Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Identity] az identity federated-credential: Add subgroup to support managing federated identity credentials of existing user assigned identities #23681

Merged
merged 7 commits into from
Sep 1, 2022
Merged

[Identity] az identity federated-credential: Add subgroup to support managing federated identity credentials of existing user assigned identities #23681

merged 7 commits into from
Sep 1, 2022

Conversation

yanzhudd
Copy link
Contributor

@yanzhudd yanzhudd commented Aug 26, 2022
edited
Loading

Related command

create FIC:
az identity federated-credential create --name myFicName --identity-name myIdentityName --resource-group myResourceGroup --issuer myIssuer --subject mySubject --audiences myAudiences

update FIC:
az identity federated-credential update --name myFicName --identity-name myIdentityName --resource-group myResourceGroup --issuer myIssuer --subject mySubject --audiences myAudiences

read FIC:
az identity federated-credential show --name myFicName --identity-name myIdentityName --resource-group myResourceGroup

read all FICs associated with the user-assigned identity:
az identity federated-credential list --identity-name myIdentityName --resource-group myResourceGroup

delete FIC:
az identity federated-credential delete --name myFicName --identity-name myIdentityName --resource-group myResourceGroup

Description

In az identity group, add subgroup az identity federated-credential to support managing federated identity credentials of existing user assigned identities
Close #23152

Testing Guide

History Notes

[Compute] az identity federated-credential: Add subgroup to support managing federated identity credentials of existing user assigned identities

This checklist is used to make sure that common guidelines for a pull request are followed.

@ghost ghost requested a review from yonzhan August 26, 2022 04:16
@ghost ghost added the Auto-Assign Auto assign by bot label Aug 26, 2022
@ghost ghost requested a review from wangzelin007 August 26, 2022 04:16
@ghost ghost assigned zhoxing-ms Aug 26, 2022
@ghost ghost added this to the Aug 2022 (2022-09-06) milestone Aug 26, 2022
@ghost ghost added Compute az vm/vmss/image/disk/snapshot Managed Identity For `az identity` only labels Aug 26, 2022
@yonzhan
Copy link
Collaborator

yonzhan commented Aug 26, 2022

Compute

@zhoxing-ms zhoxing-ms changed the title [Compute] az identity federated-credential: Add subgroup to support managing federated identity credentials of existing user assigned identities [Identity] az identity federated-credential: Add subgroup to support managing federated identity credentials of existing user assigned identities Aug 30, 2022
@zhoxing-ms zhoxing-ms merged commit ffbcfd0 into Azure:dev Sep 1, 2022
@yanzhudd yanzhudd deleted the msi_add_fic branch September 1, 2022 07:42
jiasli
jiasli reviewed Jul 7, 2023
View reviewed changes
src/azure-cli/azure/cli/command_modules/identity/_help.py
Comment on lines +39 to +46
helps['identity federated-credential create'] = """
type: command
short-summary: Create a federated identity credential under an existing user assigned identity.
examples:
- name: Create a federated identity credential under a specific user assigned identity.
text: |
az identity federated-credential create --name myFicName --identity-name myIdentityName --resource-group myResourceGroup --issuer myIssuer --subject mySubject --audiences myAudiences
"""
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This command az identity federated-credential create acts on managed identity: https://learn.microsoft.com/en-us/azure/active-directory/workload-identities/workload-identity-federation-create-trust-user-assigned-managed-identity?pivots=identity-wif-mi-methods-azcli

az ad app federated-credential create (#23122) acts on AAD application: https://learn.microsoft.com/en-us/azure/active-directory/workload-identities/workload-identity-federation-create-trust?pivots=identity-wif-apps-methods-azcli

However, they expose different command interfaces:

  • az identity federated-credential create uses separated arguments --issuer, --subject and --audiences
  • az ad app federated-credential create uses --parameters which includes issuer, subject and audiences in a JSON payload. This decision was made in email thread: federatedIdentityCredentials's implementation in Azure CLI

In my opinion, this causes inconsistency and increases users' learning cost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jiasli jiasli jiasli left review comments

@zhoxing-ms zhoxing-ms zhoxing-ms approved these changes

@evelyn-ys evelyn-ys Awaiting requested review from evelyn-ys

@jsntcy jsntcy Awaiting requested review from jsntcy

@kairu-ms kairu-ms Awaiting requested review from kairu-ms

@calvinhzy calvinhzy Awaiting requested review from calvinhzy

@necusjz necusjz Awaiting requested review from necusjz

@yonzhan yonzhan Awaiting requested review from yonzhan

@wangzelin007 wangzelin007 Awaiting requested review from wangzelin007

Assignees

@zhoxing-ms zhoxing-ms

Labels
Auto-Assign Auto assign by bot Compute az vm/vmss/image/disk/snapshot Managed Identity For `az identity` only
Projects
None yet
Milestone
Aug 2022 (2022-09-06)
Development

Successfully merging this pull request may close these issues.

Release of MSI version 2022-01-31-preview
4 participants
@yanzhudd @yonzhan @jiasli @zhoxing-ms