-
Notifications
You must be signed in to change notification settings - Fork 330
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support azure cli credentials with multiple subscription_id
s
#53
Support azure cli credentials with multiple subscription_id
s
#53
Conversation
Sadly, I'm currently a bit overwhelmed by these CI failures and I don't have the time to triage them. But cursory glance suggests that they have nothing to do with the changes in this pull request. |
@internetionals Thank you for your interest in ansible-colleciton-azure. Recently, azure-cli is converting the mechanism of using credentials. For the PR you submitted, we will consider merging after the mechanism is modified. |
@Fred-sun Thanks for the update, keep us posted :-) |
Hi @Fred-sun. Is there anywhere I can follow the progress on the azure-cli mechanism change? Where's that discussion happening? I'm quite interested in this pull request. |
Thank you for your pay attention on this. I'm sorry for not replying this question in time. I will ping Community developers to prioritize this PR tomorrow. Thank you very much! |
57c6057
to
3e1c870
Compare
@internetionals Can you help resolve the conflicting files? Thank you very much! |
@Fred-sun @internetionals I rebased in #195 and added/fixed up the docs. There are a few other small patches in there too. But I'm also happy to split those into separate PRs if you prefer. |
@Fred-sun @UnwashedMeme : I rebased my changes and included the doc-changes from my original pull request against the azure repository. The changes by @UnwashedMeme are a bit more extensive but also more comprehensive, those would be equally fine by me. |
Thanks for your udpate! I will test it! |
It has added by #195, closed this! |
The current example doesn't work since it's missing the name of the postgresql server and the disk size is invalid according to azure.
This is the same change I have a pull request for at the Ansible main repository, but it isn't entirely clear what the correct path for new changes is for the Azure Ansible modules.
See original pull request: ansible/ansible#65331
(and also: Azure/azure_preview_modules#358)
I also couldn't find the doc_fragments part from the original change, so this change doesn't update the documentation, which the original does.
Also relates to these issues/pull requests in the main Ansible repository:
Below is the text from the pull request against the main Ansible repository:
SUMMARY
When using credentials obtained from the azure cli only the default subscription can be used, even though the azure cli is authenticated for multiple subscriptions.
This change passes any optionally specified
subscription_id
(similar to how it's done forauth_source: msi
) along when requesting the azure cli credentials. If none is specified it falls back to the current behaviour of selecting the default subscription.The only other change that had to be made was in the
auth_source: auto
case where we would always assume that all credential information is passed using arguments whensubscription_id
is set. I changed this to check the fields that actually refer to specific credentials (namelyclient_id
(for service principals) andad_user
(for user names)). This way we still fall through to the azure cli method, eventhough onlysubscription_id
is explicitly set.Fixes ansible/ansible#63182
Fixes Azure/azure_preview_modules#321
This effectively fixes the same problem as ansible/ansible#48089 is trying to fix, only in a way that is more consistent with how credentials and subscription id's are determined for other
auth_source
s. This was one of the main criticisms that's probably holding that pull request up.ISSUE TYPE
COMPONENT NAME
azure_rm_common
ADDITIONAL INFORMATION
We have different Azure subscriptions for our prod and dev environments. By default we only work on the dev environment, but we have a number of playbooks that we want to work with all virtual machines at once.
Demonstration playbook:
Before:
After: