[AzureCLI] Loading service principal profile on request in azure config #8819
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -132,13 +132,24 @@ export class azureclitask { | |
| // set az cli config dir | ||
| this.setConfigDirectory(); | ||
|
|
||
| // set config.json | ||
| this.loadServicePrincipalsIfRequired(servicePrincipalId, cliPassword, subscriptionID); | ||
|
|
||
| //login using svn | ||
| this.throwIfError(tl.execSync("az", "login --service-principal -u \"" + servicePrincipalId + "\" -p \"" + cliPassword + "\" --tenant \"" + tenantId + "\""), tl.loc("LoginFailed")); | ||
| this.isLoggedIn = true; | ||
| //set the subscription imported to the current subscription | ||
| this.throwIfError(tl.execSync("az", "account set --subscription \"" + subscriptionID + "\""), tl.loc("ErrorInSettingUpSubscription")); | ||
| } | ||
|
|
||
| private static loadServicePrincipalsIfRequired(servicePrincipalId, client_key, subscriptionID): void { | ||
| var loadFileName = tl.getVariable("LOAD_SERVICE_PRINCIPAL"); | ||
|
There was a problem hiding this comment. We should not expect the user to specify the file name as the file name is kind of fixed in the az cli code and expect user to specify true/false only. Secondly LOAD word does not look right. We should change it to CREATE_SERVICE_PRINCIPAL_FILE Thirdly if there is a logout action in the task, we should delete the file as well. There was a problem hiding this comment. What is the scenario for this requirement? There was a problem hiding this comment. This is required for supporting a scenario where the user wants to use the SPN details of the There was a problem hiding this comment. Got it. It also addresses #8726 . Should the secrets rather be set as secret variables instead of this file for easier consumption? Also I believe this file will get deleted after the task exists (due to logout) - is that correct? There was a problem hiding this comment. This file is a convention followed by There was a problem hiding this comment. If this is the already saved by az cli - then why do we need to store it again? There was a problem hiding this comment. I meant, the file is a convention for the There was a problem hiding this comment. Got it. Given that we have requests for use cases other than aks (as pointed above), and also this file syntax is an internal implementation of aks (subject to change) - should we consider the environment variables so that this feature is more usable for all scenarios. There was a problem hiding this comment. Azure endpoint can take client key or a certificate. Az CLI today does no support certificate yet (Azure PS does). @Ajay-MS would likely enhance Az CLI as well. Want to know if the solution proposed will scale for both client key and certificate? |
||
| if (!!loadFileName) { | ||
| loadFileName = loadFileName.trim(); | ||
| fs.writeFileSync(path.join(this.azCliConfigPath, loadFileName), JSON.stringify({ [subscriptionID]: { client_secret: client_key, service_principal: servicePrincipalId } })); | ||
| } | ||
| } | ||
|
|
||
| private static setConfigDirectory(): void { | ||
| var configDirName: string = "c" + new Date().getTime(); // 'c' denotes config | ||
| if (tl.osType().match(/^Win/)) { | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rename the function as well to createServicePrincipalsIfRequired