azure/login
1
0
Fork 0
mirror of https://github.com/azure/login.git synced 2026-03-12 18:07:08 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update Readme to improve examples for hand crafting credentials (#140)

Browse Source 
The clientSecret is not a GUID, and this being labelled as such caused confusion when I tried to manually add a client secret and was met with a SecretId which was a GUID and a SecretValue which was not a GUID. Using the SecretId GUID from the Azure UI would not work.

Also, resourceManagerEndpointUrl was required but not shown in any examples. 

Finally, the value for it was hard to determine, as using several azure cli commands did not display it.

Co-authored-by: Kanika Pasrija <58769601+kanika1894@users.noreply.github.com>
This commit is contained in:
Sean MacKay
2021-09-20 06:30:25 -03:00
committed by GitHub
parent f8979b3393
commit 6bc1b5ecb9
1 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
README.md
View File

@@ -171,7 +171,7 @@ The following steps describe how to create the service principal, assign the rol
```json
{
"clientId": "<GUID>",
"clientSecret": "<GUID>",
"clientSecret": "<CLIENT_SECRET_VALUE>",
"subscriptionId": "<GUID>",
"tenantId": "<GUID>",
(...)
@@ -183,7 +183,7 @@ The following steps describe how to create the service principal, assign the rol
NOTE: While adding secret `AZURE_CREDENTIALS` make sure to add like this
{"clientId": "<GUID>",
"clientSecret": "<GUID>",
"clientSecret": "<CLIENT_SECRET_VALUE>",
"subscriptionId": "<GUID>",
"tenantId": "<GUID>",
(...)}
@@ -192,7 +192,7 @@ NOTE: While adding secret `AZURE_CREDENTIALS` make sure to add like this
{
"clientId": "<GUID>",
"clientSecret": "<GUID>",
"clientSecret": "<CLIENT_SECRET_VALUE>",
"subscriptionId": "<GUID>",
"tenantId": "<GUID>",
(...)
@@ -212,6 +212,18 @@ However, a simple workaround for users who need this option can be:
creds: '{"clientId":"${{ secrets.CLIENT_ID }}","clientSecret":"${{ secrets.CLIENT_SECRET }}","subscriptionId":"${{ secrets.SUBSCRIPTION_ID }}","tenantId":"${{ secrets.TENANT_ID }}"}'
```
In a similar way, any additional parameter can be addded to creds such as resourceManagerEndpointUrl for Azure Stack, for example.
NOTE: If you want to hand craft your JSON object instead of using the output from the CLI command (for example, after using the UI to create the App Registration and Role assignment) the following fields are required:
```json
{
"clientId": "<GUID>",
"tenantId": "<GUID>",
"clientSecret": "<CLIENT_SECRET_VALUE>",
"subscriptionId": "<GUID>",
"resourceManagerEndpointUrl": "<URL>}
```
The resourceManagerEndpointUrl will be `https://management.azure.com/` if you are using the public azure cloud.
## Support for using `allow-no-subscriptions` flag with az login
Capability has been added to support access to tenants without subscriptions. This can be useful to run tenant level commands, such as `az ad`. The action accepts an optional parameter `allow-no-subscriptions` which is `false` by default.