Open stevendborrelli opened 2 years ago
As mentioned in the description this issue, official docs suggest that using the new authorization package: azidentity
. At this point we have a prerequisite. We need to update the go sdk version to consume the new authorization tool. Please see this issue: #327 There is a PR for updating this version: #326
To understand the impact of --sdk-auth
flag's deprecation, I tested a scenario. I generated credentials without using the --sdk-auth
flag and this credentials were used in a provider config. Trying to create a ResourceGroup resource by using the new credentials (without --sdk-auth
flag) was unsuccessful. So, it seems that, when the --sdk-auth
flag was removed from the cli, we have to change the authorization method.
For this migration (from autorest
-> azidentity
), we also need to change the used apis. Because the currently used apis (azure-sdk-for-go/services/...
) are not compatible with the new authorization method. The following apis are compatible with the azidentity tool: https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/resourcemanager
Therefore, it seems that the size of this change will not be small. Also the possible impacts of this change must be thought carefully (e.g. possible behavior changes...).
A related doc resource is here: https://docs.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication?tabs=bash
I see this issue as a blocker for addressing some other identity-based authentication related issues we have (#164, #329).
This seems like its a very important issue - is there any status update on this?
Hey there @lieberlois, have you been able to take a look at https://github.com/upbound/provider-azure/? It is much more actively maintained than this provider.
Hi @jbw976, oh no, I wasnt aware of that ! Thanks for pointing it out!
What problem are you facing?
The
--sdk-auth
option in the Azure CLI was deprecated in https://github.com/Azure/azure-cli/pull/19414 and restored in https://github.com/Azure/azure-cli/pull/19872 with a deprecation warning.As documented in the Crossplane Getting Started Guide, the
--sdk-auth
option is used to create a JSON file that is compatible with the Go Authentication client we are using go-autorest.End users who are using the Getting Started guide have started to report the following note when creating service principals:
The Crossplane provider uses the Azure Go SDK in combination go-autorest. The newest Azure Go Authorization docs indicates that going forward Azure Identity will be used.
How could Crossplane help solve your problem?
Related issues: