Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-05-02 06:16:08 -04:00
Code Issues Projects Releases Packages Wiki Activity

config: drop support for deprecated Azure's service principal authentication (#1906)

Browse source 
* invalidate app client id field for azure and provide info

* remove TestNewWithDefaultOptions case

* fix test

* remove appClientID field

* remove client secret + rename err

* remove from docs

* otto feedback

* update docs

* delete env test in cfg since no envs set anymore

* Update dev-docs/workflows/github-actions.md

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* WARNING to stderr

* fix check

---------

Co-authored-by: Otto Bittner <cobittner@posteo.net>
This commit is contained in:
Adrian Stobbe 2023-06-14 17:50:57 +02:00 committed by GitHub
parent d964c74cbb
commit 07de6482b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 152 additions and 222 deletions
Download patch file Download diff file Expand all files Collapse all files

11
cli/internal/terraform/terraform/iam/azure/README.md
View file

@ -3,6 +3,7 @@
This terraform configuration creates the necessary Azure resources that need to be available to host a Constellation cluster.
You can create the resources with the following commands:
```sh
mkdir constellation_azure_iam
cd constellation_azure_iam
@ -12,25 +13,19 @@ terraform apply
```
The following terraform output values are available (with their corresponding keys in the Constellation configuration file):
- `subscription_id` (subscription)
- `tenant_id` (tenant)
- `region` (location)
- `base_resource_group_name` (resourceGroup)
- `application_id` (appClientID)
- `uami_id` (userAssignedIdentity)
- `application_client_secret_value` (clientSecretValue) - **Sensitive Value**
You can either get the profile names from the Terraform output and manually add them to your Constellation configuration file according to our [Documentation](https://docs.edgeless.systems/constellation/getting-started/first-steps).
Or you can do this with a `yq` command:
```sh
yq -i "
.provider.azure.subscription = $(terraform output subscription_id) |
.provider.azure.tenant = $(terraform output tenant_id) |
.provider.azure.location = $(terraform output region) |
.provider.azure.resourceGroup = $(terraform output base_resource_group_name) |
.provider.azure.appClientID = $(terraform output application_id) |
.provider.azure.userAssignedIdentity = $(terraform output uami_id) |
.provider.azure.clientSecretValue = $(terraform output application_client_secret_value)
" path/to/constellation-conf.yaml
```