Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[enhancement]: support unattended configuration with a service principal #4641

Closed
afeld opened this issue Feb 8, 2024 · 6 comments
Closed

[enhancement]: support unattended configuration with a service principal #4641

afeld opened this issue Feb 8, 2024 · 6 comments
Labels
Area: Agent enhancement stale

Comments

@afeld
Copy link

afeld commented Feb 8, 2024

Describe your feature request here

The ./config.sh doesn't seem to have flags to allow use of a service principal - more details in https://github.com/MicrosoftDocs/azure-devops-docs/issues/13864#issuecomment-1928675057. Thanks!
@DenisRumyantsev
Copy link
Contributor

@afeld thanks for reporting this. We will check if we can add a new flag to the config.

@Bjego
Copy link

Bjego commented Mar 15, 2024

Just had the same issue. We do have a pat based version running in docker and kubernetes. But to reduce complexity it would be great to add the missing flags.

@rafasc
Copy link

rafasc commented Mar 15, 2024
edited
Loading

I looked at the agent code and the service principal support exists but is not well documented.
You can use --auth SP, --clientid, --tenantid and --clientsecret.

azure-pipelines-agent/src/Microsoft.VisualStudio.Services.Agent/Constants.cs

Line 249 in 57947b0

public static readonly string ServicePrincipal = "SP";

azure-pipelines-agent/src/Microsoft.VisualStudio.Services.Agent/Constants.cs

Lines 140 to 141 in 57947b0

public const string ClientId = "clientid";
public const string TenantId = "tenantid";

azure-pipelines-agent/src/Microsoft.VisualStudio.Services.Agent/Constants.cs

Line 149 in 57947b0

public const string ClientSecret = "clientsecret";

It also honors their respective environment variables:

VSTS_AGENT_INPUT_AUTH=sp
VSTS_AGENT_INPUT_CLIENTSECRET=...
VSTS_AGENT_INPUT_CLIENTID=...
VSTS_AGENT_INPUT_TENANTID=...

using the mechanism described in https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/v2-linux-agent?view=azure-devops#unattended-config

@github-actions GitHub Actions
Copy link

This issue has had no activity in 180 days. Please comment if it is not actually stale

@github-actions github-actions bot added the stale label Sep 11, 2024
@afeld
Copy link
Author

afeld commented Oct 18, 2024

Hey, sorry for the slow response. You were correct about those different flags, but it took a while for me to get the whole thing working. Updated the docs with what I found: MicrosoftDocs/azure-devops-docs#14154 Thanks for the help!

@afeld
Copy link
Author

afeld commented Oct 18, 2024

Oops, I should have said explicitly: --auth SP worked! For the Docker use case, a token was needed for getting the agent package list (in start.sh), so ended up passing that in as the PAT. Misleading that it's not a "personal" token, but it works.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: Agent enhancement stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@afeld @rafasc @Bjego @DenisRumyantsev