terraform-provider-azapi icon indicating copy to clipboard operation
terraform-provider-azapi copied to clipboard

Published 20 hours ago verified publisher icon Azure

Support for OIDC Authentication

Open ms-henglu opened this issue 3 years ago • 6 comments

Use OpenID Connect within your workflows to authenticate with Azure.

Blocked by https://github.com/Azure/azure-sdk-for-go/issues/15615

doc: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure similar issue: https://github.com/hashicorp/terraform-provider-azurerm/issues/16554

ms-henglu avatar May 06 '22 01:05 ms-henglu

https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/azidentity doesn't support OIDC yet.

Roadmap: https://github.com/Azure/azure-sdk-for-go/issues/16728

ms-henglu avatar May 06 '22 05:05 ms-henglu

Helper already available via https://github.com/hashicorp/go-azure-helpers/pull/115

Terraform 1.2.0 introduced support for backend authentication OIDC as well

petrsx avatar May 20 '22 09:05 petrsx

@ms-henglu can you check if you can progress with this issue? Looks like the dependency has been closed https://github.com/Azure/azure-sdk-for-go/issues/16728

LaurentLesle avatar Jun 03 '22 01:06 LaurentLesle

Just got blocked by this as we're using OIDC for GitHub Actions on a new project.

We're setting the ARM_USE_OIDC environment variable, as used by azurerm provider & backend to enable the feature, so if you end up needing a switch to turn this on, if you could utilise an environment variable like that (in addition to whatever properties you decide on the provider itself), that would be fab. Many thanks.

jamescrowley avatar Jun 05 '22 17:06 jamescrowley

@LaurentLesle - Thanks! I just checked again, it seems they're tracking this feature by https://github.com/Azure/azure-sdk-for-go/issues/15615 according to https://github.com/Azure/azure-sdk-for-go/issues/16728#issuecomment-1119759637.

ms-henglu avatar Jun 06 '22 01:06 ms-henglu

Any news on that feature ?

ghost avatar Oct 04 '22 09:10 ghost

Does it make sense to provide a temporarily solution based on the upcoming release, with the workaround described here https://github.com/Azure/azure-sdk-for-go/issues/15615#issuecomment-1211012677? @ms-henglu would you be interested in this as a contribution from the community?

dschniepp avatar Nov 02 '22 18:11 dschniepp

Hi @dschniepp ,

Thanks for the suggestion! I'll give it a try when the azidentity v1.2.0 stable version released in the next week.

ms-henglu avatar Nov 03 '22 02:11 ms-henglu

Thanks, @ms-henglu if you need support feel free to loop me in.

dschniepp avatar Nov 03 '22 07:11 dschniepp

@grayzu was this planned for 1.1? looks like it didn't make it?

AdamCoulterOz avatar Nov 29 '22 10:11 AdamCoulterOz

Hi all,

This feature has been released in v1.3.0. More details can be found here: https://registry.terraform.io/providers/Azure/azapi/latest/docs/guides/service_principal_oidc

I'll close this issue but feel free to reopen it if there's any further question.

ms-henglu avatar Jan 30 '23 03:01 ms-henglu