apiops
apiops copied to clipboard
Published
20 hours ago •
Azure
Azure
Managed Identity support for API Ops Github Actions
Release version
v6.0.1.7
Question Details
Can I use managed Identity with API Ops and avoid a Client Secret with Github? I
Expected behavior
remove the requirement of using a client secret.
Actual behavior
configure github with federated credentials to a user assigned managed identity and allow the token to be passed without the need for client secret.
Reproduction Steps
- deploy user assigned identity
- create federated credential for the API Ops repo. Use a subject for the environment.
- update the extractor pipeline to grab a token from azure.
- pipeline should successfully execute.
Thank you for opening this issue! Please be patient while we will look into it and get back to you as this is an open source project. In the meantime make sure you take a look at the [closed issues](https://github.com/Azure/apiops/issues?q=is%3Aissue+is%3Aclosed) in case your question has already been answered. Don't forget to provide any additional information if needed (e.g. scrubbed logs, detailed feature requests,etc.).
Whenever it's feasible, please don't hesitate to send a Pull Request (PR) our way. We'd greatly appreciate it, and we'll gladly assess and incorporate your changes.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@jblaaa-codes & @samuelchong - I would suggest doing the following:
- Set up your federated credentials
- In your GitHub action workflow, add a step to log on to Azure
- Run the extractor (and publisher) using the Azure CLI instead of a simple bash script.
- Make sure no AZURE_BEARER_TOKEN environment variable is passed to the extractor/publisher, as this will take precedence over the Azure CLI credentials.
