Azurerm Provider: Allow Accessing current user object ID

[thekevinbrown]

Description

I’m trying to create a certificate in Azure key vault with CDKTF. To do that, I need a key vault policy applied that allows the CDKTF user to do this action. The code I’ve got to do that currently looks like this:

// The deploying user (us right now in CDKTF context) need to be able to manage certificates
const deployerAccessForCertificates = new KeyVaultAccessPolicyA(
	construct,
	`deploy-key-vault-access`,
	{
		keyVaultId: vault.id,
		objectId: process.env.AZURE_APP_REGISTRATION_OBJECT_ID ?? '',
		tenantId: vault.tenantId,
		certificatePermissions: ['Create', 'Get', 'List', 'Delete'],
	}
);

This is really annoying though, because I’m already authenticating successfully and I’d like to have one less constant to pull from the Azure console. I see that this is supported in the azurerm provider now, how do I access it from CDK code? E.g. I’d like the objectId value in the above snippet to be able to grab the current user’s objectId.

References

No response

Help Wanted

• I'm interested in contributing a fix myself

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment