moredatapls
commented
9 months ago We ran into this very limitation after switching to the federated credentials. It manifests as the following error in the pipelines:
##[error]Error: Endpoint auth data not present: <the guid of your service connection>The problem is that this line is trying to resolve the service principal key (=client secret), which obviously doesn't exist anymore: https://github.com/pulumi/pulumi-az-pipelines-task/blob/39d15080eebe21709c75ad1f4f718d70698471ce/buildAndReleaseTask/serviceEndpoint.ts#L29
It then crashes in the azure-pipelines-task-lib here with the error I posted above.
I would also really like to use the Pulumi tasks together with the workload identity federation, it would be really nice to see support for this soon.
swimmesberger
Isenr
af-vijay
imdex-brett-debeer
Is your feature request related to a problem? Please describe. When running Pulumi Azure Pipelines tasks, I want to use ARM Service Connection with Workload identity federation. The public preview of Workload identity federation for Azure Pipelines has been recently announced by Microsoft with Terrafoms tasks already having support for that. I want the same experience when using Pulumi tasks.
Describe the solution you'd like Be able to select ARM Service Connection with Workload identity federation so that the pulumi tasks continue working without needed secrets in the service principal associated with the service connections.
Describe alternatives you've considered I have considered not using Pulumi tasks and try to run manually pulumi CLI in an Azure CLI task that would retrieve the Azure token. But that's only a workaround, I would rather use Pulumi tasks.
Additional context N/A