-
Notifications
You must be signed in to change notification settings - Fork 15
Support for service principal authentication #21
Comments
Thanks for raising this @karolz-ms! I've added it to our backlog. |
Thanks for the proposal. Actually we looked at Service provider login for our CI as well. |
Discussing this a bit further with @nebuk89, we'll include this in the CLI with the limitation that Service Principal login will obtain only an access token and no refresh token, the user will need to manually re-login when the token expires. This should not be an issue for CI use cases. |
Makes sense, thanks Guillaume! I found this doc, which suggests that client credentials flow can only produce an access token, and not a refresh token https://docs.microsoft.com/en-us/azure/active-directory/develop/security-tokens#how-each-flow-emits-tokens-and-codes Like you said, this is sufficient for CI scenario |
Available since v0.1.12, using |
In order to use Docker CLI integration with ACI in CI/CD scenarios,
docker login azure
should support authentication using service principal name/password (a.k.a. application ID/secret).Sample scenario (using Azure CLI): https://docs.microsoft.com/en-us/azure/container-instances/container-instances-github-action
This is how equivalent Azure CLI command looks like:
# Log in with a service principal using client secret. Use -p=secret if the first character of the password is '-'. az login --service-principal -u http://azure-cli-2016-08-05-14-31-15 -p VerySecret --tenant contoso.onmicrosoft.com
I believe the relevant Azure Golang SDK method to get the token is acquireTokenClientSecretFlow: https://github.com/Azure/go-autorest/blob/master/autorest/adal/cmd/adal.go#L120
The text was updated successfully, but these errors were encountered: