https://pulumi.com logo
Join Slack
Powered by
Hi, how can i create a client secret from a servic...
# azure
l
Hi, how can i create a client secret from a service principal?
a
Copy code
const adApp = new azuread.Application("aksApplication");
export const adAppId = adApp.applicationId;

const password = "something_you_create";
const adSp = new azuread.ServicePrincipal("aksApplicationSp", { applicationId: adApp.applicationId });
export const adSpId = adSp.id;

const adSpPassword:any = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: adSpId,
    value: password,
    endDate: "2099-01-01T00:00:00Z"
});
Is this what you are looking for?
l
Copy code
// Create an Azure Resource Group
        var resourceGroup = new ResourceGroup("dev");
        var config = new Pulumi.Config();

        var clientConfig = Output.Create(GetClientConfig.InvokeAsync());
        var tenantId = clientConfig.Apply(c => c.TenantId);
        //var currentPrincipal = clientConfig.Apply(c => c.ObjectId);

        //// Create an Azure Storage Account
        var storageAccount = new Account("dev", new AccountArgs
        {
            ResourceGroupName = resourceGroup.Name,
            AccountReplicationType = "LRS",
            AccountTier = "Standard"
        });

        //// Create an Azure Storage Container
        var container = new Container("state", new ContainerArgs
        {
            StorageAccountName = storageAccount.Name,
            ContainerAccessType = "private"
        });

        var blob = new Blob("state-dev", new BlobArgs
        {
            StorageAccountName = storageAccount.Name,
            StorageContainerName = container.Name,
            Type = "Block",
            Source = new FileAsset("./state/.pulumi/stacks/state-dev.json")
        });



        var keyVault = new KeyVault("dev", new KeyVaultArgs
        {
            ResourceGroupName = resourceGroup.Name,
            SkuName = "standard",
            TenantId = tenantId,
        });



        var application = new Application("dev");
        var servicePrincipal = new ServicePrincipal("dev-sp", new ServicePrincipalArgs
        {
            ApplicationId = application.ApplicationId,
        });

        var randomPassowrd = new RandomPassword("principal-key", new RandomPasswordArgs
        {
            Length = 20,
            Special = true,
        }).Result;

        var servicePrincipalPassword = new ServicePrincipalPassword("principal-key", new ServicePrincipalPasswordArgs
        {
            ServicePrincipalId = servicePrincipal.Id,
            EndDate = "2099-01-01T00:00:00Z",
            Value = randomPassowrd,
        });
        
        var keyVaultPrincipalSecret = new Secret("principal-key", new SecretArgs
        {
            KeyVaultId = keyVault.Id,
            Value = servicePrincipalPassword.Value,
        });

        var roleAssignment = new Assignment("role-assignment", new AssignmentArgs
        {
            PrincipalId = servicePrincipal.Id,
            Scope = resourceGroup.Id,
            RoleDefinitionName = "Contributor"
     });
I used this, but the service principal clientSecret is still empty. What i'm doeing wrong? Can help me to fix this ?
b
do you mean its empty in the azure portal?
if you browse to the App Registration in AAD you should see it listed in the Client Secrets
it won't populate any properties on the servicePrincipal object in pulumi, when you come to use it you'll have to pass the servicePrincipalPassword object around
l
problem solved
i had to deploy the ApplicationPassword
then client secret isn't empty
3 Views
Open in Slack
PreviousNext
Powered by