Looking for some clarification on the documentation for creating a OpenID connection (Workload Identity) to Azure.
In the step -Create Azure AD federated identity credentials , the subject is created using a combination of project and branch name
{
"name": "gitlab-federated-identity",
"issuer": "https://gitlab.example.com",
"subject": "project_path:<mygroup>/<myproject>:ref_type:branch:ref:<branch>",
"description": "GitLab service account federated identity",
"audiences": [
"https://gitlab.example.com"
]
}
I was wondering if it would be possible replace branch with environment.
{
"name": "gitlab-federated-identity",
"issuer": "https://gitlab.example.com",
"subject": "project_path:<mygroup>/<myproject>:ref_type:environment:ref:<environment>",
"description": "GitLab service account federated identity",
"audiences": [
"https://gitlab.example.com"
]
}
Azure can work with several entity types (branch, tag, environment) but I am was not able to find a reference for Gitlab.
Any help would be appreciated!