Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth: Support azure-pipelines for --federated-credential-provider #4343

Merged
merged 1 commit into from
Nov 6, 2024
Merged

auth: Support azure-pipelines for --federated-credential-provider #4343

merged 1 commit into from
Nov 6, 2024

Conversation

ellismg
Copy link
Member

@ellismg ellismg commented Sep 18, 2024
edited
Loading

This change adds azure-pipelines as a supported value for the --federated-credential-provider switch of azd auth login. This provider can be used to do OIDC based login within the context of a job running in Azure Pipelines.

When using this provider, azd uses the AzurePipelinesCredential type to manage the OIDC dance. In addition to the client and tenant id of the service principal you plan to authenticate with, we also need the "service connection id" (this is the ID of the object created in Azure Pipelines that contains the connection information) and the system access token which is the security token for the running build (it's what is used to authenticate to the OIDC endpoint that is being run inside the pipeline which we use to fetch the federated credential). The client and tenant ids can be provided on the command line, via the existing --client-id and --tenant-id switches, or, when azure-pipelines is the federated-credential-provider, they can be read from the AZURESUBSCRIPTION_CLIENT_ID and AZURESUBSCRIPTION_TEANT_ID system environment varaibles. The service connection ID and acceess token are read from the AZURESUBSCRIPTION_SERVICE_CONNECTION_ID and SYSTEM_ACCESSTOKEN environment variaibles.

These system environment variables correspond to what the AzureCLI@2 sets when passing the azureSubscription parameter (after translating the service connection name to a service connection ID, which is handy) allowing something like this to work:

- task: AzureCLI@2
  inputs:
    azureSubscription: azconnection
    scriptType: bash
    scriptLocation: inlineScript
    inlineScript: |
      azd auth login --federated-credential-provider "azure-pipelines"
      azd up

Note that while the AzureCLI task is used above, it's only used for setting these environment variables and doing the service connection name to id translation. You could do something like the following instead:

- bash: |
    azd auth login --federated-credential-provider "azure-pipelines"
    azd up
  env:
    AZURE_SUBSCRIPTION_CLIENT_ID: "Your Client ID"
    AZURE_SUBSCRIPTION_TENANT_ID: "Your Tenant ID"
    AZURE_SUBSCRIPTION_SERVICE_CONNECTION_ID: "Your Service Connection ID"
    SYSTEM_ACCESSTOKEN: $(System.AccessToken)

And things will work as well. This can be useful in cases where you can use the AzureCLI@2 task directly.

We can consider writing our own task as some point as well.

Contributes To #4341

ellismg
ellismg commented Sep 18, 2024
View reviewed changes
cli/azd/cmd/auth_login.go Outdated Show resolved Hide resolved
cli/azd/pkg/auth/manager.go Outdated Show resolved Hide resolved
eng/pipelines/templates/steps/azd-login.yml Outdated Show resolved Hide resolved
@ellismg ellismg force-pushed the ellismg/support-azure-pipelines-auth branch 4 times, most recently from 6d6aec1 to f22a1ca Compare September 18, 2024 23:29
vhvb1989
vhvb1989 reviewed Sep 19, 2024
View reviewed changes
cli/azd/cmd/auth_login.go Outdated Show resolved Hide resolved
@ellismg ellismg force-pushed the ellismg/support-azure-pipelines-auth branch 2 times, most recently from 0a257b5 to 2ee5a78 Compare September 20, 2024 21:55
@jongio jongio changed the title WIP: Support ODIC in Azure Pipelines WIP: Support OIDC in Azure Pipelines Sep 23, 2024
@vhvb1989 vhvb1989 mentioned this pull request Sep 26, 2024
Open
@ellismg ellismg force-pushed the ellismg/support-azure-pipelines-auth branch 2 times, most recently from cd2961b to 5a7e72d Compare October 7, 2024 22:13
@ellismg ellismg force-pushed the ellismg/support-azure-pipelines-auth branch from 5a7e72d to f1d9cdc Compare October 14, 2024 19:44
@danieljurek danieljurek mentioned this pull request Nov 4, 2024
Draft
@ellismg ellismg force-pushed the ellismg/support-azure-pipelines-auth branch from 62a7919 to 1a25a0e Compare November 5, 2024 02:29
@ellismg ellismg changed the title WIP: Support OIDC in Azure Pipelines auth: Support azure-pipelines for --federated-credential-provider Nov 5, 2024
@ellismg ellismg marked this pull request as ready for review November 5, 2024 21:01
vhvb1989
vhvb1989 approved these changes Nov 5, 2024
View reviewed changes
cli/azd/cmd/auth_login.go Outdated Show resolved Hide resolved
cli/azd/pkg/auth/manager.go Outdated Show resolved Hide resolved
cli/azd/pkg/auth/manager.go Outdated Show resolved Hide resolved
@ellismg
auth: Support azure-pipelines for --federated-credential-provider
0c1313e 
This change adds `azure-pipelines` as a supported value for the
`--federated-credential-provider` switch of `azd auth login`. This
provider can be used to do OIDC based login within the context of a
job running in Azure Pipelines.

When using this provider, `azd` uses the `AzurePipelinesCredential`
type to manage the OIDC dance. In addition to the client and tenant id
of the service principal you plan to authenticate with, we also need
the "service connection id" (this is the ID of the object created in
Azure Pipelines that contains the connection information) and the
system access token which is the security token for the running build
(it's what is used to authenticate to the OIDC endpoint that is being
run inside the pipeline which we use to fetch the federated
credential).  The client and tenant ids can be provided on the command
line, via the existing `--client-id` and `--tenant-id` switches, or,
when `azure-pipelines` is the `federated-credential-provider`, they
can be read from the `AZURESUBSCRIPTION_CLIENT_ID` and
`AZURESUBSCRIPTION_TEANT_ID` system environment varaibles.  The
service connection ID and acceess token are read from the
`AZURESUBSCRIPTION_SERVICE_CONNECTION_ID` and `SYSTEM_ACCESSTOKEN`
environment variaibles.

These system environment variables correspond to what the `AzureCLI@2`
sets when passing the `azureSubscription` parameter (after translating
the service connection name to a service connection ID, which is
handy) allowing something like this to work:

```yaml
- task: AzureCLI@2
  inputs:
    azureSubscription: azconnection
    scriptType: bash
    scriptLocation: inlineScript
    inlineScript: |
      azd auth login --federated-credential-provider "azure-pipelines"
      azd up
```

Note that while the AzureCLI task is used above, it's only used for
setting these environment variables and doing the service connection
name to id translation.  You could do something like the following
instead:

```yaml
- bash: |
    azd auth login --federated-credential-provider "azure-pipelines"
    azd up
  env:
    AZURE_SUBSCRIPTION_CLIENT_ID: "Your Client ID"
    AZURE_SUBSCRIPTION_TENANT_ID: "Your Tenant ID"
    AZURE_SUBSCRIPTION_SERVICE_CONNECTION_ID: "Your Service Connection ID"
    SYSTEM_ACCESSTOKEN: $(System.AccessToken)
```

And things will work as well. This can be useful in cases where you
can use the `AzureCLI@2` task directly.

We can consider writing our own task as some point as well.

Contributes To Azure#4341
@ellismg ellismg force-pushed the ellismg/support-azure-pipelines-auth branch from 1a25a0e to 0c1313e Compare November 6, 2024 00:33
@azure-sdk
Copy link
Collaborator

Azure Dev CLI Install Instructions

Install scripts

MacOS/Linux

May elevate using sudo on some platforms and configurations

bash:

curl -fsSL https://azuresdkreleasepreview.blob.core.windows.net/azd/standalone/pr/4343/uninstall-azd.sh | bash;
curl -fsSL https://azuresdkreleasepreview.blob.core.windows.net/azd/standalone/pr/4343/install-azd.sh | bash -s -- --base-url https://azuresdkreleasepreview.blob.core.windows.net/azd/standalone/pr/4343 --version '' --verbose --skip-verify

pwsh:

Invoke-RestMethod 'https://azuresdkreleasepreview.blob.core.windows.net/azd/standalone/pr/4343/uninstall-azd.ps1' -OutFile uninstall-azd.ps1; ./uninstall-azd.ps1
Invoke-RestMethod 'https://azuresdkreleasepreview.blob.core.windows.net/azd/standalone/pr/4343/install-azd.ps1' -OutFile install-azd.ps1; ./install-azd.ps1 -BaseUrl 'https://azuresdkreleasepreview.blob.core.windows.net/azd/standalone/pr/4343' -Version '' -SkipVerify -Verbose

Windows

PowerShell install

powershell -c "Set-ExecutionPolicy Bypass Process; irm 'https://azuresdkreleasepreview.blob.core.windows.net/azd/standalone/pr/4343/uninstall-azd.ps1' > uninstall-azd.ps1; ./uninstall-azd.ps1;"
powershell -c "Set-ExecutionPolicy Bypass Process; irm 'https://azuresdkreleasepreview.blob.core.windows.net/azd/standalone/pr/4343/install-azd.ps1' > install-azd.ps1; ./install-azd.ps1 -BaseUrl 'https://azuresdkreleasepreview.blob.core.windows.net/azd/standalone/pr/4343' -Version '' -SkipVerify -Verbose;"

MSI install

powershell -c "irm 'https://azuresdkreleasepreview.blob.core.windows.net/azd/standalone/pr/4343/azd-windows-amd64.msi' -OutFile azd-windows-amd64.msi; msiexec /i azd-windows-amd64.msi /qn"

Standalone Binary

MSI

Documentation

learn.microsoft.com documentation

title: Azure Developer CLI reference
description: This article explains the syntax and parameters for the various Azure Developer CLI commands.
author: alexwolfmsft
ms.author: alexwolf
ms.date: 11/06/2024
ms.service: azure-dev-cli
ms.topic: conceptual
ms.custom: devx-track-azdevcli

Azure Developer CLI reference

This article explains the syntax and parameters for the various Azure Developer CLI commands.

azd

The Azure Developer CLI (azd) is an open-source tool that helps onboard and manage your application on Azure

Options

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --docs         Opens the documentation for azd in your web browser.
  -h, --help         Gets help for azd.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

  • azd auth: Authenticate with Azure.
  • azd config: Manage azd configurations (ex: default Azure subscription, location).
  • azd deploy: Deploy the application's code to Azure.
  • azd down: Delete Azure resources for an application.
  • azd env: Manage environments.
  • azd hooks: Develop, test and run hooks for an application. (Beta)
  • azd init: Initialize a new application.
  • azd monitor: Monitor a deployed application. (Beta)
  • azd package: Packages the application's code to be deployed to Azure. (Beta)
  • azd pipeline: Manage and configure your deployment pipelines. (Beta)
  • azd provision: Provision the Azure resources for an application.
  • azd restore: Restores the application's dependencies. (Beta)
  • azd show: Display information about your app and its resources.
  • azd template: Find and view template details. (Beta)
  • azd up: Provision Azure resources, and deploy your project with a single command.
  • azd version: Print the version number of Azure Developer CLI.

azd auth

Authenticate with Azure.

Options

      --docs   Opens the documentation for azd auth in your web browser.
  -h, --help   Gets help for auth.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd auth login

Log in to Azure.

Synopsis

Log in to Azure.

When run without any arguments, log in interactively using a browser. To log in using a device code, pass
--use-device-code.

To log in as a service principal, pass --client-id and --tenant-id as well as one of: --client-secret,
--client-certificate, or --federated-credential-provider.

To log in using a managed identity, pass --managed-identity, which will use the system assigned managed identity.
To use a user assigned managed identity, pass --client-id in addition to --managed-identity with the client id of
the user assigned managed identity you wish to use.

azd auth login [flags]

Options

      --check-status                           Checks the log-in status instead of logging in.
      --client-certificate string              The path to the client certificate for the service principal to authenticate with.
      --client-id string                       The client id for the service principal to authenticate with.
      --client-secret string                   The client secret for the service principal to authenticate with. Set to the empty string to read the value from the console.
      --docs                                   Opens the documentation for azd auth login in your web browser.
      --federated-credential-provider string   The provider to use to acquire a federated token to authenticate with.
  -h, --help                                   Gets help for login.
      --managed-identity                       Use a managed identity to authenticate.
      --redirect-port int                      Choose the port to be used as part of the redirect URI during interactive login.
      --tenant-id string                       The tenant id or domain name to authenticate with.
      --use-device-code[=true]                 When true, log in by using a device code instead of a browser.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd auth logout

Log out of Azure.

Synopsis

Log out of Azure

azd auth logout [flags]

Options

      --docs   Opens the documentation for azd auth logout in your web browser.
  -h, --help   Gets help for logout.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd config

Manage azd configurations (ex: default Azure subscription, location).

Synopsis

Manage the Azure Developer CLI user configuration, which includes your default Azure subscription and location.

Available since azure-dev-cli_0.4.0-beta.1.

The easiest way to configure azd for the first time is to run azd init. The subscription and location you select will be stored in the config.json file located in the config directory. To configure azd anytime afterwards, you'll use azd config set.

The default value of the config directory is:

  • $HOME/.azd on Linux and macOS
  • %USERPROFILE%.azd on Windows

The configuration directory can be overridden by specifying a path in the AZD_CONFIG_DIR environment variable.

Options

      --docs   Opens the documentation for azd config in your web browser.
  -h, --help   Gets help for config.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd config get

Gets a configuration.

Synopsis

Gets a configuration in the configuration path.

The default value of the config directory is:

  • $HOME/.azd on Linux and macOS
  • %USERPROFILE%\.azd on Windows

The configuration directory can be overridden by specifying a path in the AZD_CONFIG_DIR environment variable.

azd config get <path> [flags]

Options

      --docs   Opens the documentation for azd config get in your web browser.
  -h, --help   Gets help for get.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd config list-alpha

Display the list of available features in alpha stage.

azd config list-alpha [flags]

Options

      --docs   Opens the documentation for azd config list-alpha in your web browser.
  -h, --help   Gets help for list-alpha.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd config reset

Resets configuration to default.

Synopsis

Resets all configuration in the configuration path.

The default value of the config directory is:

  • $HOME/.azd on Linux and macOS
  • %USERPROFILE%\.azd on Windows

The configuration directory can be overridden by specifying a path in the AZD_CONFIG_DIR environment variable to the default.

azd config reset [flags]

Options

      --docs    Opens the documentation for azd config reset in your web browser.
  -f, --force   Force reset without confirmation.
  -h, --help    Gets help for reset.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd config set

Sets a configuration.

Synopsis

Sets a configuration in the configuration path.

The default value of the config directory is:

  • $HOME/.azd on Linux and macOS
  • %USERPROFILE%\.azd on Windows

The configuration directory can be overridden by specifying a path in the AZD_CONFIG_DIR environment variable.

azd config set <path> <value> [flags]

Examples

azd config set defaults.subscription <yourSubscriptionID>
azd config set defaults.location eastus

Options

      --docs   Opens the documentation for azd config set in your web browser.
  -h, --help   Gets help for set.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd config show

Show all the configuration values.

Synopsis

Show all configuration values in the configuration path.

The default value of the config directory is:

  • $HOME/.azd on Linux and macOS
  • %USERPROFILE%\.azd on Windows

The configuration directory can be overridden by specifying a path in the AZD_CONFIG_DIR environment variable.

azd config show [flags]

Options

      --docs   Opens the documentation for azd config show in your web browser.
  -h, --help   Gets help for show.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd config unset

Unsets a configuration.

Synopsis

Removes a configuration in the configuration path.

The default value of the config directory is:

  • $HOME/.azd on Linux and macOS
  • %USERPROFILE%\.azd on Windows

The configuration directory can be overridden by specifying a path in the AZD_CONFIG_DIR environment variable.

azd config unset <path> [flags]

Examples

azd config unset defaults.location

Options

      --docs   Opens the documentation for azd config unset in your web browser.
  -h, --help   Gets help for unset.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd deploy

Deploy the application's code to Azure.

azd deploy <service> [flags]

Options

      --all                   Deploys all services that are listed in azure.yaml
      --docs                  Opens the documentation for azd deploy in your web browser.
  -e, --environment string    The name of the environment to use.
      --from-package string   Deploys the application from an existing package.
  -h, --help                  Gets help for deploy.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd down

Delete Azure resources for an application.

azd down [flags]

Options

      --docs                 Opens the documentation for azd down in your web browser.
  -e, --environment string   The name of the environment to use.
      --force                Does not require confirmation before it deletes resources.
  -h, --help                 Gets help for down.
      --purge                Does not require confirmation before it permanently deletes resources that are soft-deleted by default (for example, key vaults).

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd env

Manage environments.

Options

      --docs   Opens the documentation for azd env in your web browser.
  -h, --help   Gets help for env.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd env get-value

Get specific environment value.

azd env get-value <keyName> [flags]

Options

      --docs                 Opens the documentation for azd env get-value in your web browser.
  -e, --environment string   The name of the environment to use.
  -h, --help                 Gets help for get-value.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd env get-values

Get all environment values.

azd env get-values [flags]

Options

      --docs                 Opens the documentation for azd env get-values in your web browser.
  -e, --environment string   The name of the environment to use.
  -h, --help                 Gets help for get-values.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd env list

List environments.

azd env list [flags]

Options

      --docs   Opens the documentation for azd env list in your web browser.
  -h, --help   Gets help for list.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd env new

Create a new environment and set it as the default.

azd env new <environment> [flags]

Options

      --docs                  Opens the documentation for azd env new in your web browser.
  -h, --help                  Gets help for new.
  -l, --location string       Azure location for the new environment
      --subscription string   Name or ID of an Azure subscription to use for the new environment

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd env refresh

Refresh environment settings by using information from a previous infrastructure provision.

azd env refresh <environment> [flags]

Options

      --docs                 Opens the documentation for azd env refresh in your web browser.
  -e, --environment string   The name of the environment to use.
  -h, --help                 Gets help for refresh.
      --hint string          Hint to help identify the environment to refresh

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd env select

Set the default environment.

azd env select <environment> [flags]

Options

      --docs   Opens the documentation for azd env select in your web browser.
  -h, --help   Gets help for select.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd env set

Manage your environment settings.

azd env set <key> <value> [flags]

Options

      --docs                 Opens the documentation for azd env set in your web browser.
  -e, --environment string   The name of the environment to use.
  -h, --help                 Gets help for set.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd hooks

Develop, test and run hooks for an application. (Beta)

Options

      --docs   Opens the documentation for azd hooks in your web browser.
  -h, --help   Gets help for hooks.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd hooks run

Runs the specified hook for the project and services

azd hooks run <name> [flags]

Options

      --docs                 Opens the documentation for azd hooks run in your web browser.
  -e, --environment string   The name of the environment to use.
  -h, --help                 Gets help for run.
      --platform string      Forces hooks to run for the specified platform.
      --service string       Only runs hooks for the specified service.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd init

Initialize a new application.

azd init [flags]

Options

  -b, --branch string         The template branch to initialize from. Must be used with a template argument (--template or -t).
      --docs                  Opens the documentation for azd init in your web browser.
  -e, --environment string    The name of the environment to use.
  -f, --filter strings        The tag(s) used to filter template results. Supports comma-separated values.
      --from-code             Initializes a new application from your existing code.
  -h, --help                  Gets help for init.
  -l, --location string       Azure location for the new environment
  -s, --subscription string   Name or ID of an Azure subscription to use for the new environment
  -t, --template string       Initializes a new application from a template. You can use Full URI, <owner>/<repository>, or <repository> if it's part of the azure-samples organization.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd monitor

Monitor a deployed application. (Beta)

azd monitor [flags]

Options

      --docs                 Opens the documentation for azd monitor in your web browser.
  -e, --environment string   The name of the environment to use.
  -h, --help                 Gets help for monitor.
      --live                 Open a browser to Application Insights Live Metrics. Live Metrics is currently not supported for Python apps.
      --logs                 Open a browser to Application Insights Logs.
      --overview             Open a browser to Application Insights Overview Dashboard.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd package

Packages the application's code to be deployed to Azure. (Beta)

azd package <service> [flags]

Options

      --all                  Packages all services that are listed in azure.yaml
      --docs                 Opens the documentation for azd package in your web browser.
  -e, --environment string   The name of the environment to use.
  -h, --help                 Gets help for package.
      --output-path string   File or folder path where the generated packages will be saved.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd pipeline

Manage and configure your deployment pipelines. (Beta)

Options

      --docs   Opens the documentation for azd pipeline in your web browser.
  -h, --help   Gets help for pipeline.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd pipeline config

Configure your deployment pipeline to connect securely to Azure. (Beta)

azd pipeline config [flags]

Options

  -m, --applicationServiceManagementReference string   Service Management Reference. References application or service contact information from a Service or Asset Management database. This value must be a Universally Unique Identifier (UUID). You can set this value globally by running azd config set pipeline.config.applicationServiceManagementReference <UUID>.
      --auth-type string                               The authentication type used between the pipeline provider and Azure for deployment (Only valid for GitHub provider). Valid values: federated, client-credentials.
      --docs                                           Opens the documentation for azd pipeline config in your web browser.
  -e, --environment string                             The name of the environment to use.
  -h, --help                                           Gets help for config.
      --principal-id string                            The client id of the service principal to use to grant access to Azure resources as part of the pipeline.
      --principal-name string                          The name of the service principal to use to grant access to Azure resources as part of the pipeline.
      --principal-role stringArray                     The roles to assign to the service principal. By default the service principal will be granted the Contributor and User Access Administrator roles. (default [Contributor,User Access Administrator])
      --provider string                                The pipeline provider to use (github for Github Actions and azdo for Azure Pipelines).
      --remote-name string                             The name of the git remote to configure the pipeline to run on. (default "origin")

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd provision

Provision the Azure resources for an application.

azd provision [flags]

Options

      --docs                 Opens the documentation for azd provision in your web browser.
  -e, --environment string   The name of the environment to use.
  -h, --help                 Gets help for provision.
      --no-state             Do not use latest Deployment State (bicep only).
      --preview              Preview changes to Azure resources.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd restore

Restores the application's dependencies. (Beta)

azd restore <service> [flags]

Options

      --all                  Restores all services that are listed in azure.yaml
      --docs                 Opens the documentation for azd restore in your web browser.
  -e, --environment string   The name of the environment to use.
  -h, --help                 Gets help for restore.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd show

Display information about your app and its resources.

azd show [flags]

Options

      --docs                 Opens the documentation for azd show in your web browser.
  -e, --environment string   The name of the environment to use.
  -h, --help                 Gets help for show.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd template

Find and view template details. (Beta)

Options

      --docs   Opens the documentation for azd template in your web browser.
  -h, --help   Gets help for template.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd template list

Show list of sample azd templates. (Beta)

azd template list [flags]

Options

      --docs             Opens the documentation for azd template list in your web browser.
  -f, --filter strings   The tag(s) used to filter template results. Supports comma-separated values.
  -h, --help             Gets help for list.
  -s, --source string    Filters templates by source.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd template show

Show details for a given template. (Beta)

azd template show <template> [flags]

Options

      --docs   Opens the documentation for azd template show in your web browser.
  -h, --help   Gets help for show.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd template source

View and manage template sources. (Beta)

Options

      --docs   Opens the documentation for azd template source in your web browser.
  -h, --help   Gets help for source.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd template source add

Adds an azd template source with the specified key. (Beta)

Synopsis

The key can be any value that uniquely identifies the template source, with well-known values being:
・default: Default templates
・awesome-azd: Templates from https://aka.ms/awesome-azd

azd template source add <key> [flags]

Options

      --docs              Opens the documentation for azd template source add in your web browser.
  -h, --help              Gets help for add.
  -l, --location string   Location of the template source. Required when using type flag.
  -n, --name string       Display name of the template source.
  -t, --type string       Kind of the template source. Supported types are 'file', 'url' and 'gh'.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd template source list

Lists the configured azd template sources. (Beta)

azd template source list [flags]

Options

      --docs   Opens the documentation for azd template source list in your web browser.
  -h, --help   Gets help for list.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd template source remove

Removes the specified azd template source (Beta)

azd template source remove <key> [flags]

Options

      --docs   Opens the documentation for azd template source remove in your web browser.
  -h, --help   Gets help for remove.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd up

Provision Azure resources, and deploy your project with a single command.

azd up [flags]

Options

      --docs                 Opens the documentation for azd up in your web browser.
  -e, --environment string   The name of the environment to use.
  -h, --help                 Gets help for up.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

azd version

Print the version number of Azure Developer CLI.

azd version [flags]

Options

      --docs   Opens the documentation for azd version in your web browser.
  -h, --help   Gets help for version.

Options inherited from parent commands

  -C, --cwd string   Sets the current working directory.
      --debug        Enables debugging and diagnostics logging.
      --no-prompt    Accepts the default value instead of prompting, or it fails if there is no default.

See also

@ellismg ellismg merged commit a1ee872 into Azure:main Nov 6, 2024
39 checks passed
ellismg added a commit to ellismg/azure-dev that referenced this pull request Nov 6, 2024
@ellismg
ci: Use TME via OIDC in build-cli
3bcf025 
Now that `azd` supports OIDC in Azure Pipelines via Azure#4343, let's use
it in the `build-cli` leg of CI. Since we now use OIDC, we can also
migrate to the TME environment for the resources created during our
tests, by using the new `azd-service-connection` service connection.
ellismg added a commit to ellismg/azure-dev that referenced this pull request Nov 6, 2024
@ellismg
ci: Use TME via OIDC in build-cli
808045f 
Now that `azd` supports OIDC in Azure Pipelines via Azure#4343, let's use
it in the `build-cli` leg of CI. Since we now use OIDC, we can also
migrate to the TME environment for the resources created during our
tests, by using the new `azd-service-connection` service connection.

Contributes To Azure#4341
@ellismg ellismg mentioned this pull request Nov 6, 2024
Draft
ellismg added a commit to ellismg/azure-dev that referenced this pull request Nov 7, 2024
@ellismg
ci: Use TME via OIDC in build-cli
4763189 
Now that `azd` supports OIDC in Azure Pipelines via Azure#4343, let's use
it in the `build-cli` leg of CI. Since we now use OIDC, we can also
migrate to the TME environment for the resources created during our
tests, by using the new `azd-service-connection` service connection.

Contributes To Azure#4341
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@weshaggard weshaggard weshaggard left review comments

@weikanglim weikanglim weikanglim left review comments

@danieljurek danieljurek danieljurek left review comments

@vhvb1989 vhvb1989 vhvb1989 approved these changes

@wbreza wbreza Awaiting requested review from wbreza wbreza is a code owner

@hemarina hemarina Awaiting requested review from hemarina hemarina is a code owner

Assignees

@ellismg ellismg

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ellismg @azure-sdk @danieljurek @weikanglim @weshaggard @vhvb1989