-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azure: support CLI credentials instead of service principal #4295
Conversation
@pohly: GitHub didn't allow me to request PR reviews from the following users: bpineau. Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
(not an Azure maintainer here) Perhaps we could consider What do you think? (edit: just realising there's a useManagedIdentityExtension opt available) |
@@ -206,13 +207,24 @@ func newServicePrincipalTokenFromCredentials(config *Config, env *azure.Environm | |||
return nil, fmt.Errorf("no credentials provided for AAD application %s", config.AADClientID) | |||
} | |||
|
|||
func newAuthorizerFromCredentials(config *Config, env *azure.Environment) (autorest.Authorizer, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit (naming): with CLI support, that's not necessarily FromCredentials
anymore right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I removed FromCredentials
.
Makes sense. I wasn't sure whether there are others. I can change that once it has been determined that this PR can be merged despite the additional dependencies (small, but still not something that would be needed for "normal" deployments). |
4ea7bbe
to
b0deb2f
Compare
b0deb2f
to
bbab926
Compare
I've changed it so that (for now) "cli" and "principal" are valid authentication methods, with "principal" being the default when nothing is set (i.e. the current behavior). |
@pohly yup the PR adding the functionality is reasonable. I'll take a look at the code tomorrow. Sorry for the delay! |
During development it is simpler to reuse the existing credentials. Also, some setups with Active Directory make it hard to create a service principal because that depends on additional privileges.
bbab926
to
9d51239
Compare
/lgtm |
/assign @towca For final approval. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: feiskyer, marwanad, pohly The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
During development it is simpler to reuse the existing credentials. Also, some
setups with Active Directory make it hard to create a service principal because
that depends on additional privileges.
/cc @bpineau