Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use armrest gem #14

Merged
merged 1 commit into from
Jan 20, 2022
Merged

use armrest gem #14

merged 1 commit into from
Jan 20, 2022

Conversation

tongueroo
Copy link
Contributor

@tongueroo tongueroo commented Jan 20, 2022

  • auth provider chain
  • clean up secrets
  • remove deprecated azure mgmt sdk

Closes #6

Notes

This was doozy 🤣

Dug into it and the ruby azure sdk was able to auth via MSI and CLI. Sadly, the azure ruby sdk has been deprecated:

https://github.com/Azure/azure-sdk-for-ruby/blob/master/docs/README.md

Have been able to get by still using the deprecated sdk for the terraspace_plugin_azurerm. Running into a few annoying issues with it though. IE: Its gemspec pins faraday and other dependencies down, and microsoft is not updating the ruby gems. 🤦🏻‍♂️

Resorted to writing a ruby gem that uses the Azure REST API https://github.com/boltops-tools/armrest It was a bit of an effort 💪

The armrest gem will automatically check a few credentials in the credentials provider chain lookup logic:

Environment -> MSI -> CLI

Note: Had some mixed feelings about the order of the auth provider chain. With AWS, the credentials provider chain puts the InstanceProfile, similar to MSI, at the end. See: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-precedence Feel this makes more sense since guessing it makes a network call to see if the metadata endpoint is available.

Studied the .net DefaultAzureCredential chain and based the armrest auth chain on that. See: https://docs.microsoft.com/en-us/dotnet/api/overview/azure/identity-readme#defaultazurecredential

Also, added docs: https://terraspace.cloud/docs/plugins/azure/auth/

* auth provider chain
* clean up secrets
* remove deprecated azure mgmt sdk
@tongueroo
Copy link
Contributor Author

Released in 0.5.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

feat: Azure MSI authentication support
1 participant