Closed ztrhgf closed 5 months ago
So what you really want to do here is pass the token as an argument during run time?
Yes :) Instead of SP id and secret.
Added the option to pass a token in 2.3.0 beta4 and was able to use it like this
trigger:
- none
pool:
vmImage: windows-latest
steps:
- task: AzureCLI@2
displayName: 'Get Graph Token for Workload Federated Credential'
inputs:
azureSubscription: 'test'
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
$token = az account get-access-token --resource-type ms-graph
$accessToken = ($token | ConvertFrom-Json).accessToken
Write-Host "##vso[task.setvariable variable=secretToken;issecret=true]$accessToken"
- task: PowerShell@2
displayName: 'Install IntuneCD'
inputs:
targetType: 'inline'
script: |
pip3 install IntuneCD==2.3.0b4
pwsh: true
- task: PowerShell@2
displayName: 'Run IntuneCD with token'
inputs:
targetType: 'inline'
script: |
IntuneCD-startbackup -t $(secretToken) -p $(Build.SourcesDirectory)
pwsh: true
Amazing! Will try it right now.
Working like a charm!
Cool, I'll make it a part of 2.3.0!
Looking forward to it, thanks again!
Please update the docs too.
Docs updated
Is your feature request related to a problem? Please describe. I don't want to use service principal because of secret/certificate maintenance. Federating identity is just much more secure and maintainable.
Describe the solution you'd like Please option to authenticate using Azure DevOps federating identity as described here https://gotoguy.blog/2023/09/15/connect-to-microsoft-graph-in-azure-devops-pipelines-using-workload-identity-federation/
In general we need to be able to pass token that will be used like
Connect-MgGraph -AccessToken $token
Thanks!