Merge pull request #1019 from robertbrandso/patch-1

Adding information about use in Azure Pipelines
microsoft · Apr 9, 2024 · c434a9a · c434a9a
2 parents a64b8c1 + fc76729
commit c434a9a
Showing 1 changed file with 34 additions and 8 deletions.
diff --git a/website/docs/guides/authenticating_service_principal_using_an_oidc_token.html.md b/website/docs/guides/authenticating_service_principal_using_an_oidc_token.html.md
@@ -26,6 +26,9 @@ The provider will need the Directory (tenant) ID and the Application (client) ID
 
 The token may be provided as a base64 encoded string, or by a file on the filesystem with the `ARM_OIDC_TOKEN` or `ARM_OIDC_TOKEN_FILE_PATH` environment variables, or in the provider configuration block with the `oidc_token` or `oidc_token_file_path` attributes.
 
+### How to use in different CI/CD pipelines
+
+#### GitHub Actions
 When running Terraform in GitHub Actions, the provider will detect the `ACTIONS_ID_TOKEN_REQUEST_URL` and `ACTIONS_ID_TOKEN_REQUEST_TOKEN` environment variables set by the GitHub Actions runtime. You can also specify the `ARM_OIDC_REQUEST_TOKEN` and `ARM_OIDC_REQUEST_URL` environment variables.
 
 For GitHub Actions workflows, you'll need to ensure the workflow has `write` permissions for the `id-token`.
@@ -37,14 +40,37 @@ permissions:
 
 For more information about OIDC in GitHub Actions, see [official documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers).
 
-### Providing the token through the file system
+#### Azure Pipelines
+When running Terraform in Azure Pipelines using two of the most popular Terraform extensions ([Azure Pipelines Terraform Tasks](https://marketplace.visualstudio.com/items?itemName=JasonBJohnson.azure-pipelines-tasks-terraform) or [DevLabs Terraform](https://marketplace.visualstudio.com/items?itemName=ms-devlabs.custom-terraform-tasks)), the environment variables `ARM_TENANT_ID`, `ARM_CLIENT_ID`, and `ARM_OIDC_TOKEN` are automatically configured when using service connections configured for federated credentials.
+
+As a result, the only configuration needed is as follows:
+
+```hcl
+terraform {
+  required_providers {
+    azuredevops = {
+      source  = "microsoft/azuredevops"
+      version = ">=1.0.1"
+    }
+  }
+}
+
+provider "azuredevops" {
+  org_service_url = "https://dev.azure.com/my-org"
+  use_oidc        = true
+}
+```
+
+### Examples
+
+#### Providing the token through the file system
 
 ```hcl
 terraform {
   required_providers {
     azuredevops = {
       source  = "microsoft/azuredevops"
-      version = ">=0.1.0"
+      version = ">=1.0.1"
     }
   }
 }
@@ -63,14 +89,14 @@ resource "azuredevops_project" "project" {
 }
 ```
 
-### Providing the token directly as a string
+#### Providing the token directly as a string
 
 ```hcl
 terraform {
   required_providers {
     azuredevops = {
       source  = "microsoft/azuredevops"
-      version = ">=0.1.0"
+      version = ">=1.0.1"
     }
   }
 }
@@ -90,14 +116,14 @@ resource "azuredevops_project" "project" {
 ```
 
 
-### Configure the provider to authenticate with the Terraform Cloud workload identity token
+#### Configure the provider to authenticate with the Terraform Cloud workload identity token
 
 ```hcl
 terraform {
   required_providers {
     azuredevops = {
       source  = "microsoft/azuredevops"
-      version = ">=0.1.0"
+      version = ">=1.0.1"
     }
   }
 }
@@ -115,14 +141,14 @@ resource "azuredevops_project" "project" {
 }
 ```
 
-### Configure the provider to authenticate with the Terraform Cloud workload identity token with different plan & apply service principals
+#### Configure the provider to authenticate with the Terraform Cloud workload identity token with different plan & apply service principals
 
 ```hcl
 terraform {
   required_providers {
     azuredevops = {
       source  = "microsoft/azuredevops"
-      version = ">=0.1.0"
+      version = ">=1.0.1"
     }
   }
 }