Describe the bug
This is more of a feature request than a bug.
It's not possible to use Azure's managed identity feature for login (MSI). I noticed that the library used for authentication, @azure/ms-rest-nodeauth actually supports MSI login, but this lib does not make use of it. I tried to modify the source of ng-deploy-azure to call that functionality, but because the dependency uses a very old version of ms-rest-nodeauth, it tries to authenticate to MSI an approach that is now deprecated (uses localhost instead of IMDS -- https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/howto-migrate-vm-extension).
To Reproduce
Steps to reproduce the behavior:
Turn on Managed Identity for a VM
There is no way to tell ng-deploy-azure to use the now-logged-in MSI.
Expected behavior
Turn on Managed Identity for a VM
Have a way to tell ng-deploiy-azure to use MSI credentials (should work even if env var CI=1 is set)
Deployment command should use the MSI identity to access storage and deploy
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
N/A
Smartphone (please complete the following information):
N/A
Additional context
I was mainly looking for this feature because we want to use this package in our CI, but we don't want hardcoded user/passwords (i.e. service principal client ID and secret) written into our code or configs. An alternative would be to use an SP that is backed by a certificate in Azure Keystore but you don't support that either.
Describe the bug This is more of a feature request than a bug.
It's not possible to use Azure's managed identity feature for login (MSI). I noticed that the library used for authentication,
@azure/ms-rest-nodeauthactually supports MSI login, but this lib does not make use of it. I tried to modify the source of ng-deploy-azure to call that functionality, but because the dependency uses a very old version of ms-rest-nodeauth, it tries to authenticate to MSI an approach that is now deprecated (uses localhost instead of IMDS -- https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/howto-migrate-vm-extension).To Reproduce Steps to reproduce the behavior:
Expected behavior
Screenshots If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information): N/A
Smartphone (please complete the following information): N/A
Additional context I was mainly looking for this feature because we want to use this package in our CI, but we don't want hardcoded user/passwords (i.e. service principal client ID and secret) written into our code or configs. An alternative would be to use an SP that is backed by a certificate in Azure Keystore but you don't support that either.