Ashutosh Narkar
Ashutosh Narkar
This is achieved as part of https://github.com/cncf/tag-security/issues/737.
Closing this for now. We'll pick this up in the future based on prioritization, interest etc.
> I am wondering could opa load this token in this file AZURE_FEDERATED_TOKEN_FILE dynamically OPA will simply set the key-value pairs for the `additional_parameters` field, it will not read that...
@superff if we extend the OAuth2 Client Credentials mechanism to add a new one that takes `client_assertion_type` and `client_assertion` instead of the client secret, this should be good, correct?
> is it possible that opa can read this file $AZURE_FEDERATED_TOKEN_FILE and set it to the client_assertion We could have `client_assertion` and `client_assertion_path` params where the later takes a path...
If you'd like to contribute this feature, feel free to do so!
Hey @podedra92, @superff was looking into this. The PR was closed but I don't think we merged the changes. Could be more work/investigation is still needed on it.
@nikpivkin thanks for the contribution. I would encourage you to first create an issue and explain the proposal. Mainly the problem it's trying to solve and the improvements. This would...
Closing this for now. Feel free to open an issue to discuss the proposal. Thanks.
Happy to be an additional reviewer. No soft or hard conflicts of interest.