README: add Azure configuration docs

coreos · Jul 11, 2019 · f9bd137 · f9bd137
1 parent 499ed4a
commit f9bd137
Showing 1 changed file with 35 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -199,7 +199,7 @@ Plume release handles this as well, so it does not need to be run as part of
 the release process.
 
 ## Platform Credentials
-Each platform reads the credentials it uses from different files. The `aws`, `do`, `esx` and `packet`
+Each platform reads the credentials it uses from different files. The `aws`, `azure`, `do`, `esx` and `packet`
 platforms support selecting from multiple configured credentials, call "profiles". The examples below
 are for the "default" profile, but other profiles can be specified in the credentials files and selected
 via the `--<platform-name>-profile` flag:
@@ -231,7 +231,40 @@ sudo emerge --ask awscli
 ```
 
 ### azure
-TBD (FIXME)
+`azure` uses `~/.azure/azureProfile.json`. This can be created using the `az` [command](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli):
+```
+$ az login`
+```
+It also requires that the environment variable `AZURE_AUTH_LOCATION` points to a JSON file (this can also be set via the `--azure-auth` parameter). The JSON file will require a service provider active directory account to be created.
+
+Service provider accounts can be created via the `az` command (the output will contain an `appId` field which is used as the `clientId` variable in the `AZURE_AUTH_LOCATION` JSON):
+```
+az ad sp create-for-rbac
+```
+
+The client secret can be created inside of the Azure portal when looking at the service provider account under the `Azure Active Directory` service on the `App registrations` tab.
+
+You can find your subscriptionId & tenantId in the `~/.azure/azureProfile.json` via:
+```
+cat ~/.azure/azureProfile.json | jq '{subscriptionId: .subscriptions[].id, tenantId: .subscriptions[].tenantId}'
+```
+
+The JSON file exported to the variable `AZURE_AUTH_LOCATION` should be generated by hand and have the following contents:
+```
+{
+  "clientId": "<service provider id>", 
+  "clientSecret": "<service provider secret>", 
+  "subscriptionId": "<subscription id>", 
+  "tenantId": "<tenant id>", 
+  "activeDirectoryEndpointUrl": "https://login.microsoftonline.com", 
+  "resourceManagerEndpointUrl": "https://management.azure.com/", 
+  "activeDirectoryGraphResourceId": "https://graph.windows.net/", 
+  "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/", 
+  "galleryEndpointUrl": "https://gallery.azure.com/", 
+  "managementEndpointUrl": "https://management.core.windows.net/"
+}
+
+```
 
 ### do
 `do` uses `~/.config/digitalocean.json`. This can be configured manually: