I realized as I was reviewing a post I wrote about setting up Test Kitchen that there were some gotchas between the parameters that are returned between the service principal creation output and the credentials file. In this post, I provide the mapping between those parameters.
When setting up a service principal to use with scripts or tools to automate your Azure infrastructure, you may set up a credentials file. The Azure credentials file ~/.azure/credentials contain a few parameters. You obtain these parameters when you create the service principal.
The output of create-for-rbac looks like:
{
"appId": "00000000-1111-0000-0000-000000000000",
"displayName": "SigjeServiceDemoPrincipal",
"name": "http://SigjeServiceDemoPrincipal",
"password": "df111111-0000-0000-0000-100000000000",
"tenant": "11111111-0000-0000-0000-000000000000"
}
The configuration for the Azure credential file looks like this:
[00000000-0000-0000-0000-100000000000]
client_id=00000000-1111-0000-0000-000000000000
secret=df111111-0000-0000-0000-100000000000
tenant=11111111-0000-0000-0000-000000000000
The mapping from the output received from the creation of the service principal to the creation of the credentials file:
appId maps to client_id and is the specific identifier of the service principal.
password maps to secret and is the credential for the service principal.
tenant is the same in both and is the specific identifier of the Active Directory instance in which you created this service principal.
The final required configuration parameter is the subscription ID. The subscription ID is the identifier that uniquely identifies the subscription to create and manage any resources and services with this credential. That's what is enclosed in the brackets within the configuration.
Now you should be able to set up your Azure credential file. If you didn't keep track of the password when you created the service principal, reset the credentials for the service principal.
For more quick real-world scenarios on Azure, check out the Azure Tips and Tricks site.
Top comments (1)
I am seeing the below error, need help with respect to the same.
(C:/Users/.azure/credentials) does not contain tenant_id neither is the AZURE_TENANT_ID environment variable set.
Top level ::CompositeIO is deprecated, require 'multipart/post' and use Multipart::Post::CompositeReadIO instead!
Top level ::Parts is deprecated, require 'multipart/post' and use Multipart::Post::Parts instead!
File exist in the location and this is how it looks