in azext_edge/edge/providers/orchestration/resources/instances.py [0:0]
def _ensure_oidc_issuer(self, cluster_resource: dict, use_self_hosted_issuer: Optional[bool] = None) -> str:
enabled_oidc = cluster_resource["properties"].get("oidcIssuerProfile", {}).get("enabled", False)
enabled_wlif = (
cluster_resource["properties"].get("securityProfile", {}).get("workloadIdentity", {}).get("enabled", False)
)
error = f"The connected cluster '{cluster_resource['name']}' is not enabled"
fix_with = (
f"Please enable with 'az connectedk8s update -n {cluster_resource['name']} "
f"-g {parse_resource_id(cluster_resource['id']).resource_group_name}"
)
if not enabled_oidc:
error += " as an oidc issuer"
fix_with += " --enable-oidc-issuer"
if not enabled_wlif:
sep = "" if enabled_oidc else " or"
error += f"{sep} for workload identity federation"
fix_with += " --enable-workload-identity"
error += ".\n"
error += f"{fix_with}'."
if any([not enabled_oidc, not enabled_wlif]):
raise ValidationError(error)
oidc_issuer_profile: dict = cluster_resource["properties"]["oidcIssuerProfile"]
issuer_key = "selfHostedIssuerUrl" if use_self_hosted_issuer else "issuerUrl"
issuer_url = oidc_issuer_profile.get(issuer_key)
if not issuer_url:
raise ValidationError(f"No {issuer_key} is available. Check cluster config.")
return issuer_url