Azure flexible federated identity using app registrations to assist with wildcard branch setup

It is a common frustration because we need to federate our app registration credential everytime we are trying to create a branch and do a build. Now we have Azure Flexible federated credential enabled for only App Registrations.  

Let's say you an existing app registration we can federate it easily using the following command:- 


az rest --method post --url https://graph.microsoft.com/beta/applications/your-app-registration-client-id/federatedIdentityCredentials --body "{'name': 'FlexFic1', 'issuer': 'https://token.actions.githubusercontent.com', 'audiences': ['api://AzureADTokenExchange'],'claimsMatchingExpression': {'value': 'claims[\'sub\'] matches \'  repo:kepungnzai/dot-net-gw:ref:refs/heads/*\'','languageVersion': 1}}"

 This will create the necessary federated credentials as shown here:- 


And in your pipeline 

 name: 'Login to Azure'
        uses: azure/login@v3
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

After trigger the pipeline you will see the following 

Run azure/login@v3
Running Azure CLI Login.
/usr/bin/az cloud set -n azurecloud
Done setting cloud: "azurecloud"
Federated token details:
subject claim - repo:kepungnzai/dot-net-gw:ref:refs/heads/main
audience - api://AzureADTokenExchange

In case you run into this error, please ensure you have grant necessary permission to your target subscription 

Error: No subscriptions found for ***.








Comments

Post a Comment

Popular posts from this blog

mongosh install properly

To install mongosh property on ubuntu 24.04, we need to wget -qO- https://www.mongodb.org/static/pgp/server-8.0.asc | sudo tee /etc/apt/trusted.gpg.d/server-8.0.asc Then run  echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.list Next we will run  sudo apt-get update And then finally install it using  sudo apt-get install -y mongodb-mongosh To verify if it is running we run  mongosh --version
Read more

NodeJS: Error: spawn EINVAL in window for node version 20.20 and 18.20

Encounter this issue when running autorest (that uses nodejs).  I am using node version:  v18.20.2 After i revert to use node v18.12.0, then i was able to get my app to run without this error. Since i am working with Azure devops yaml, i was able to use the following to resolve my issue.  - task : NodeTool@0   inputs :     versionSource : 'spec'     versionSpec : '18.18.0'
Read more

vllm : Failed to infer device type

Trying to run vllm without gpu will typicaly lands you into this issue. To resolve this issue: we can use set these both. Setting one does not work for me. So i had to configure both settings below:- 1.  environment variable CUDA_VISIBLE_DEVICES = "" 2. in the command line, change to use device cpu and remove  tensor-parallel-size. For example, python3 -m vllm.entrypoints.openai.api_server --port 8080 --model deepseek-ai/DeepSeek-R1 --device cpu --trust-remote-code --max-model-len 4096" References https://docs.vllm.ai/en/latest/getting_started/troubleshooting.html#failed-to-infer-device-type
Read more