Skip to content

Commit

Permalink
Support for Service Principal with certificate (no password)
Browse files Browse the repository at this point in the history
  • Loading branch information
@zioproto
zioproto committed Mar 4, 2024
1 parent c56833c commit 9bb0dad
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 4 deletions.
15 changes: 11 additions & 4 deletions .devcontainer/script.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ if [ -z "$ARM_CLIENT_ID" ]; then
exit 0
fi

# Check if $ARM_CLIENT_SECRET exists
if [ -z "$ARM_CLIENT_SECRET" ]; then
echo "ARM_CLIENT_SECRET is not set"
# Check if either $ARM_CLIENT_SECRET or $ARM_CLIENT_CERTIFICATE is set
if [ -z "$ARM_CLIENT_SECRET" ] && [ -z "$ARM_CLIENT_CERTIFICATE" ]; then
echo "Either ARM_CLIENT_SECRET or ARM_CLIENT_CERTIFICATE should be set"
exit 0
fi

Expand All @@ -23,4 +23,11 @@ if [ -z "$ARM_SUBSCRIPTION_ID" ]; then
exit 0
fi

az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID
# If ARM_CLIENT_CERTIFICATE is set, decode it and save to a temp file
if [ -n "$ARM_CLIENT_CERTIFICATE" ]; then
echo "$ARM_CLIENT_CERTIFICATE" | base64 -d > /tmp/certfile
az login --service-principal -u $ARM_CLIENT_ID --tenant $ARM_TENANT_ID -p /tmp/certfile
else
# Otherwise, use ARM_CLIENT_SECRET
az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID
fi
8 changes: 8 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ The easiest way to run this sample is to run it creating a new [GitHub Codespace
az ad sp create-for-rbac --role="Owner" --scopes="/subscriptions/<SUBSCRIPTION_ID>" -o json
```

Note: If your organization has a policy prohibiting Service Principals with passwords on the tenant, create a Service Principal with a certificate:

```
az ad sp create-for-rbac --role="Owner" --scopes="/subscriptions/<SUBSCRIPTION_ID>" --create-cert -o json


- In your github account go to Codespaces and Create a new Codespace with "Azure-Sample/azure-openai-terraform-deployment-sample" repository and select the main branch.

![codespace_create](./images/codespace-create.png)
Expand All @@ -32,6 +38,8 @@ The easiest way to run this sample is to run it creating a new [GitHub Codespace

![codespace_secrets](./images/codespace_secrets.png)

Note: if using Service Principal certificate set `ARM_CLIENT_CERTIFICATE` as `ARM_CLIENT_CERTIFICATE=$(cat cert-and-private-key.pem| base64)`

- Follow this link to create a new [GitHub Codespace](https://codespaces.new/Azure-Samples/azure-openai-terraform-deployment-sample).

[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/Azure-Samples/azure-openai-terraform-deployment-sample)
Expand Down

0 comments on commit 9bb0dad

Please sign in to comment.