How to avoid setting hard-coded string for AKS AAD Server
datlife opened this issue · 0 comments
datlife commented
Hello,
One of our project is to programmatically interact with Azure K8s Service (AKS) using OpenID Connect protocol. One of the requirements in the protocol is to set aud field. Currently, I use 6dae42f8-4368-4678-94ff-3960e28e3630 and it is working. This string is a Service Principal ID of AKS AAD Server shared across all Azure Clusters.
$ az ad sp show --id 6dae42f8-4368-4678-94ff-3960e28e3630
{
"accountEnabled": "True",
"addIns": [],
"alternativeNames": [],
"appDisplayName": "Azure Kubernetes Service AAD Server",
....
"servicePrincipalNames": [
"6dae42f8-4368-4678-94ff-3960e28e3630",
"https://aks-aad-server.azure.com"
],
"servicePrincipalType": "Application",
"signInAudience": "AzureADMultipleOrgs",
...However, my concern is that this string might change in the future. Is there any way to programmatically obtain this unique ID from the library? I notice that we currently have https://github.com/Azure/go-autorest/blob/autorest/azure/auth/v0.5.7/autorest/azure/environments.go#L83 , but I could not find one for AKS AAD Server.
Thanks