terraform
terraform copied to clipboard
hashicorp
backend/azurerm: add support for generic OIDC authentication
Support for generic OIDC authentication (eg. for Gitlab or Kubernetes) has been added to azurerm provider as well as in the go-azure-helpers already: https://github.com/hashicorp/terraform-provider-azurerm/issues/16901 https://github.com/hashicorp/go-azure-helpers/blob/main/authentication/auth_method_oidc.go#L41
Currently the remote state backend only supports Github Actions. This pull requests added the support for generic OIDC as in the provider. Also, the documentation has been updated to reflect the usage.
Info: This pull request upgrades the dependency of go-azure-helpers to the latest available version.
Fixes #31802
Target Release
1.4.x
Draft CHANGELOG entry
NEW FEATURES
- Added support for generic OIDC authentication in azurerm remote state backend (eg. Gitlab or Kubernetes)
Can I please ask if this is still been worked on as we'll need to use this functionality in Azure Kubernetes Cluster and move away from pod-identity which will replaced soon with workload identity?
@kabal2010 This is more or less ready for merging but will not be released until Terraform 1.4.
@manicminer Thanks for a prompt response on this. Just out of curiosity, is there a timeline for this?
@kabal2010, not at this time. "Minor" numbered releases usually happen every four months or so, but it depends on what work is slated for that release. I wish I had a clearer (or sooner!) timeline for you, but I wanted to set expectations appropriately. Hope this helps!
@crw Thanks for that. I wish this can be made available sooner in the upcoming 1.3.x releases, but unfortunately, like you mentioned, we might have to be patient. In the meantime, since it works in Github Actions, we'll research that and hopefully it'll meet our requirements.
Thanks again for this PR @kschu91. We've chatted internally and we should be able to backport this to v1.3 so this will hopefully make it out in the next patch release.
Reminder for the merging maintainer: if this is a user-visible change, please update the changelog on the appropriate release branch.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@manicminer This is wonderful news and thanks to everyone that made this possible ASAP.
Thanks again for this PR @kschu91. We've chatted internally and we should be able to backport this to v1.3 so this will hopefully make it out in the next patch release.
Amazing news, thanks to all involved for the hard work!👍🏼
I can see this has now been released in 1.3.4. Thanks for everyone that made it possible once again
Thought I'd share a blog post with example code of this working: https://adamrushuk.github.io/configure-terraform-openid-connect-oidc-authentication-from-gitlab-ci-to-azure/
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.