can we get the azure devops version of the implementation?

[sambitr]

the implementation is fully for the GitHub Actions specific. We are trying to implement it on Azure DevOps and we ADO does not have variables like: ACTIONS_ID_TOKEN_REQUEST_TOKEN & ACTIONS_ID_TOKEN_REQUEST_URL

[Xplz3d]

Hi @sambitr , i tried many things e.g below :

- task: AzureCLI@2
  displayName: "Set Env"
  inputs:
    addSpnToEnvironment: true
    azureSubscription: $(SERVICE_CONNECTION)
    scriptType: pscore
    scriptLocation: inlineScript
    inlineScript: |
       Write-Host "##vso[task.setvariable variable=AZURE_CLIENT_ID]$env:servicePrincipalId"
       Write-Host "##vso[task.setvariable variable=AAD_SERVICE_PRINCIPAL_CLIENT_ID]$env:servicePrincipalId"
       Write-Host "##vso[task.setvariable variable=AZURE_OIDC_TOKEN]$env:idToken"
       Write-Host "##vso[task.setvariable variable=AZURE_TENANT_ID]$env:tenantId"
       Write-Host "##vso[task.setvariable variable=AZURE_SUBSCRIPTION_ID]$(az account show --query id -o tsv)"
       Write-Host "##vso[task.setvariable variable=AZURE_AUTHORITY_HOST]https://vstoken.dev.azure.com/XXXXXXXX"
       Set-Content -Path "$(Agent.BuildDirectory)/id_token" -Value $idToken
       Write-Host "##vso[task.setvariable variable=AZURE_FEDERATED_TOKEN_FILE]$(Agent.BuildDirectory)/id_token"

- task: AzureCLI@2
  displayName: "deploy AKS"
  inputs:
    addSpnToEnvironment: true
    azureSubscription: $(SERVICE_CONNECTION)
    scriptType: pscore
    scriptLocation: inlineScript
    inlineScript: |
      Write-Host $env:AZURE_CLIENT_ID
      Write-Host $env:AAD_SERVICE_PRINCIPAL_CLIENT_ID
      Write-Host $env:AZURE_OIDC_TOKEN
      Write-Host $env:AZURE_TENANT_ID
      Write-Host $env:AZURE_SUBSCRIPTION_ID
      Write-Host $env:AZURE_AUTHORITY_HOST
      Write-Host $env:AZURE_FEDERATED_TOKEN_FILE
      $AKS_CLUSTER_NAME=az aks list --resource-group $(APPGWRG) --query "[0].name" -o tsv
      az aks get-credentials -g $(APPGWRG) -n $AKS_CLUSTER_NAME --overwrite-existing
#kubelogin doesn't consume the env variables, so need to pass them inline
      **kubelogin convert-kubeconfig -l workloadidentity  --client-id $servicePrincipalId --tenant-id $tenantId --federated-token-file "$(Agent.BuildDirectory)/id_token"  --authority-host "https://login.microsoftonline.com/"**
      kubectl config view
      kubectl get nodes
  env:
    AZURE_CLIENT_ID: "$AZURE_CLIENT_ID"
    AAD_SERVICE_PRINCIPAL_CLIENT_ID: "$AAD_SERVICE_PRINCIPAL_CLIENT_ID"
    AZURE_OIDC_TOKEN: "$AZURE_OIDC_TOKEN"
    AZURE_TENANT_ID: "$AZURE_TENANT_ID"
    AZURE_SUBSCRIPTION_ID: "$AZURE_SUBSCRIPTION_ID"
    AZURE_AUTHORITY_HOST: "$AZURE_AUTHORITY_HOST"
    AZURE_FEDERATED_TOKEN_FILE: "$AZURE_FEDERATED_TOKEN_FILE"

Error :

@sambitr did you manage to make it working ? @weinong do you have the AzDO implementation ?