Docs Packages
  1. Packages
  2. Azure Native
  3. How-to Guides
  4. Provisioning an OIDC Provider in Azure for Pulumi Cloud
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.39.0 published on Monday, Apr 29, 2024 by Pulumi
pulumi/pulumi-azure-native

Provisioning an OIDC Provider in Azure for Pulumi Cloud

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.39.0 published on Monday, Apr 29, 2024 by Pulumi
pulumi/pulumi-azure-native

    View Code

    This example will create OIDC configuration between Pulumi Cloud and Azure, specifically demonstrating connectivity with Pulumi ESC. The program automates the process detailed in the Azure documentation for the following activities:

    Prerequisites

    Running the Example

    Clone the examples repo and navigate to the folder for this example.

    git clone https://github.com/pulumi/examples.git
cd examples/azure-ts-oidc-provider-pulumi-cloud

    Next, to deploy the application and its infrastructure, follow these steps:

    1. Create a new stack, which is an isolated deployment target for this example:

      pulumi stack init dev

    2. Set your Pulumi ESC environment name and desired Azure region:

      pulumi config set environmentName <your-environment-name> # replace with your environment name
pulumi config set azure-native:location WestUS2 # any valid Azure region will work

    3. Install requirements.

      npm install

    4. Run pulumi up -y. Once the program completes, it will output a YAML template for you to use in the next step.

    Validating the OIDC Configuration

    This next section will walk you through validating your OIDC configuration using Pulumi ESC.

    1. Start by creating a new Pulumi ESC environment.
    2. Then, copy the template definition from the output in the CLI and paste it into your environment.
    3. Save your environment file and run the pulumi env open <your-pulumi-org>/<your-environment> command in the CLI. You should see output similar to the following:
    $ pulumi env open myOrg/myEnvironment
{
  "azure": {
    "login": {
      "clientId": "b537....",
      "oidc": {
        "token": "eyJh...."
      },
      "subscriptionId": "0282....",
      "tenantId": "7061...."
    }
  },
  "environmentVariables": {
    "ARM_CLIENT_ID": "b537....",
    "ARM_OIDC_TOKEN": "eyJh....",
    "ARM_SUBSCRIPTION_ID": "0282....",
    "ARM_TENANT_ID": "7061....",
    "ARM_USE_OIDC": "true"
  }
}

    If your identity provider does not offer an ID token directly but it does offer a way to exchange a local bearer token for an ID token, you will need to replace the ARM_OIDC_TOKEN environment variable with both of the following:

    • ARM_OIDC_REQUEST_TOKEN
    • ARM_OIDC_REQUEST_URL

    Clean-Up Resources

    Once you are done, you can destroy all of the resources as well as the stack:

    $ pulumi destroy
$ pulumi stack rm
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.39.0 published on Monday, Apr 29, 2024 by Pulumi
    pulumi/pulumi-azure-native