ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

closes #5880 (#9970) 

Adding doc how to setup azure auth with cli
This commit is contained in:
Ben Abrams 2016-11-18 04:30:54 -08:00 committed by Paul Stack
parent dc0cb70e95
commit 6dd2fb947c
1 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
website/source/docs/providers/azurerm/index.html.markdown
View File

@ -99,7 +99,7 @@ To create the App Registration using the New ARM portal:
- Click on **Keys**. Enter a name for your key in **Key description** and choose an expiration duration. When you click **Save** at the top of the blade, the key value will be displayed. Once it is displayed, you then use this as the value for `client_secret`. This will disappear once you move off the page
- Click **Required Permissions**. Click **Add**. This will allow us to add permission to use the Windows Azure Service Management API to the App Registration. On Step 1, choose Windows Azure Service Management API. Click **Select**. On Step 2, check the box next to "Access Azure Service Management as organization users". Click **Select**. Click **Done** to finish adding the permission.
To create the App Reigstration using the 'Classic' portal:
To create the App Registration using the 'Classic' portal:
- Select **Active Directory** from the left pane and select the directory you wish to use
- Select **Applications** from the options at the top of the page
@ -117,6 +117,24 @@ To grant permissions to the App Registration to your subscription, you now must
- Type in the name of the application added in the search box. You need to type this as it won't be shown in the user list. Click on the appropriate user in the list and then click **Select**
- Click **OK** in the **Add Access** panel. The changes will now be saved
To create using azure cli:
`az` is using the new azure 2.0 cli using python rather than the old nodejs version. You might be able to replace `az` with `azure`.
```
az login
az account set --name="${SUBSCRIPTION_ID}"
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/${SUBSCRIPTION_ID}"
```
This will output your `client_id`, `client_secret` (password), `sp_name`, and `tenant`. The sp_name or client_id may be used for the `servicePrincipalProfile.servicePrincipalClientId` and the `client_secret` is used for `servicePrincipalProfile.servicePrincipalClientSecret`.
Confirm your service principal by opening a new shell and run the following commands substituting in `sp_name`, `client_secret`, and `tenant`:
```
az login --service-principal -u SPNAME -p CLIENTSECRET --tenant TENANT
az vm list-sizes --location westus
```
This may be out of date and was based on: [https://github.com/Azure/acs-engine](https://github.com/Azure/acs-engine/blob/417d0d3655aeab0fee784ef6c623ac8333ebb936/docs/serviceprincipal.md#creating-a-service-principal)
Microsoft have a more complete guide in the Azure documentation: [Create Active Directory application and service principle](https://azure.microsoft.com/en-us/documentation/articles/resource-group-create-service-principal-portal/)
## Testing