[enhancement]: Self-managed agents able to (de)register themselves with no tokens using the user-assigned Azure AD Managed Identity associated to the agent machine

[clemlesne]

Describe your feature request here

Relates to #4233 (comment).

[aleksandrlevochkin]

Hi @clemlesne, thank you for proposing this enhancement, we are working on higher prioritized issues at the moment, but we will get back to this one as soon as possible.

[phmcder]

I am also in need of this

[markstoel]

I'm actually surprised that given the statement that of version 3.227.1 Service Principal is supported, and I quote: "You can register an agent using a Service Principal starting with agent version 3.227.1 by specifying SP as the agent authentication option."

This is not fully implemented yet.
Anyway, same here. Also in need of this.

[robertblowers-nasstar]

To also add my support for this ticket.

Been able to configure an agent unattended and running it with --once mode
./config.sh --unattended
--agent "${AZP_AGENT_NAME:-$(hostname)}"
--url "${AZP_URL}"
--auth "SP"
--clientid "${AZP_CLIENT_ID}"
--tenantid "${AZP_TENANT_ID}"
--clientsecret "${AZP_CLIENT_SECRET}"
--pool "${AZP_POOL:-Default}"
--work "${AZP_WORK:-_work}"
--replace
--acceptTeeEula & wait $!

But when the agent comes to deregister itself after running the job it gets:

Failed: Removing agent from the server
VS30063: You are not authorized to access https://dev.azure.com.

This feature would look to remedy this problem

[hilariocoelho]

This would be a very helpful feature so we can setup self hosted agents without any token on AKS using pod assigned identity

[github-actions]

This issue has had no activity in 180 days. Please comment if it is not actually stale

[clemlesne]

Not completed at all.