Legacy

This section only applies if you have an existing Azure AD client registered in the IaC repository.

Pre-authorization

Communication between legacy clients provisioned through aad-iac and clients provisioned through NAIS requires some additional configuration.

Scenario 1

Allowing a NAIS client to access an aad-iac client

Prerequisites:

• You have a legacy client registered in the aad-iac repository.
• You would like to pre-authorize client provisioned through NAIS.

Steps:

• Refer to the NAIS client in aad-iac using its fully qualified name (see naming format):

<cluster>:<namespace>:<app-name>

Example:

• See this example in aad-iac.

---

Scenario 2

Allowing an aad-iac client to access a NAIS client

Prerequisites:

• You have a client provisioned through NAIS.
• You would like to pre-authorize a legacy client registered in the aad-iac repository.

Steps:

• The legacy client must follow the expected naming format. Follow step 1 and step 2 in the migration guide.
• Refer to the legacy client analogously to a NAIS application

Example:

• See this example in aad-iac
• Pre-authorizing the legacy client in nais.yaml:

spec:
  accessPolicy:
    inbound:
      rules:
      - application: dkif
        namespace: team-rocket
        cluster: dev-fss

Migration

If you have an existing legacy client in aad-iac and wish to keep the current client ID and configuration when moving to NAIS, contact us on Slack for assistance.

If keeping the existing client ID and configuration is not important, it should be much easier to just provision new clients instead.

---

Last update: 2022-12-02
Created: 2021-07-08