Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55041

Adding a new configuration to the azure-vm-agents-plugin that allows adding a User Assigned Identity to a VM

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Adding a new configuration to the azure-vm-agents-plugin that can be modified when a VM is deployed. 

      The new configuration should provide us the ability to add a User-Assigned-Managed-Identity to a VM (in azure portal it is under "settings" -> "Identity " -> "User assigned (Preview)") - a screenshot is attached.

      This is necessary because of the key vault's access policies limit of 16 access policies only. 

        Attachments

          Activity

          Hide
          tomganor Tom Ganor added a comment -

          Hi Jie Shen! Is there an estimated due date for this?

          Thanks!

          Show
          tomganor Tom Ganor added a comment - Hi Jie Shen ! Is there an estimated due date for this? Thanks!
          Hide
          jieshe Jie Shen added a comment -

          Hi Tom Ganor, I have just reviewed this feature. It seems that user-assigned managed identity is also not an option for VM creation. Portal now only support system managed identity when you create a VM. By the way, user-assigned managed identity is just in preview now, so I think it may not the right time for vm plugin to support this. I think for now you should use init scripts to use user-assigned managed identity.

          Show
          jieshe Jie Shen added a comment - Hi Tom Ganor , I have just reviewed this feature. It seems that user-assigned managed identity is also not an option for VM creation. Portal now only support system managed identity when you create a VM. By the way, user-assigned managed identity is just in preview now, so I think it may not the right time for vm plugin to support this. I think for now you should use init scripts to use user-assigned managed identity.
          Hide
          tomganor Tom Ganor added a comment -

          Hi Jie Shen, what do you mean by " Portal now only support system managed identity"?

          As for now, the ability to add a user-assigned managed identity to a VM does exist. Am I missing something?

          Show
          tomganor Tom Ganor added a comment - Hi Jie Shen , what do you mean by " Portal now only support system managed identity"? As for now, the ability to add a user-assigned managed identity to a VM does exist. Am I missing something?
          Hide
          jieshe Jie Shen added a comment -

          Hi Tom Ganor, you can add a user-assigned managed identity to an existing VM, but you cannot set that when you create a new one. It is a after provision step more than a provision one.

          Show
          jieshe Jie Shen added a comment - Hi Tom Ganor , you can add a user-assigned managed identity to an existing VM, but you cannot set that when you create a new one. It is a after provision step more than a provision one.
          Hide
          tomganor Tom Ganor added a comment -

          Hi Jie Shen, OK I will close this ticket and try and figure out a different solution. 

          Thanks for all of your help anyway.

          Show
          tomganor Tom Ganor added a comment - Hi Jie Shen , OK I will close this ticket and try and figure out a different solution.  Thanks for all of your help anyway.

            People

            • Assignee:
              jieshe Jie Shen
              Reporter:
              tomganor Tom Ganor
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: