Closed sahityamalepati closed 3 years ago
manicminer
commented
3 years ago Hi @sahityamalepati, the reason you are not seeing the certificate is that the portal dropped support for displaying/managing service principal passwords. Microsoft recommend you use application passwords where feasible and for this you'll rather want to use the azuread_application_password resource - which you'll then see in AAD > App Registrations > TheApp > Certificates & secrets
sahityamalepati
commented
3 years ago Hi @manicminer Thank you, using that approach we have to pass password value every time when we are deploying and i am trying to use this SPN and certificate for automation account connection to configure as run as account. Is there any other way other than password ?
manicminer
commented
3 years ago Sorry, I meant the azuread_application_certificate resource!
manicminer
commented
3 years ago My comment was more around placing the credentials (password or certificate) with the Application rather than the Service Principal
sahityamalepati
commented
3 years ago Understood! :) will try using Azure AD app certificate instead service principal
manicminer
commented
3 years ago I'm going to close this issue as resolved, please free to report any other issues if you encounter them.
For usage questions, I recommend the Terraform HashiCorp Discuss forum.
Thanks!
sahityamalepati
commented
3 years ago Error: Creating certificate credentials "e5051f8b-0c76-810d-1a9c-df22ae0c3815" for application with object ID "0d5b44b2-6145-4e51-ae70-cb350af5ae64"
graphrbac.ApplicationsClient#UpdateKeyCredentials: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Request_BadRequest","date":"2021-02-12T09:44:28","message":{"lang":"en","value":"Invalid certificate: Key value is invalid certificate"},"requestId":"af87a866-3346-4599-a4ef-49a23f45a26e","values":[{"item":"PropertyName","value":"keyCredentials.value"},{"item":"PropertyErrorCode","value":"InvalidKeyValue"}]}}]
ghost
commented
3 years ago I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!
I am to create an APP and SP, even certificate is getting created created in keyvault using below code but awhen i see the SP in portal i dont see any certificates under service principal. Can anyone help me wit this
provider "azurerm" { features {} }
data "azurerm_client_config" "current" {}
data "azurerm_resource_group" "rg" { name = var.resource_group_name }
data "azurerm_key_vault" "app_vault" { name = var.azurerm_key_vault resource_group_name = var.resource_group_name }
resource "azuread_application" "example" { display_name = "myappTest" homepage = "http://myhomepage" identifier_uris = ["http://contosotest.com"] reply_urls = ["http://contosotest.com"] available_to_other_tenants = false oauth2_allow_implicit_flow = true }
resource "azuread_service_principal" "example" { application_id = azuread_application.example.application_id app_role_assignment_required = false }
resource "azurerm_key_vault_certificate" "example" { name = "App-certificate" key_vault_id = data.azurerm_key_vault.app_vault.id
certificate_policy { issuer_parameters { name = "Self" }
} }
resource "azuread_service_principal_certificate" "example" { service_principal_id = "${azuread_service_principal.example.id}" type = "AsymmetricX509Cert" encoding = "hex" value = azurerm_key_vault_certificate.example.certificate_data end_date = azurerm_key_vault_certificate.example.certificate_attribute[0].expires start_date = azurerm_key_vault_certificate.example.certificate_attribute[0].not_before }