mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
42 lines
1.5 KiB
Plaintext
42 lines
1.5 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/zero_trust_workload_identity_manageer/zero-trust-manager-oidc-federation.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="zero-trust-manager-configure-azure-identity_{context}"]
|
|
= Configuring an Azure user managed identity
|
|
|
|
You need to Create a new User Managed Identity and then obtain the Client ID of the related Service Principal associated with the User Managed Identity.
|
|
|
|
.Procedure
|
|
|
|
. Create a new User Managed Identity and then obtain the Client ID of the related Service Principal associated with the User Managed Identity by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ az identity create \
|
|
--name ${USER_ASSIGNED_IDENTITY_NAME} \
|
|
--resource-group ${RESOURCE_GROUP}
|
|
----
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ export IDENTITY_CLIENT_ID=$(az identity show --resource-group "${RESOURCE_GROUP}" --name "${USER_ASSIGNED_IDENTITY_NAME}" --query 'clientId' -otsv)
|
|
----
|
|
|
|
. Retrieve the `CLIENT_ID` of an Azure user-assigned managed identity and save it as an environment variable by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ export IDENTITY_CLIENT_ID=$(az identity show --resource-group "${RESOURCE_GROUP}" --name "${USER_ASSIGNED_IDENTITY_NAME}" --query 'clientId' -otsv)
|
|
----
|
|
|
|
. Associate a role with the Service Principal associated with the User Managed Identity by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ az role assignment create \
|
|
--role "Storage Blob Data Contributor" \
|
|
--assignee "${IDENTITY_CLIENT_ID}" \
|
|
--scope ${STORAGE_ACCOUNT_ID}
|
|
---- |