Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: switch to OIDC Federation for Azure #60

Merged
merged 1 commit into from
Sep 13, 2024
Merged

ci: switch to OIDC Federation for Azure #60

merged 1 commit into from
Sep 13, 2024

Conversation

adamconnelly
Copy link
Contributor

@adamconnelly adamconnelly commented Sep 13, 2024
edited
Loading

Description of the change

Updating the packer build for Azure to use OIDC Federation instead of a static credential.

I've updated the CI build to have valid credentials for a service principal. This new SP has no access to anything - I've just added it to allow the packer validate step to work. I've also just hard-coded the client IDs into the actions on the grounds that they aren't credentials and don't need to be in secrets.

Type of change

  • Bug fix (non-breaking change that fixes an issue);
  • New feature (non-breaking change that adds functionality);
  • Breaking change (fix or feature that would cause existing functionality to not work as expected);
  • Documentation (a documentation or example fix not affecting the infrastructure managed by this module);
  • Other;

Checklists

Development

  • All necessary variables have been defined, with defaults if applicable;
  • The HCL code is formatted;
  • An AMI has been created in some AWS account, and the AMI is working as expected;

Code review

  • This pull request has a descriptive title and information useful to a reviewer. There may be a screenshot or screencast attached;
  • This pull request is no longer marked as "draft";
  • Reviewers have been assigned;
  • Changes have been reviewed by at least one other engineer;

@adamconnelly adamconnelly force-pushed the adamc/use-federated-credentials-for-azure branch from 57f2312 to 655e060 Compare September 13, 2024 15:45
@adamconnelly adamconnelly marked this pull request as ready for review September 13, 2024 15:46
@adamconnelly adamconnelly requested a review from a team as a code owner September 13, 2024 15:46
@adamconnelly
ci: switch to OIDC Federation for Azure
be1543b 
Updating the packer build for Azure to use OIDC Federation instead of a static credential.

I've updated the CI build to have valid credentials for a service principal. This new SP has no access to anything - I've just added it to allow the packer validate step to work. I've also just hard-coded the client IDs into the actions on the grounds that they aren't credentials and don't need to be in secrets.
@adamconnelly adamconnelly force-pushed the adamc/use-federated-credentials-for-azure branch from 655e060 to be1543b Compare September 13, 2024 15:51
@peterdeme
Copy link
Collaborator

👏

@adamconnelly adamconnelly merged commit 705ad34 into main Sep 13, 2024
3 checks passed
@peterdeme peterdeme deleted the adamc/use-federated-credentials-for-azure branch September 13, 2024 15:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peterdeme peterdeme peterdeme approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adamconnelly @peterdeme