Skip to content

Commit 9bb0dad

Browse files
zioprotozioproto
committed
Support for Service Principal with certificate (no password)
1 parent c56833c commit 9bb0dad

File tree

2 files changed

+19
-4
lines changed

2 files changed

+19
-4
lines changed

.devcontainer/script.sh

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,9 @@ if [ -z "$ARM_CLIENT_ID" ]; then
55
exit 0
66
fi
77

8-
# Check if $ARM_CLIENT_SECRET exists
9-
if [ -z "$ARM_CLIENT_SECRET" ]; then
10-
echo "ARM_CLIENT_SECRET is not set"
8+
# Check if either $ARM_CLIENT_SECRET or $ARM_CLIENT_CERTIFICATE is set
9+
if [ -z "$ARM_CLIENT_SECRET" ] && [ -z "$ARM_CLIENT_CERTIFICATE" ]; then
10+
echo "Either ARM_CLIENT_SECRET or ARM_CLIENT_CERTIFICATE should be set"
1111
exit 0
1212
fi
1313

@@ -23,4 +23,11 @@ if [ -z "$ARM_SUBSCRIPTION_ID" ]; then
2323
exit 0
2424
fi
2525

26-
az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID
26+
# If ARM_CLIENT_CERTIFICATE is set, decode it and save to a temp file
27+
if [ -n "$ARM_CLIENT_CERTIFICATE" ]; then
28+
echo "$ARM_CLIENT_CERTIFICATE" | base64 -d > /tmp/certfile
29+
az login --service-principal -u $ARM_CLIENT_ID --tenant $ARM_TENANT_ID -p /tmp/certfile
30+
else
31+
# Otherwise, use ARM_CLIENT_SECRET
32+
az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID
33+
fi

README.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,12 @@ The easiest way to run this sample is to run it creating a new [GitHub Codespace
2424
az ad sp create-for-rbac --role="Owner" --scopes="/subscriptions/<SUBSCRIPTION_ID>" -o json
2525
```
2626

27+
Note: If your organization has a policy prohibiting Service Principals with passwords on the tenant, create a Service Principal with a certificate:
28+
29+
```
30+
az ad sp create-for-rbac --role="Owner" --scopes="/subscriptions/<SUBSCRIPTION_ID>" --create-cert -o json
31+
32+
2733
- In your github account go to Codespaces and Create a new Codespace with "Azure-Sample/azure-openai-terraform-deployment-sample" repository and select the main branch.
2834

2935
![codespace_create](./images/codespace-create.png)
@@ -32,6 +38,8 @@ The easiest way to run this sample is to run it creating a new [GitHub Codespace
3238

3339
![codespace_secrets](./images/codespace_secrets.png)
3440

41+
Note: if using Service Principal certificate set `ARM_CLIENT_CERTIFICATE` as `ARM_CLIENT_CERTIFICATE=$(cat cert-and-private-key.pem| base64)`
42+
3543
- Follow this link to create a new [GitHub Codespace](https://codespaces.new/Azure-Samples/azure-openai-terraform-deployment-sample).
3644

3745
[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/Azure-Samples/azure-openai-terraform-deployment-sample)

0 commit comments

Comments
 (0)