--sdk-auth has been depricated

[petetnt]

Similar to Azure/github#152, the --sdk-auth parameter recommended in the README has been deprecated. Root issue is at Azure/azure-cli#20743

See https://github.com/Azure/webapps-deploy#configure-deployment-credentials-1 on how it's used.

There should be new instructions how to translate the values output by the command without the flag to ones needed by @azure/webapps-deploy, or there should be a new version of @azure/webapps-deploy published that uses appId, name and password instead.

[petetnt]

FWIW the documentation change could be something like this::

When complete, the az ad sp create-for-rbac command displays JSON output in the following form:

{
   "appId": "00000000-0000-0000-0000-000000000000",
   "displayName": "azure-cli-2017-06-05-10-41-15",
   "name": "http://azure-cli-2017-06-05-10-41-15",
   "password": "0000-0000-0000-0000-000000000000",
   "tenant": "00000000-0000-0000-0000-000000000000"
}

In your repository, use Add secret to create a new secrets called AZURE_APP_ID, AZURE_PASSWORD, AZURE_TENANT_ID and your subscription ID as AZURE_SUBSCRIPTION_ID (as shown in the example > workflow), or using whatever name is in your workflow file and save the secrets. Then you can use them with @azure/login's with: creds or env block, for example:

     - uses: azure/login@v1
       with:
         creds: |
           {
             "clientId": "${{ secrets.AZURE_APP_ID }}",
             "clientSecret":  "${{ secrets.AZURE_PASSWORD }}",
             "subscriptionId": "${{ secrets.AZURE_SUBSCRIPTION_ID }}",
             "tenantId": "${{ secrets.AZURE_TENANT_ID }}"
           }

[github-actions]

This issue is idle because it has been open for 14 days with no activity.

[github-actions]

This issue is idle because it has been open for 14 days with no activity.

[shpraka]

@petetnt are you facing any issues with the steps mentioned here: https://github.com/Azure/login#configure-a-service-principal-with-a-secret?

[petetnt]

Hi @shpraka, configuring a service principal with a secret does work, but still it complains about --sdk-auth parameter being deprecated (as per Azure/azure-cli#20743) as the docs there state:

Note: The above az ad sp create-for-rbac command will give you the --sdk-auth deprecation warning. As we are working with CLI for this deprecation process, we strongly recommend users to use this --sdk-auth flag as the result dictionary output changes and not accepted by login action if --sdk-auth is not used.

This is just painful for the end users, I think the real solution would be to unify these with the whole Azure ecosystem 🤷

[shpraka]

@petetnt I understand and agree with the pain you're facing. Since we are dependent on Azure/login, we will have to wait if they share some new instructions for the same.

[shpraka]

@petetnt I am closing this issue for now feel free to re-open or create new one in case you ran into any issues.