dry-secretary-46556
03/27/2024, 4:14 PMazuread provider
.
My stack is able to run without issues when authenticating via az login
. However, when I try to authenticate via service principal I get the following error: * A Subscription ID must be configured when authenticating as a Service Principal using a Client Secret.
.
I added the subscription ID to my pulumi config like so azuread:subscriptionId: aaaabbbb-abba-aaaa-bbbb-aaa111bbbbb
. I then get the following error: could not validate provider configuration: 1 error occurred: * Invalid or unknown key
.
It seems like the azuread provider is missing the subscriptionId
key to properly authenticate via service principal.
Some reference docs, any help would be appreciated!
https://www.pulumi.com/registry/packages/azuread/installation-configuration/#authenticate-using-a-service-principal
https://www.pulumi.com/registry/packages/azuread/api-docs/provider/fast-sandwich-30809
03/27/2024, 7:17 PMfast-sandwich-30809
03/27/2024, 7:20 PMtenantId
and clientId
from environment variables, and subscriptionId
from an argumentfast-sandwich-30809
03/27/2024, 7:23 PMtenantId
? Theoretically that should be all it needs to find what to auth againstdry-secretary-46556
03/27/2024, 7:25 PMazuread:tenantId
, azuread:clientId
, and azuread:clientSecret
configured but it still complains about a missing subscription ID.adventurous-butcher-54166
04/03/2024, 2:53 PMARM_SUBSCRIPTION_ID
env var
• Or az login --allow-no-subscriptions --tenant "<your tenant id>"
If not maybe you could use ServicePrincipalPassword - which btw is not the same as ApplicationPassword (client credentials). Haven't tested the SP PWD myself though and I believe this password is not available in the portal.dry-secretary-46556
04/03/2024, 3:58 PMARM_SUBSCRIPTION_ID
env var works, however I am trying to avoid this because it makes deployments more difficult for us and each developer would have to set this variable in this local stack to run Pulumi. Is there a way to programmatically set the env vars when I run pulumi up -y
so that no additional shell commands needed to be run for the stack to provision?
How would I authenticate the azuread provider using ServicePrincipalPassword? I cant find documentation on this.adventurous-butcher-54166
04/03/2024, 4:13 PMpulumi-azure-native
and pulumi-azuread
.
• Expose the env var and import the ESC environment in you Pulumi.stack.yaml – not sure if Pulumi only picks up the stack config scope or also env vars without running via esc run pulumi up
I'm not sure about ServicePrincipalPassword as I've never used that myself.adventurous-butcher-54166
04/03/2024, 4:15 PMadventurous-butcher-54166
04/03/2024, 4:16 PMenvironment:
- <your ESC environment name>
dry-secretary-46556
04/03/2024, 7:24 PM