source-controller
source-controller copied to clipboard
fluxcd
Support Workload Identity in git source controller for Azure DevOps Repos
Is there option to use workload identity token as password for git source controller? If not, that would be very helpful. Recently Azure DevOps Repos introduced ability to use Service Principal and Azure Managed Identities to access source code in Azure Repos. However Flux seems not to have ability to work with this, or this is not documented.
Here's doc how to access Repos with Token: https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/service-principal-managed-identity?view=azure-devops#q-can-i-use-a-service-principal-to-do-git-operations-like-clone-a-repo
For those who came here and saw the above message, unfortunately, there has been no more work on this since February, and it looks like it's kind of dead. I may try to put together a PR for this, as it's the biggest blocker for using flux for my team.
I have a working solution, you can create a cron job that generates the token, create secret bearerToken out of generated token. Use this secret as secret in gitRepo object it will work.
Prerequisite:
- https://github.com/fluxcd/flux2/pull/4806
- https://github.com/fluxcd/pkg/pull/789
- https://github.com/fluxcd/pkg/pull/793
I have a working solution, you can create a cron job that generates the token, create secret bearerToken out of generated token. Use this secret as secret in gitRepo object it will work.
Could you give us a bit more details about that? How did you do? Using the az cli in a cronjob?
