster_data/variables.tf b/aks/cluster_data/variables.tf index 8c5b3e8..e7323ba 100644 --- a/aks/cluster_data/variables.tf +++ b/aks/cluster_data/variables.tf @@ -90,10 +90,18 @@ locals { "azurecli", "--server-id", "6dae42f8-4368-4678-94ff-3960e28e3630" + ], + workloadidentity = [ + "get-token", + "--login", + "workloadidentity", + "--server-id", + "6dae42f8-4368-4678-94ff-3960e28e3630" ] } azure_RBAC_enabled = length(data.azurerm_kubernetes_cluster.main.azure_active_directory_role_based_access_control) > 0 - spn_authentication = contains(keys(data.environment_variables.github_actions.items), "GITHUB_ACTIONS") + running_in_github_actions = contains(keys(data.environment_variables.github_actions.items), "GITHUB_ACTIONS") + spn_secret_authentication = contains(keys(data.environment_variables.github_actions.items), "AAD_SERVICE_PRINCIPAL_CLIENT_SECRET") }