ImIOImI · March 15, 2024 20:15
diff --git a/login-workload-identity.sh b/login-workload-identity.sh
 # Reference https://blog.baeke.info/2022/05/18/quick-guide-to-kubernetes-workload-identity-on-aks/
 echo $AZURE_CLIENT_ID
 echo $AZURE_TENANT_ID
 echo $AZURE_FEDERATED_TOKEN_FILE
 cat $AZURE_FEDERATED_TOKEN_FILE
 echo $AZURE_AUTHORITY_HOST

 # list the standard Kubernetes service account secrets
 cd /var/run/secrets/kubernetes.io/serviceaccount
 ls 

 # check the folder containing the AZURE_FEDERATED_TOKEN_FILE
 cd /var/run/secrets/azure/tokens
 ls

 # you can use the AZURE_FEDERATED_TOKEN_FILE with the Azure CLI
 # together with $AZURE_CLIENT_ID and $AZURE_TENANT_ID
 # a password is not required since we are doing federated token exchange
 echo "az login --federated-token \"$(cat ${AZURE_FEDERATED_TOKEN_FILE})\" \
 --service-principal -u ${AZURE_CLIENT_ID} -t ${AZURE_TENANT_ID}"

 az login --federated-token "$(cat $AZURE_FEDERATED_TOKEN_FILE)" \
 --service-principal -u $AZURE_CLIENT_ID -t $AZURE_TENANT_ID

 # list resource groups
 az group list
	# Reference https://blog.baeke.info/2022/05/18/quick-guide-to-kubernetes-workload-identity-on-aks/
	echo $AZURE_CLIENT_ID
	echo $AZURE_TENANT_ID
	echo $AZURE_FEDERATED_TOKEN_FILE
	cat $AZURE_FEDERATED_TOKEN_FILE
	echo $AZURE_AUTHORITY_HOST

	# list the standard Kubernetes service account secrets
	cd /var/run/secrets/kubernetes.io/serviceaccount
	ls

	# check the folder containing the AZURE_FEDERATED_TOKEN_FILE
	cd /var/run/secrets/azure/tokens
	ls

	# you can use the AZURE_FEDERATED_TOKEN_FILE with the Azure CLI
	# together with $AZURE_CLIENT_ID and $AZURE_TENANT_ID
	# a password is not required since we are doing federated token exchange
	echo "az login --federated-token \"$(cat ${AZURE_FEDERATED_TOKEN_FILE})\" \
	--service-principal -u ${AZURE_CLIENT_ID} -t ${AZURE_TENANT_ID}"

	az login --federated-token "$(cat $AZURE_FEDERATED_TOKEN_FILE)" \
	--service-principal -u $AZURE_CLIENT_ID -t $AZURE_TENANT_ID

	# list resource groups
	az group list