-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
method to get an access token with only curl and jq (without az cli) for remote pipelines #98
Comments
@DCMattyG We are also looking for something like this. We use Service principal for all automation and in our case we allocate IP address block. Would like to see how access can be granted to an SP which can get the token and reserve the IP address. Is this possible with the current implementation? |
Thank you @dejoost for the example above (and thank you @jeevanions for confirming the need here). I'm just looking for some clarification on the desired outcome from this open issue. Would you like me to add an official "example" with the above mechanism of retrieving a token via API (cURL or some other mechanism)? If so, is this something you'd like to see in the official docs, the examples folder, or both? Always appreciate the feedback, keep it coming! |
@DCMattyG I have gone through the documentation, and it is possible to get the token through CLI, but a user need to use their credentials to sign in to the CLI first to get the access token. Is there something like a Personal access token that we can generate from the IPAM application and use that to fire the IP reservation endpoint? It would make things simple in our automation script. |
@DCMattyG I figured out this. We use a SP (we call it as master SP) to provision these App Reg. Though this SP is not allowed to access the frontend application, it can invoke the backend API. Steps to do this
|
Hi @jeevanions, I believe you have what you need for this particular issue (based on the above). Would it be alright if we closed this issue and added your provided steps to our public documentation for others to reference moving forward? |
yes I have. Thank you |
Sorry for the delayed response. I'm actually hinting at extending the Terraform provider to not only work with an access token and also accept a service principal id and secret to authenticate against the API, similar to the azurerm provider. (and equally support this through env variables see here for examples: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret In the meantime it would not hurt to include examples for retrieving the token through az cli or the curl command I provided (powershell should also be possible instead of curl, didn't investigated that option though) |
And apologies @dejoost, I neglected to recognize that you were the one who created the issue, so definitely want to make sure you are satisfied before closing it out 😉 |
As this issue is quite old now I'm going to close it out. Just for completeness the "official" Azure IPAM provider for Terraform is available to all and can be found here: https://registry.terraform.io/providers/XtratusCloud/azureipam/latest/docs We'll be adding some additional documentation with examples into the official Azure IPAM documentation in the near future as well. Should you have any additional questions on this topic or need any additional support, please don't hesitate to re-open this issue or create or create a new one. We hope you're enjoying Azure IPAM! |
Is your feature request related to a problem? Please describe.
we have a Terraform Cloud setup with self hosted runners and we don't want to install az cli on them. This goes for all teams running this on remote agents (e.g. GH actions)
Describe the solution you'd like
providing a token to access IPAM engine without az cli dependency, only curl & jq
Additional context
code example:
The text was updated successfully, but these errors were encountered: