Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC support for sovereign clouds #258

Closed
wants to merge 3 commits into from
Closed

OIDC support for sovereign clouds #258

wants to merge 3 commits into from

Conversation

arnoldna
Copy link

Added OIDC support for AzureUSGovernment and AzureChinaCloud

ISSUE #257- #257

@arnoldna arnoldna temporarily deployed to Automation test October 27, 2022 00:23 Inactive
@BALAGA-GAYATRI
Copy link
Contributor

@arnoldna Thanks for the PR. Can you add more details on the tests that were done for this PR?

@arnoldna
Copy link
Author

I have access to an AzureUSGovernment subscription and tested connectivity utilizing the following yaml:

`name: Run Azure Login with OpenID Connect
on: [push]

permissions:
id-token: write
contents: read

jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: 'Az CLI login'
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
environment: 'AzureUSGovernment'

- name: 'Run Azure CLI commands'
  run: |
      az account show
      az group list
      pwd`

If there are other tests you would like to run then let me know.

@jpmicrosoft
Copy link

@BALAGA-GAYATRI Any updates on this PR?

@github-actions
Copy link

github-actions bot commented Dec 5, 2022

This PR is idle because it has been open for 14 days with no activity.

@github-actions github-actions bot added the idle Inactive for 14 days label Dec 5, 2022
jpmicrosoft
jpmicrosoft approved these changes Dec 5, 2022
View reviewed changes
Copy link

@jpmicrosoft jpmicrosoft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@arnoldna arnoldna mentioned this pull request Feb 6, 2023
Closed
@shenglol shenglol mentioned this pull request Feb 7, 2023
Merged
@BALAGA-GAYATRI
Copy link
Contributor

We are following up on the same. Will get back with the info.

@arnoldna
Copy link
Author

arnoldna commented Mar 9, 2023

@BALAGA-GAYATRI - Can we get an update on when this PR will be approved? Thanks

@github-actions github-actions bot removed the idle Inactive for 14 days label Mar 9, 2023
@github-actions
Copy link

This PR is idle because it has been open for 14 days with no activity.

@github-actions github-actions bot added the idle Inactive for 14 days label Mar 23, 2023
@some-natalie
Copy link

friendly bump on this ❤️

@github-actions github-actions bot removed the idle Inactive for 14 days label May 3, 2023
@devopsjesus
Copy link

Looks like the linting is failing on README - can someone please fix this and merge? PR has been open for months

@some-natalie some-natalie mentioned this pull request May 17, 2023
Closed
@MoChilia MoChilia mentioned this pull request May 24, 2023
Merged
@MoChilia
Copy link
Member

Closing this pr, the feature is done in #321.

@MoChilia MoChilia closed this May 25, 2023
jiasli
jiasli reviewed May 25, 2023
View reviewed changes
src/main.ts
Comment on lines +74 to +87
switch(environment){
case 'azurecloud':
resourceManagerEndpointUrl = "https://management.azure.com/";
break;
case 'azureusgovernment':
resourceManagerEndpointUrl = "https://management.usgovcloudapi.net/";
break;
case 'azurechinacloud':
resourceManagerEndpointUrl = "https://management.chinacloudapi.cn/";
break;
default:
resourceManagerEndpointUrl = "https://management.azure.com/";
break;
}
Copy link
Member

@jiasli jiasli May 25, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

resourceManagerEndpointUrl is in the output of az ad sp create-for-rbac --sdk-auth and az cloud list/show, so it shouldn't be hard-coded.

> az ad sp create-for-rbac --sdk-auth
{
  "clientId": "...",
  "clientSecret": "...",
  "subscriptionId": "...",
  "tenantId": "...",
  "activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
  "resourceManagerEndpointUrl": "https://management.azure.com/",
  "activeDirectoryGraphResourceId": "https://graph.windows.net/",
  "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
  "galleryEndpointUrl": "https://gallery.azure.com/",
  "managementEndpointUrl": "https://management.core.windows.net/"
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jiasli jiasli jiasli left review comments

@jpmicrosoft jpmicrosoft jpmicrosoft approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@arnoldna @BALAGA-GAYATRI @jpmicrosoft @some-natalie @devopsjesus @MoChilia @jiasli