Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #6
Notes
This was doozy 🤣
Dug into it and the ruby azure sdk was able to auth via MSI and CLI. Sadly, the azure ruby sdk has been deprecated:
https://github.com/Azure/azure-sdk-for-ruby/blob/master/docs/README.md
Have been able to get by still using the deprecated sdk for the terraspace_plugin_azurerm. Running into a few annoying issues with it though. IE: Its gemspec pins faraday and other dependencies down, and microsoft is not updating the ruby gems. 🤦🏻♂️
Resorted to writing a ruby gem that uses the Azure REST API https://github.com/boltops-tools/armrest It was a bit of an effort 💪
The armrest gem will automatically check a few credentials in the credentials provider chain lookup logic:
Note: Had some mixed feelings about the order of the auth provider chain. With AWS, the credentials provider chain puts the InstanceProfile, similar to MSI, at the end. See: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-precedence Feel this makes more sense since guessing it makes a network call to see if the metadata endpoint is available.
Studied the .net DefaultAzureCredential chain and based the armrest auth chain on that. See: https://docs.microsoft.com/en-us/dotnet/api/overview/azure/identity-readme#defaultazurecredential
Also, added docs: https://terraspace.cloud/docs/plugins/azure/auth/