Suggest minor doc edit : https://github.com/sassoftware/viya4-iac-azure/blob/main/docs/user/AzureHelpTopics.md#how-to-create-a-service-principal-using-the-azure-cli

Question

Suggest minor doc edit : https://github.com/sassoftware/viya4-iac-azure/blob/main/docs/user/AzureHelpTopics.md#how-to-create-a-service-principal-using-the-azure-cli

SundareshSankaran opened this issue 2 years ago · 0 comments

Terraform Version Details

NA (relates to doc abt Azure)

https://github.com/sassoftware/viya4-iac-azure/blob/main/docs/user/AzureHelpTopics.md#how-to-create-a-service-principal-using-the-azure-cli

Terraform Variable File Details

NA (relates to doc abt Azure)

Steps to Reproduce

Command to store the Client ID of a service principal in Azure to an environment variable is either confusing, or may result in an error.


TF_VAR_client_id=$(az ad sp show --id http://$USER --query appId --output tsv)

az ad sp show requires an ID as a parameter. However, the ID may not be known to the user yet (as the SP is created only in a step above).

Instead, I suggest using az ad sp list. (See Expected Behaviour section)

Expected Behavior

Suggestion : Use az ad sp list with the name of the service principal as a parameter (displayName) to make it easier for the user to retrieve and use the id (appId).

There may be variants / alternative methods, but here's an example shell script I've written, which follows a course of action similar to the steps provided on the page.

#create service principal.sh

# Parameters:
# 1 = name of subscription
# 2 = desired name for service principal

SP_Name=$2
az account set -s $1
TF_VAR_tenant_id=$(az account show --query 'tenantId' --output tsv)
TF_VAR_subscription_id=$(az account show --query 'id' --output tsv)

TF_VAR_client_secret=$(az ad sp create-for-rbac --role "Contributor" --scopes="/subscriptions/$TF_VAR_subscription_id" --name $SP_Name --query password --output tsv)
TF_VAR_client_id=$(az ad sp list --display-name $SP_Name --query "[0].appId"|sed -e 's/^"//' -e 's/"$//')

echo "Client ID: $TF_VAR_client_id"
echo "Client Secret: $TF_VAR_client_secret"

echo "TF_VAR_tenant_id=$TF_VAR_tenant_id" > "$HOME/.azure_creds_terraform_test.env"
echo "TF_VAR_subscription_id=$TF_VAR_subscription_id" >> "$HOME/.azure_creds_terraform_test.env"
echo "TF_VAR_client_id=$TF_VAR_client_id" >> "$HOME/.azure_creds_terraform_test.env"
echo "TF_VAR_client_secret=$TF_VAR_client_secret" >> "$HOME/.azure_creds_terraform_test.env"

chmod 0600 "$HOME/.azure_creds_terraform_test.env"
cp $HOME/.azure_creds_terraform_test.env $HOME/.azure_creds_$1.env

Actual Behavior

I've masked my sandbox and SP name.

sinsrn@mld420 xx-sandbox % TF_VAR_client_id=$(az ad sp show --id xxxx-sandbox --query appId --output tsv)
ERROR: Service principal 'xxxx-sandbox' doesn't exist

Additional Context

Apologies, the issue template assumes Terraform-related while my suggestion is a minor document edit (relating to steps for Azure CLI). I was unsure whether this minor edit needed a PR or issue.

References

No response

Code of Conduct

I agree to follow this project's Code of Conduct