我希望使用Google服务账户JWT令牌为Azure服务主体(SP)获取临时凭据。这是为了从GKE工作负载调用Azure API,而不必在GKE中存储长期SP凭据。
GCP -> Azure是否支持这样的联合身份验证(我知道Azure -> GCP支持,基于[1],以及GCP -> AWS [2]),如何实现?
[1] https://cloud.google.com/iam/docs/workload-identity-federation [2] https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html
GCP -> Azure是否支持这样的联合身份验证(我知道Azure -> GCP支持,基于[1],以及GCP -> AWS [2]),如何实现?
[1] https://cloud.google.com/iam/docs/workload-identity-federation [2] https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html