Adds documentation to add service principal #248
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
onurctirtir
reviewed
May 16, 2022
|
|
||
| - If you're having problems on `az login` as below | ||
| `AADSTS7000222: The provided client secret keys for app '********************' are expired....` | ||
| Then there is a problem related to service principal that is being used in CircleCI azure-cli orb |
There was a problem hiding this comment.
Suggested change
| Then there is a problem related to service principal that is being used in CircleCI azure-cli orb | |
| Then there is a problem related to service principal that is being used in CircleCI azure-cli orb. |
| `AADSTS7000222: The provided client secret keys for app '********************' are expired....` | ||
| Then there is a problem related to service principal that is being used in CircleCI azure-cli orb | ||
|
|
||
| There are three CircleCI environment variables being used by azure-cli plugin to login |
There was a problem hiding this comment.
Suggested change
| There are three CircleCI environment variables being used by azure-cli plugin to login | |
| There are three CircleCI environment variables being used by azure-cli plugin to login: |
| - AZURE_SP_TENANT | ||
|
|
||
| These three variables are defined by the service principal parameters app_id, client secret and tenant_id respectively. | ||
| You can see the definition of the service principal we are using is defined in the link below |
There was a problem hiding this comment.
Suggested change
| You can see the definition of the service principal we are using is defined in the link below | |
| You can see the definition of the service principal we are using in the link below: |
Comment on lines
+876
to
+877
| If you get the error above, you need to add a new certificate using Certificates & Secrets blade | ||
| and change the value of the AZURE_SP_PASSWORD value with the new secret value. |
There was a problem hiding this comment.
Suggested change
| If you get the error above, you need to add a new certificate using Certificates & Secrets blade | |
| and change the value of the AZURE_SP_PASSWORD value with the new secret value. | |
| If you get the error above, you need to add a new certificate using Certificates & Secrets blade | |
| and change the value of the AZURE_SP_PASSWORD value with the new secret value. |
| In some cases you may not access the Service Principal since owners could be removed by admins. | ||
| In that case you need to add another service principal using the command below after logged in using your credentials | ||
|
|
||
| `az ad sp create-for-rbac --name <new_service_provider_name> --role contributor --scope /subscriptions/88abe223-c630-4f2c-8782-00bb5be874f6` |
There was a problem hiding this comment.
let's not hardcode subscription id:
Suggested change
| `az ad sp create-for-rbac --name <new_service_provider_name> --role contributor --scope /subscriptions/88abe223-c630-4f2c-8782-00bb5be874f6` | |
| `az ad sp create-for-rbac --name <new_service_provider_name> --role contributor --scope /subscriptions/<subscription_id>` |
Comment on lines
+884
to
+889
| If you have permission to create service principle, you will get a json string as below | ||
|
|
||
| `"appId": "<app_id>", | ||
| "displayName": "<new_service_provider_name>", | ||
| "password": "<password>", | ||
| "tenant": "72f988bf-86f1-41af-91ab-2d7cd011db47"` |
There was a problem hiding this comment.
Suggested change
| If you have permission to create service principle, you will get a json string as below | |
| `"appId": "<app_id>", | |
| "displayName": "<new_service_provider_name>", | |
| "password": "<password>", | |
| "tenant": "72f988bf-86f1-41af-91ab-2d7cd011db47"` | |
| If you have permission to create service principle, you will get a json string as such: | |
| `"appId": "<app_id>", | |
| "displayName": "<new_service_provider_name>", | |
| "password": "<password>", | |
| "tenant": "<tenant_id>"` |
| https://ms.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps | ||
|
|
||
| Then you need to add a client secret using Clients & Secrets. You need to get the appId and client secret value | ||
| and update AZURE_SP and AZURE_SP_PASSWORD environment variables on CircleCI with the new appId and client secret value |
There was a problem hiding this comment.
Suggested change
| and update AZURE_SP and AZURE_SP_PASSWORD environment variables on CircleCI with the new appId and client secret value | |
| and update AZURE_SP and AZURE_SP_PASSWORD environment variables on CircleCI with the new appId and client secret value |
|
Please also not forget to check the preview of the README using the link below, to see how it would look like after merging your pr: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.