Closed arnaudlh closed 2 years ago
Hi @arnaudlh, don't want to hijack this issue but just in case you're not aware of the following issues:
https://github.com/aztfmod/terraform-azurerm-caf/issues/759 https://github.com/aztfmod/terraform-azurerm-caf/issues/761
It would appear the general story of 'deploy as user account, then let service principal take over' is broken in a handful of areas regardless of whether you use --impersonate-sp-from-keyvault-url
or --impersonate
.
Hi @arnaudlh, don't want to hijack this issue but just in case you're not aware of the following issues:
https://github.com/aztfmod/terraform-azurerm-caf/issues/759
https://github.com/aztfmod/terraform-azurerm-caf/issues/761
It would appear the general story of 'deploy as user account, then let service principal take over' is broken in a handful of areas regardless of whether you use
--impersonate-sp-from-keyvault-url
or--impersonate
.
Adding @LaurentLesle
I can confirm however that the basic functionality of --impersonate-sp-from-keyvault-url
works fine, so support removing --impersonate
.
When impersonating service principal context for pipelines troubleshooting, we recommend you use the
--impersonate-sp-from-keyvault-url
option instead of the old--impersonate