search

Azure / azure-dev

A developer CLI that reduces the time it takes for you to get started on Azure. The Azure Developer CLI (azd) provides a set of developer-friendly commands that map to key stages in your workflow - code, build, deploy, monitor, repeat.
https://aka.ms/azd
MIT License
392 stars 184 forks source link

Federated Credential Provider - What values are accepted? #3242

Open MiTschMR opened 7 months ago

MiTschMR commented 7 months ago

Output from azd version azd version 1.5.1 (commit 3856d1e98281683b8d112e222c0a7c7b3e148e96)

Describe the issue I would like to use federated credentials in order to not use secrets in my GitLab pipeline to deploy my .Net Aspire orchesatrated app automatically to Azure Container Apps. When trying to sign in with the federated credential using azd auth login --tenant-id "${AZURE_TENANT_ID}" --client-id "${AZURE_UAMI_CLIENT_ID}" --federated-credential-provider "${FED_CRED_PROVIDER_ID}" --no-prompt where the client-id is the ID of the application registration with the federated credential and the provider being api://AzureADTokenExchange, I get the following error:

ERROR: logging in: unsupported federated token provider: 'api://AzureADTokenExchange'

To Reproduce Create a federated credential for GitLab by following this guide: https://techcommunity.microsoft.com/t5/fasttrack-for-azure/azure-access-from-github-and-gitlab-pipelines-without-secrets/ba-p/3858885

Execute the above mentioned command and pass the values accordingly, though it does not matter what value is used for the client-id. The error will appear. From my testing, only "github" was accepted, which is not feasible for me.

ellismg commented 7 months ago

github was the only supported provider. It looked easy enough to support GitLab however, so I opened https://github.com/Azure/azure-dev/pull/3244 in draft to try to do that - when the private build is ready could you give it a whirl and see if it works for you? I don't have a GitLab instance to test against.

MiTschMR commented 6 months ago

That was quick, thank you very much! I can confirm that this change fixes my issue, the authentication now goes through without issues.

ellismg commented 6 months ago

Reopening until we land the fix in #3244

ellismg commented 6 months ago

Thanks for testing, @MiTschMR

rajeshkamal5050 commented 6 months ago

@weikanglim Assigning to you based on the PR and discussion - https://github.com/Azure/azure-dev/pull/3244

MiTschMR commented 1 month ago

With azd version 1.9.4 PR https://github.com/Azure/azure-dev/pull/3723 got merged. Is something similar now supported or is this still not supported?