stackoom
  简体   繁体   中英

Authenticate with Azure using service principle in Pulumi

 原文  2021-02-19 13:01:32       azure/ pulumi

Question

I have a Pulumi - program which works fine on my Dev-Machine. Configuarion is stored in Azure, also the Resources created are being stored in Azure.

To run this I set the following environment variables:

SET ARM_SUBSCRIPTION_ID=<id>

Locally I login to Azure using az login which then asks me for my credentials. After that I can use pulumi up to update changes in Azure. This all works without any issues.

Now I want to achieve the same thing in Azure Devops using a release-pipeline. I use the "Azure CLI"- Task with correctly configured ARM-Connection. The task contains pulumi up -s develop --yes (where "develop" is my pulumi-stack)

I can see in the logs that the Azure-login works as expected, but pulumi throws the following error: error:

Error building AzureRM Client: Authenticating using the Azure CLI is only supported as a User (not a Service Principal). To authenticate to Azure using a Service Principal, you can use the separate 'Authenticate using a Service Principal' auth method - instructions for which can be found here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret

While the error is quite clear and even contains a url to a solution to solve this: This does not really help me because I do not use terraform directly but pulumi instead.

TL;DR: How do I confgure pulumi cli to use a service principal authentication with Azure?

2 answers

solution1
 2 ACCPTED  2021-02-19 13:27:54

There are two options to configure Pulumi to authenticate with a Service Principal:

  1. Set the environment variables ARM_CLIENT_ID , ARM_CLIENT_SECRET , ARM_TENANT_ID , and ARM_SUBSCRIPTION_ID , or

  2. Set them using configuration

    pulumi config set azure:clientId <clientID> pulumi config set azure:clientSecret <clientSecret> --secret pulumi config set azure:tenantId <tenantID> pulumi config set azure:subscriptionId <subscriptionId>

Reference: Service Principal Authentication

solution2
 0  2023-01-12 21:36:27

If you are usign azure-native package instead of azure try azure-native . Ie 

pulumi config set azure-native:clientId <clientID>
pulumi config set azure-native:clientSecret <clientSecret> --secret
pulumi config set azure-native:tenantId <tenantID>
pulumi config set azure-native:subscriptionId <subscriptionId>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Authenticate to multiple Azure services using Service Principle (.net Core) Authenticate Azure Table storage from ADF using Service Principle or Managed Identity Error deploying existing App Service using Pulumi.Azure Assign App Service - Identity to KeyVault in Azure using Pulumi Azure Service Principle Azure - authenticating to KeyVault using Service Principle returns an Unauthorized exception Pulumi Azure: Get Service Principal ObjectId Is it possible to create an Azure Service Principal with the Pulumi? Retrieving Azure Service Principle Certificate Azure DevOps - Service Principle Not Working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM