Enable Workload Identity

[danielscholl]

This change set moves the solution to fully leverage workload identity.

[Copilot]

Copilot reviewed 47 out of 62 changed files in this pull request and generated 2 comments.

Files not reviewed (15)

• bicep/main.bicep: Language not supported
• bicep/main.parameters.json: Language not supported
• bicep/modules/blade_cluster.bicep: Language not supported
• bicep/modules/blade_configuration.bicep: Language not supported
• bicep/modules/blade_partition.bicep: Language not supported
• bicep/modules/keyvault_secrets.bicep: Language not supported
• bicep/modules/managed-cluster/agent-pool/main.bicep: Language not supported
• bicep/modules/managed-cluster/aks_appconfig_extension.bicep: Language not supported
• bicep/modules/managed-cluster/aks_policy.bicep: Language not supported
• bicep/modules/managed-cluster/main.bicep: Language not supported
• bicep/modules/managed-cluster/maintenance-configurations/main.bicep: Language not supported
• charts/osdu-developer-base/Chart.yaml: Evaluated as low risk
• charts/osdu-developer-init/Chart.yaml: Evaluated as low risk
• charts/blob-upload/Chart.yaml: Evaluated as low risk
• .github/workflows/test.yml: Evaluated as low risk

Comments suppressed due to low confidence (3)

charts/osdu-developer-base/templates/envoy-filter.yaml:63

• The 'appid' claim is used as a fallback for 'x-user-id', which might not be appropriate. 'appid' typically represents application IDs, not user IDs.

request_handle:headers():add("x-user-id", payload["appid"])

charts/osdu-developer-init/README.md:27

• [nitpick] The new namespace 'osdu-core-osdu-init-user' should be verified to ensure it is correct.

helm template osdu-core-osdu-init-user -f custom_values.yaml .

charts/osdu-developer-init/README.md:29

• [nitpick] The new namespace 'osdu-core-osdu-init-partition' should be verified to ensure it is correct.

helm upgrade --install osdu-core-osdu-init-partition . -n $NAMESPACE -f custom_values.yaml