From ff8be4ec944d8e2f2d6c037bac520690104f499e Mon Sep 17 00:00:00 2001 From: Sunny Date: Tue, 24 Jan 2023 21:15:37 +0000 Subject: [PATCH] oci/tests: Add details about Azure CLI login Add details about using Service Principal for azure tests. Signed-off-by: Sunny --- oci/tests/integration/.env.sample | 6 ++++++ oci/tests/integration/README.md | 14 +++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/oci/tests/integration/.env.sample b/oci/tests/integration/.env.sample index de0d0fcb..e188c78c 100644 --- a/oci/tests/integration/.env.sample +++ b/oci/tests/integration/.env.sample @@ -5,6 +5,12 @@ ## Azure # export TF_VAR_azure_location=eastus +## Set the following only when authenticating using Service Principal (suited +## for CI environment). +# export ARM_CLIENT_ID= +# export ARM_CLIENT_SECRET= +# export ARM_SUBSCRIPTION_ID= +# export ARM_TENANT_ID= ## GCP # export TF_VAR_gcp_project_id= diff --git a/oci/tests/integration/README.md b/oci/tests/integration/README.md index 36f1bfcb..fa164d9e 100644 --- a/oci/tests/integration/README.md +++ b/oci/tests/integration/README.md @@ -40,7 +40,19 @@ $ kubectl logs test-job-93tbl-4jp2r - Azure account with an active subscription to be able to create AKS and ACR, and permission to assign roles. Role assignment is required for allowing AKS workloads to access ACR. -- Azure CLI, need to be logged in using `az login`. +- Azure CLI, need to be logged in using `az login` as a User (not a Service + Principal). + + **NOTE:** To use Service Principal (for example in CI environment), set the + `ARM-*` variables in `.env`, source it and authenticate Azure CLI with: + ```console + $ az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID + ``` + In this case, the AzureRM client in terraform uses the Service Principal to + authenticate and the Azure CLI is used only for authenticating with ACR for + logging in and pushing container images. Attempting to authenticate terraform + using Azure CLI with Service Principal results in the following error: + > Authenticating using the Azure CLI is only supported as a User (not a Service Principal). - Docker CLI for registry login. - kubectl for applying certain install manifests.