How to avoid setting hard-coded string for AKS AAD Server #639
Comments
datlife
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
datlife
changed the title
Hello,
One of our project is to programmatically interact with Azure K8s Service (AKS) using OpenID Connect protocol. One of the requirements in the protocol is to set
audfield. Currently, I use6dae42f8-4368-4678-94ff-3960e28e3630and it is working. This string is a Service Principal ID of AKS AAD Server shared across all Azure Clusters.$ az ad sp show --id 6dae42f8-4368-4678-94ff-3960e28e3630 { "accountEnabled": "True", "addIns": [], "alternativeNames": [], "appDisplayName": "Azure Kubernetes Service AAD Server", .... "servicePrincipalNames": [ "6dae42f8-4368-4678-94ff-3960e28e3630", "https://aks-aad-server.azure.com" ], "servicePrincipalType": "Application", "signInAudience": "AzureADMultipleOrgs", ...However, my concern is that this string might change in the future. Is there any way to programmatically obtain this unique ID from the library? I notice that we currently have https://github.com/Azure/go-autorest/blob/autorest/azure/auth/v0.5.7/autorest/azure/environments.go#L83 , but I could not find one for AKS AAD Server.
Thanks
The text was updated successfully, but these errors were encountered: