Open gbordier opened 4 months ago
@ms-henglu do we have a way of renewing the access token? If not we should definitely make sure to get that fixed for long running operations.
@stemaMSFT and @ms-henglu The Go SDK now has a token refresh facility that you can leverage if in the scope of Azure DevOps: https://devblogs.microsoft.com/azure-sdk/improve-security-posture-in-azure-service-connections-with-azurepipelinescredential/
We just migrated all our Azure DevOps pipelines to use federated authentication. If we now would have to recreate an environment (taking > 10min) we will be in trouble. So I want to highlight this has real operational impact. Timely fix would be so much appreciated.
When using AzureCLI task in Azure Devops, when azapi resource creation is chained with other terraform resources that take a long time to create, the original short lived OIDC token (10 min) that is generated by the task is expired and cannot be exchanged with an entra id access token.
Ideally azapi should re-use the access token azurerm uses. other workaround would be to split the pipeline or use another form of authentication .