Support: User-assigned Identity (MSI) login for Azure

[Robert-Stam]

Feature I would like
Currently for Azure (login) MSI is supported.
X-Ref: https://www.vaultproject.io/docs/auth/azure.html

However this supports system-assigned identities are only, it would be great if user-assigned identities are supported as well.

Details
We are running kubernetes in Azure using the AKS service, where Managed Identity (which is currently in-preview) switched on, see https://docs.microsoft.com/en-us/azure/aks/use-managed-identity for details. For the vmss (Virtual machine scale set) it creates user-assigned identities.

Inside the pod, where I want to login to Vault I am able to get this identity (including the other information needed for login), however this result in the following error:
PUT: [url]/v1/auth/azure/login
Code: 500. Errors: * vmss principal id is empty

Instead of checking the vmss.Identity.PrincipalID only, it would be great if the vmss.Identity.IdentityIds could be used as well.

Please let me know if more details are needed, I am happy to provide them.

[infa-bsurber]

Is there an ETA on this?

[kalafut]

Fixed in hashicorp/vault-plugin-auth-azure#33

[Robert-Stam]

Thanks for picking up!
Note that last week the feature on AKS went into GA, so the pieces fits perfectly together.