Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Instructions to generate the creds use deprecated CLI option '--sdk-auth' #40

Closed
phillipleblanc opened this issue Nov 30, 2021 · 5 comments
Closed

Instructions to generate the creds use deprecated CLI option '--sdk-auth' #40

phillipleblanc opened this issue Nov 30, 2021 · 5 comments
Labels
need-to-triage Requires investigation

Comments

@phillipleblanc
Copy link

az ad sp create-for-rbac --sdk-auth

Option '--sdk-auth' has been deprecated and will be removed in a future release.
In a future release, this command will NOT create a 'Contributor' role assignment by default. If needed, use the --role argument > to explicitly create a role assignment.
Creating 'Contributor' role assignment under scope '/subscriptions/[sub-id]'
The output includes credentials that you must protect. Be sure that you do not include these credentials in your code or check the credentials into your source control. For more information, see https://aka.ms/azadsp-cli
'name' property in the output is deprecated and will be removed in the future. Use 'appId' instead.
@phillipleblanc phillipleblanc added the need-to-triage Requires investigation label Nov 30, 2021
@github-actions
Copy link

This issue is idle because it has been open for 14 days with no activity.

@github-actions github-actions bot added the idle Inactive for 14 days label Dec 14, 2021
@erik-ha-msft
Copy link

Running into the same issue here. with --sdk-auth option vs without, the JSON keys are different (e.g. --sdk-auth gives clientId vs without, you get appId).

Is it possible to update this workflow to use the new syntax? As phillipleblanc commented, the --sdk-auth flag will be deprecated.

As a temporary workaround without the --sdk-auth flag, I had to change and add keys in the JSON output, for example:

appId -> clientId
password -> clientSecret
tenant -> tenantId
add subscriptionId

{
  "clientId": "<redacted>",
  "displayName": "<redacted>",
  "name": "<redacted>",
  "clientSecret": "<redacted>",
  "tenantId": "<redacted>",
  "subscriptionId": "<redacted>"
}

Tested the changes in my own repository and managed to get it working.

@github-actions github-actions bot removed the idle Inactive for 14 days label Jan 6, 2022
@github-actions
Copy link

This issue is idle because it has been open for 14 days with no activity.

@github-actions github-actions bot added the idle Inactive for 14 days label Jan 20, 2022
@OliverMKing
Copy link
Collaborator

OliverMKing commented Feb 3, 2022
edited
Loading

I've been following the discussion going on here closely. We want to be consistent with the Azure/login action.

@github-actions github-actions bot removed the idle Inactive for 14 days label Feb 3, 2022
@jiasli jiasli mentioned this issue Feb 7, 2022
Merged
@OliverMKing
Copy link
Collaborator

I updated this action to rely on Azure/login for v2.0. Any login methods supported there will work for this. That lets you use OIDC which is an alternative. Azure/login currently uses the --sdk-auth flag but hopefully will be switching away from that soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
need-to-triage Requires investigation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@phillipleblanc @OliverMKing @erik-ha-msft