little-library-5460106/23/2023, 2:42 PM
step is failing in one of my github action jobs. It's for what we call our UAT environment, and the equivalent azure/login is working for Dev and Test. In fact, if I put in the "Test" credentials for the UAT action, the login succeeds. We're using the old-school service principal credentials (vs. OIDC). The credentials are in the form of that chunk of json that the
command returns. And, importantly, the individual values from within that json are used for the Pulumi job (ARM_CLIENT_ID, ARM_CLIENT_SECRET, ARM_TENANT_ID, ARM_SUBSCRIPTION_ID). The immediate response would rightly be: well the UAT credentials must be wrong. And that would be my response. But I use the same credentials in the Pulumi job within the same workflow, and they work. Granted, for Pulumi, the client ID, client secret, subscription ID, and tenant ID are used as discrete values - whereas in the failing job they're part of that chunk of json. But the same approach works w/o issue for Dev and Test (discrete values for the Pulumi job, json for the azure/login). So I'm lost as to how to proceed. Seemed worth at least asking.
az ad sp create-for-rbac...
command was sent to me via Outlook secure email. Visually the test and uat json look identical, save the values for client ID and client secret. So I pasted the uat client ID and secret into the test json and updated the github secret. That worked. Talk about inscrutable. Sorry to bother you all.
az ad sp...
melodic-tomato-3900506/23/2023, 3:34 PM