ImIOImI/login-workload-identity.sh

## login-workload-identity.sh
# Reference https://blog.baeke.info/2022/05/18/quick-guide-to-kubernetes-workload-identity-on-aks/
echo $AZURE_CLIENT_ID
echo $AZURE_TENANT_ID
echo $AZURE_FEDERATED_TOKEN_FILE
cat $AZURE_FEDERATED_TOKEN_FILE
echo $AZURE_AUTHORITY_HOST

# list the standard Kubernetes service account secrets
cd /var/run/secrets/kubernetes.io/serviceaccount
ls

# check the folder containing the AZURE_FEDERATED_TOKEN_FILE
cd /var/run/secrets/azure/tokens
ls

# you can use the AZURE_FEDERATED_TOKEN_FILE with the Azure CLI
# together with $AZURE_CLIENT_ID and $AZURE_TENANT_ID
# a password is not required since we are doing federated token exchange
echo "az login --federated-token \"$(cat ${AZURE_FEDERATED_TOKEN_FILE})\" \
--service-principal -u ${AZURE_CLIENT_ID} -t ${AZURE_TENANT_ID}"

az login --federated-token "$(cat $AZURE_FEDERATED_TOKEN_FILE)" \
--service-principal -u $AZURE_CLIENT_ID -t $AZURE_TENANT_ID

# list resource groups
az group list
	# Reference https://blog.baeke.info/2022/05/18/quick-guide-to-kubernetes-workload-identity-on-aks/
	echo $AZURE_CLIENT_ID
	echo $AZURE_TENANT_ID
	echo $AZURE_FEDERATED_TOKEN_FILE
	cat $AZURE_FEDERATED_TOKEN_FILE
	echo $AZURE_AUTHORITY_HOST

	# list the standard Kubernetes service account secrets
	cd /var/run/secrets/kubernetes.io/serviceaccount
	ls

	# check the folder containing the AZURE_FEDERATED_TOKEN_FILE
	cd /var/run/secrets/azure/tokens
	ls

	# you can use the AZURE_FEDERATED_TOKEN_FILE with the Azure CLI
	# together with $AZURE_CLIENT_ID and $AZURE_TENANT_ID
	# a password is not required since we are doing federated token exchange
	echo "az login --federated-token \"$(cat ${AZURE_FEDERATED_TOKEN_FILE})\" \
	--service-principal -u ${AZURE_CLIENT_ID} -t ${AZURE_TENANT_ID}"

	az login --federated-token "$(cat $AZURE_FEDERATED_TOKEN_FILE)" \
	--service-principal -u $AZURE_CLIENT_ID -t $AZURE_TENANT_ID

	# list resource groups
	az group list