How to enable workload-Identity and oidc-issuer for AKS managed cluster (azure native)?

[igor-pshul]

Dear community, I'm trying to enable workload identity and oidc issure for Azure Kubernetes Cluster using pulumi azure-native package. Unfortunately, I couldn't find any possibility there:
https://www.pulumi.com/registry/packages/azure-native/api-docs/containerservice/managedcluster/

It is indeed possible to do this with azure-cli:
az aks create myk8s --enable-oidc-issuer --enable-workload-identity

Also in the azure-classic package, both flags can be set: workloadIdentityEnabled and oidcIssuerEnabled

Am I missing something or is it on purpose, that those flags don't exist in azure-native package?

[nyobe]

I believe this is because the default exported version of the containerservice api is v20210301, but these properties weren't added until v20220901. You can import a specific api version when the default doesn't suffice. (It looks like workloadIdentityEnabled is exposed under securityProfile)

[assaf-grth]

I managed to get workload identity to work using v20230102preview (not earlier) for python
Looking at the example at the official documentation (details) everything should work with the Azure Native (v2 Beta) v2.0.0-beta.1 version but I'm obligated to use specific versions in order to get it to work

Can any explain or share a link to an explanation regarding when to use the specific version and when to use the default? (it looks like the default version is published later than the dates of the specific one - 20230102)