Is there a way to have Pulumi yml interact with Az...
# azures
swift-apple-26877
08/23/2022, 10:31 AMIs there a way to have Pulumi yml interact with Azure using Azure-Login?
It works now by specifically adding each property of Azure credentials (Tenant ID, Sub ID, App ID, Cleint Secret) but to save space and time I wonder if this would work with Azure Login (with one GitHub secret for AZURE_CREDENTIALS) instead?
d
damp-honey-93158
08/29/2022, 11:52 AMHi - we use the current az cli credentials during dev, and split out the AZURE_SUBSCRIPTION parts during pipeline runs. The key is that our pulumi config never specifies any client/secret/tenant credentials.
This in turn means all our devs require an az cli login, which makes sense for us - YMMV.
Is that what you meant? Happy to provide more details should you need it.
s
swift-apple-26877
09/06/2022, 10:40 AMThanks for the response John
Usually when I do GitHib Action deploys to Azure I can use the "Azure/Login" step to verifiy access
swift-apple-26877
09/06/2022, 10:44 AMThis uses a secret stored in GitHub Actions called "AZURE_CREDENTIALS" which contains the values of the "clientId", "clientSecret", "subscriptionId" and "tenantId"
It is saved this like:
{
"clientId": "xxx",
"clientSecret": "xxx",
"subscriptionId": "xxx",
"tenantId": "xxx"
}
I was just wondering if we could use the same approach in our pulumi yml for GitHub Actions
Right now I see it works by individually setting variables/secrets for those, but it might save time and space to have one "AZURE_CREDENTIALS" variable that uses the "Azure/Login" instead
swift-apple-26877
09/06/2022, 10:44 AMSo effectively this:
swift-apple-26877
09/06/2022, 10:45 AMWould become this:
swift-apple-26877
09/30/2022, 1:38 PM@happy-parrot-60128 FYI
h
happy-parrot-60128
09/30/2022, 4:54 PM10 Views