Comment 2 for bug 2051929

Referencing the Juju AWS IAM support, can you confirm the workflow you would prefer to use?
Note: we would be reusing the term "instance-role" to refer to the managed identity name, since this is the name of the constraint attribute already chosen and constraint attributes are used across providers.

For AWS we support 2 workflows. So we could do the same for Azure...

1. Have Juju create a suitable managed identity similar to what we do AWS:

$ juju bootstrap --bootstrap-constraints="instance-role=auto" azure

2. Create a user assigned managed identity "foo" in resource group "myrg", assign permissions, then

$ juju bootstrap -bootstrap-constraints="instance-role=foo" --config resource-group-name=myrg azure

I guess you'd want to be able to use either workflow?