Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
l
limited-carpenter-34991
05/28/2020, 12:18 PMHi, how can i create a client secret from a service principal?
a
ancient-megabyte-79588
05/28/2020, 3:52 PMconst adApp = new azuread.Application("aksApplication");
export const adAppId = adApp.applicationId;
const password = "something_you_create";
const adSp = new azuread.ServicePrincipal("aksApplicationSp", { applicationId: adApp.applicationId });
export const adSpId = adSp.id;
const adSpPassword:any = new azuread.ServicePrincipalPassword("aksSpPassword", {
servicePrincipalId: adSpId,
value: password,
endDate: "2099-01-01T00:00:00Z"
});l
limited-carpenter-34991
05/29/2020, 9:53 AM// Create an Azure Resource Group
var resourceGroup = new ResourceGroup("dev");
var config = new Pulumi.Config();
var clientConfig = Output.Create(GetClientConfig.InvokeAsync());
var tenantId = clientConfig.Apply(c => c.TenantId);
//var currentPrincipal = clientConfig.Apply(c => c.ObjectId);
//// Create an Azure Storage Account
var storageAccount = new Account("dev", new AccountArgs
{
ResourceGroupName = resourceGroup.Name,
AccountReplicationType = "LRS",
AccountTier = "Standard"
});
//// Create an Azure Storage Container
var container = new Container("state", new ContainerArgs
{
StorageAccountName = storageAccount.Name,
ContainerAccessType = "private"
});
var blob = new Blob("state-dev", new BlobArgs
{
StorageAccountName = storageAccount.Name,
StorageContainerName = container.Name,
Type = "Block",
Source = new FileAsset("./state/.pulumi/stacks/state-dev.json")
});
var keyVault = new KeyVault("dev", new KeyVaultArgs
{
ResourceGroupName = resourceGroup.Name,
SkuName = "standard",
TenantId = tenantId,
});
var application = new Application("dev");
var servicePrincipal = new ServicePrincipal("dev-sp", new ServicePrincipalArgs
{
ApplicationId = application.ApplicationId,
});
var randomPassowrd = new RandomPassword("principal-key", new RandomPasswordArgs
{
Length = 20,
Special = true,
}).Result;
var servicePrincipalPassword = new ServicePrincipalPassword("principal-key", new ServicePrincipalPasswordArgs
{
ServicePrincipalId = servicePrincipal.Id,
EndDate = "2099-01-01T00:00:00Z",
Value = randomPassowrd,
});
var keyVaultPrincipalSecret = new Secret("principal-key", new SecretArgs
{
KeyVaultId = keyVault.Id,
Value = servicePrincipalPassword.Value,
});
var roleAssignment = new Assignment("role-assignment", new AssignmentArgs
{
PrincipalId = servicePrincipal.Id,
Scope = resourceGroup.Id,
RoleDefinitionName = "Contributor"
});b
better-rainbow-14549
05/29/2020, 12:24 PMdo you mean its empty in the azure portal?
if you browse to the App Registration in AAD you should see it listed in the Client Secrets
it won't populate any properties on the servicePrincipal object in pulumi, when you come to use it you'll have to pass the servicePrincipalPassword object around
l
limited-carpenter-34991
05/29/2020, 3:16 PMproblem solved
i had to deploy the ApplicationPassword
then client secret isn't empty