search

aztfmod / rover

The rover is a docker container in charge of the deployment of the Terraform platform engineering for Azure
MIT License
172 stars 142 forks source link

Deprecate the --impersonate command #218

Closed arnaudlh closed 2 years ago

arnaudlh commented 2 years ago

When impersonating service principal context for pipelines troubleshooting, we recommend you use the --impersonate-sp-from-keyvault-url option instead of the old --impersonate

brk3 commented 2 years ago

Hi @arnaudlh, don't want to hijack this issue but just in case you're not aware of the following issues:

https://github.com/aztfmod/terraform-azurerm-caf/issues/759 https://github.com/aztfmod/terraform-azurerm-caf/issues/761

It would appear the general story of 'deploy as user account, then let service principal take over' is broken in a handful of areas regardless of whether you use --impersonate-sp-from-keyvault-url or --impersonate.

arnaudlh commented 2 years ago

Hi @arnaudlh, don't want to hijack this issue but just in case you're not aware of the following issues:

https://github.com/aztfmod/terraform-azurerm-caf/issues/759

https://github.com/aztfmod/terraform-azurerm-caf/issues/761

It would appear the general story of 'deploy as user account, then let service principal take over' is broken in a handful of areas regardless of whether you use --impersonate-sp-from-keyvault-url or --impersonate.

Adding @LaurentLesle

brk3 commented 2 years ago

I can confirm however that the basic functionality of --impersonate-sp-from-keyvault-url works fine, so support removing --impersonate.