Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for OIDC Authentication #101

Closed
ms-henglu opened this issue May 6, 2022 · 11 comments · Fixed by #240
Closed

Support for OIDC Authentication #101

ms-henglu opened this issue May 6, 2022 · 11 comments · Fixed by #240
Labels
enhancement New feature or request
Milestone
Version 1.1

Comments

@ms-henglu
Copy link
Member

ms-henglu commented May 6, 2022
edited
Loading

Use OpenID Connect within your workflows to authenticate with Azure.

Blocked by Azure/azure-sdk-for-go#15615

doc: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure
similar issue: hashicorp/terraform-provider-azurerm#16554
@ms-henglu ms-henglu added enhancement New feature or request upstream-sdk labels May 6, 2022
@ms-henglu
Copy link
Member Author

https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/azidentity doesn't support OIDC yet.

Roadmap: Azure/azure-sdk-for-go#16728

@petr-stupka
Copy link

Helper already available via hashicorp/go-azure-helpers#115

Terraform 1.2.0 introduced support for backend authentication OIDC as well

@LaurentLesle
Copy link

@ms-henglu can you check if you can progress with this issue? Looks like the dependency has been closed Azure/azure-sdk-for-go#16728

@jamescrowley
Copy link

jamescrowley commented Jun 5, 2022
edited
Loading

Just got blocked by this as we're using OIDC for GitHub Actions on a new project.

We're setting the ARM_USE_OIDC environment variable, as used by azurerm provider & backend to enable the feature, so if you end up needing a switch to turn this on, if you could utilise an environment variable like that (in addition to whatever properties you decide on the provider itself), that would be fab. Many thanks.

@ms-henglu
Copy link
Member Author

@LaurentLesle - Thanks! I just checked again, it seems they're tracking this feature by Azure/azure-sdk-for-go#15615 according to Azure/azure-sdk-for-go#16728 (comment).

@grayzu grayzu added this to the Version 1.0 milestone Jul 25, 2022
@helenakallekleiv helenakallekleiv mentioned this issue Sep 19, 2022
Merged
helenakallekleiv added a commit to equinor/terraform-azurerm-storage that referenced this issue Sep 19, 2022
@helenakallekleiv @github-actions
feat: remove blob pitr (#89)
18c921c 
AzAPI provider currently does not support OIDC authentication.
(Azure/terraform-provider-azapi#101)
Comment out until this is supported.

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@ghost
Copy link

ghost commented Oct 4, 2022

Any news on that feature ?

@grayzu grayzu modified the milestones: Version 1.0, Version 1.1 Oct 25, 2022
@dschniepp
Copy link

dschniepp commented Nov 2, 2022
edited
Loading

Does it make sense to provide a temporarily solution based on the upcoming release, with the workaround described here Azure/azure-sdk-for-go#15615 (comment)? @ms-henglu would you be interested in this as a contribution from the community?

@ms-henglu
Copy link
Member Author

Hi @dschniepp ,

Thanks for the suggestion! I'll give it a try when the azidentity v1.2.0 stable version released in the next week.

@dschniepp
Copy link

Thanks, @ms-henglu if you need support feel free to loop me in.

@AdamCoulterOz
Copy link

@grayzu was this planned for 1.1? looks like it didn't make it?

@implodingduck implodingduck mentioned this issue Dec 16, 2022
Closed
@adelinn adelinn mentioned this issue Jan 9, 2023
Closed
@ms-zhenhua ms-zhenhua mentioned this issue Jan 12, 2023
Merged
@ms-henglu
Copy link
Member Author

Hi all,

This feature has been released in v1.3.0. More details can be found here: https://registry.terraform.io/providers/Azure/azapi/latest/docs/guides/service_principal_oidc

I'll close this issue but feel free to reopen it if there's any further question.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
Version 1.1
Development

Successfully merging a pull request may close this issue.

Support OIDC authentication for AzAPI ms-zhenhua/terraform-provider-azapi
7 participants
@jamescrowley @dschniepp @grayzu @LaurentLesle @AdamCoulterOz @petr-stupka @ms-henglu