Related command
#N/A
Is your feature request related to a problem? Please describe.
Azure CLI is a mandatory step when using federated identities in Azure DevOps to get an AAD Token. This forces people to install Azure CLI, hence in my case having docker images being 5 to 10 times the original size.
Describe the solution you'd like
In would be nice to just have a minimal core setup in order to use az login to get a token, and let some other tools rely on this token to do the job (terraform for example). So maybe it would be enough to just install what's needed for this sub command.
Describe alternatives you've considered
Tried to get the token from the azure devops job environment, but seems impossible. atm.
microsoft/azure-pipelines-agent#5199
Additional context
This is an attempt to use separate identities in a scalable self hosted agent architecture.
AKS w/ KEDA, The scaled job, uses workload identity to be able to register to the agent pool. But the pipeline job itself should rely on the service connection to inherit the permissions on the Azure side. Without the heavy weight azure cli if possible.
Related command
#N/A
Is your feature request related to a problem? Please describe.
Azure CLI is a mandatory step when using federated identities in Azure DevOps to get an AAD Token. This forces people to install Azure CLI, hence in my case having docker images being 5 to 10 times the original size.
Describe the solution you'd like
In would be nice to just have a minimal core setup in order to use az login to get a token, and let some other tools rely on this token to do the job (terraform for example). So maybe it would be enough to just install what's needed for this sub command.
Describe alternatives you've considered
Tried to get the token from the azure devops job environment, but seems impossible. atm.
microsoft/azure-pipelines-agent#5199
Additional context
This is an attempt to use separate identities in a scalable self hosted agent architecture.
AKS w/ KEDA, The scaled job, uses workload identity to be able to register to the agent pool. But the pipeline job itself should rely on the service connection to inherit the permissions on the Azure side. Without the heavy weight azure cli if possible.