Skip to content

Commit

Permalink
Move client secret to parameters so it gets hidden by ARM (#1507)
Browse files Browse the repository at this point in the history
  • Loading branch information
@brendandburns @tjprescott
brendandburns authored and tjprescott committed Dec 8, 2016
1 parent 9a12bee commit 2e01cf2
Showing 1 changed file with 16 additions and 7 deletions.
23 changes: 16 additions & 7 deletions src/command_modules/azure-cli-acs/azure/cli/command_modules/acs/custom.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -353,6 +353,14 @@ def _create_kubernetes(resource_group_name, deployment_name, dns_name_prefix, na
template = {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"clientSecret": {
"type": "secureString",
"metadata": {
"description": "The client secret for the service principal"
}
}
},
"resources": [
{
"apiVersion": "2016-09-30",
Expand All @@ -361,7 +369,7 @@ def _create_kubernetes(resource_group_name, deployment_name, dns_name_prefix, na
"name": name,
"properties": {
"orchestratorProfile": {
"orchestratorType": "Custom"
"orchestratorType": "kubernetes"
},
"masterProfile": {
"count": 1,
Expand All @@ -387,18 +395,19 @@ def _create_kubernetes(resource_group_name, deployment_name, dns_name_prefix, na
},
"servicePrincipalProfile": {
"ClientId": service_principal,
"Secret": client_secret
},
"customProfile": {
"orchestrator": "kubernetes"
"Secret": "[parameters('clientSecret')]"
}
}
}
]
}

params = {
"clientSecret": {
"value": client_secret
}
}
properties = DeploymentProperties(template=template, template_link=None,
parameters=None, mode='incremental')
parameters=params, mode='incremental')
smc = _resource_client_factory()
return smc.deployments.create_or_update(resource_group_name, deployment_name, properties)

Expand Down

0 comments on commit 2e01cf2

Please sign in to comment.