diff --git a/README.md b/README.md index 3e5279140..5f5757b45 100644 --- a/README.md +++ b/README.md @@ -182,7 +182,7 @@ Plume release handles this as well, so it does not need to be run as part of the release process. ## Platform Credentials -Each platform reads the credentials it uses from different files. The `aws`, `do`, `esx` and `packet` +Each platform reads the credentials it uses from different files. The `aws`, `azure`, `do`, `esx` and `packet` platforms support selecting from multiple configured credentials, call "profiles". The examples below are for the "default" profile, but other profiles can be specified in the credentials files and selected via the `---profile` flag: @@ -214,7 +214,40 @@ sudo emerge --ask awscli ``` ### azure -TBD (FIXME) +`azure` uses `~/.azure/azureProfile.json`. This can be created using the `az` [command](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli): +``` +$ az login` +``` +It also requires that the environment variable `AZURE_AUTH_LOCATION` points to a JSON file. The JSON file will require a service provider active directory account to be created. + +Service accounts can be created via the `az` command: +``` +az ad sp create-for-rbac +``` + +The client secret can be created inside of the Azure portal when looking at the service provider account under the `Azure Active Directory` service on the `App registrations` tab. + +You can find your subscriptionId & tenantId in the `~/.azure/azureProfile.json` via: +``` +cat ~/.azure/azureProfile.json | jq '{subscriptionId: .subscriptions[].id, tenantId: .subscriptions[].tenantId}' +``` + +The JSON file exported to the variable `AZURE_AUTH_LOCATION` should be generated by hand and have the following contents: +``` +{ + "clientId": "", + "clientSecret": "", + "subscriptionId": "", + "tenantId": "", + "activeDirectoryEndpointUrl": "https://login.microsoftonline.com", + "resourceManagerEndpointUrl": "https://management.azure.com/", + "activeDirectoryGraphResourceId": "https://graph.windows.net/", + "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/", + "galleryEndpointUrl": "https://gallery.azure.com/", + "managementEndpointUrl": "https://management.core.windows.net/" +} + +``` ### do `do` uses `~/.config/digitalocean.json`. This can be configured manually: