search

microsoft / azure-pipelines-terraform

Azure Pipelines tasks for installing Terraform and running Terraform commands in a build or release pipeline.
MIT License
95 stars 59 forks source link

Feature: Support workload identity federation #176

Closed jaredfholgate closed 10 months ago

jaredfholgate commented 10 months ago

This PR is to add support for Workload Identity Federation (OIDC) in the Terraform Task.

The intention is that this will be a non-breaking change, it will simply identify the authentication scheme and setup the provider accordingly.

Testing Evidence:

In order to run this test, the following steps were followed:

  1. Compiled and packaged the extension as per the steps HERE.
  2. Removed the public extension from the organisation.
  3. Published the extension to the market place, shared it to the organisation and installed it in the organisation.
  4. Deployed the Service Connection, Managed Identity, etc using this example code: https://github.com/Azure-Samples/azure-devops-terraform-oidc-ci-cd
  5. Updated the oidc.yml pipeline to include the Terraform task steps (see below).
  6. Ran the pipeline.

Pipeline Code

image

Test Extension

image

Service Connection

image

Terraform Init

image

Terraform Apply

image

jaredfholgate commented 10 months ago

The previous PR https://github.com/microsoft/azure-pipelines-terraform/pull/164 was closed in favour of this one.