The AAD Pod Identity project welcomes contributions and suggestions.


The AAD Pod Identity project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.



  • Go 1.18
  • Docker
  • an AKS cluster
  • Helm 3
  • A container registry. One of the following would work:
    • Dockerhub
    • Azure Container Registry (ACR)

Development flow

git clone ${GOPATH}/src/
cd ${GOPATH}/src/

export REGISTRY=<RegistryName>

# Build MIC and NMI images
make image-mic image-nmi

# push images to your container registry
make push-mic push-nmi

# install the above images on your cluster
helm install aad-pod-identity manifest_staging/charts/aad-pod-identity \
  --set image.repository="${REGISTRY}" \
  --set mic.tag=v0.0.0-dev \
  --set nmi.tag=v0.0.0-dev

Test Standard

Unit tests

Unit tests focus on testing individual units and components of aad-pod-identity and they don’t require any additional services to execute. They should be fast and great for getting the first signal on whether the implementation works or not. To run unit tests:

make unit-test

In most cases, pull requests should include an adequate amount of unit tests such that the code coverage of the pull request may not lessen the code coverage of the main branch.

End-to-end tests

End-to-end testing tests whether the flow of aad-pod-identity from start to finish is behaving as expected. Following guidelines should be followed when developing E2E tests:

See test/e2e/ on how to run the aad-pod-identity e2e test suite locally.