Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use creds in module args when auth_source is auto #1010

Merged
merged 1 commit into from
May 30, 2023
Merged

Use creds in module args when auth_source is auto #1010

merged 1 commit into from
May 30, 2023

Conversation

markscottwright
Copy link
Contributor

@markscottwright markscottwright commented Oct 31, 2022
edited

SUMMARY

When service principals are specified in the module arguments (subscription_id, tenant, client_id, secret) and auth_type is auto, azure_rm_keyvaultkey, azure_rm_keyvaultkey_info, azure_rm_keyvaultsecret, azure_rm_keyvaultsecret_info first attempted to use credentials from env and the disk and only use the specified credentials if not found.

Fixes #1009

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

azure_rm_keyvaultkey
azure_rm_keyvaultkey_info
azure_rm_keyvaultsecret
azure_rm_keyvaultsecret_info

ADDITIONAL INFORMATION

To reproduce, specify a service principal in cloud-config-azure.ini and run:

`ansible-test integration azure_rm_keyvaultsecret --allow-destructive`

The test will succeed. Then, do an az login and re-run the above command. The test will fail. Delete your cached credentials:

`rm ~/.azure/msal_token_cache.json`

Run the test again. The test will succeed.

Use creds in module args when auth_source is auto
36a21f4 
When service principals are specified in the module arguments
(subscription_id, tenant, client_id, secret) and auth_type is auto,
azure_rm_keyvaultkey, azure_rm_keyvaultkey_info,
azure_rm_keyvaultsecret, azure_rm_keyvaultsecret_info first attempted to
use credentials from env and the disk and only use the specified
credentials if not found.

To reproduce, specify a service principal in `cloud-config-azure.ini`
and run:

    `ansible-test integration azure_rm_keyvaultsecret --allow-destructive`

The test will succeed.  Then, do an `az login` and re-run the above
command.  The test will fail.  Delete your cached credentials:

    `rm ~/.azure/msal_token_cache.json`

Run the test again. The test will succeed.

c.f. ansible-collections#1009
@Fred-sun Fred-sun added medium_priority Medium priority work in In trying to solve, or in working with contributors labels Nov 24, 2022
@Fred-sun Fred-sun added ready_for_review The PR has been modified and can be reviewed and merged and removed work in In trying to solve, or in working with contributors labels May 18, 2023
@xuzhang3
Copy link
Collaborator

@markscottwright LGTM 🚢

@xuzhang3 xuzhang3 merged commit 9228c26 into ansible-collections:dev May 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xuzhang3 xuzhang3 xuzhang3 approved these changes

Assignees

@xuzhang3 xuzhang3

Labels
medium_priority Medium priority ready_for_review The PR has been modified and can be reviewed and merged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

azure_rm_keyvaultsecret doesn't reliably allow specified credentials
3 participants
@markscottwright @xuzhang3 @Fred-sun