Reputation: 313
I have a Pulumi Python code that creates some Azure resources. Insted of I user User Account to create resource, I created an Azure Service Principal with Powershell and authenticate with the below method:
pulumi config set azure-native:clientId <clientID>
pulumi config set azure-native:clientSecret <clientSecret> --secret
pulumi config set azure-native:tenantId <tenantID>
pulumi config set azure-native:subscriptionId <subscriptionID>
Now, I want to know Is it possible to create an Azure Service Principal with Pulumi and after that authenticate with Service Principal has been created? Other Question, Is it the true way?
Edit: As these documents Service Principal My code is:
import pulumi
from pulumi.output import Output
import pulumi_azure_native as azure_native
import pulumi_azuread as azuread
current = azuread.get_client_config()
example_application = azuread.Application("exampleApplication",
display_name="example",
owners=[current.object_id])
example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal",
application_id=example_application.application_id,
app_role_assignment_required=False,
owners=[current.object_id])
I received this error. Also I install with pip install pulumi-azuread
ModuleNotFoundError: No module named 'pulumi_azuread'
Upvotes: 0
Views: 528
Reputation: 3201
You certainly can, using the Service Principal resource as part of the Azure Active Directory Provider.
You'll need to define an application first, but in typescript it would look something like:
import * as azuread from "@pulumi/azuread";
const application = new azuread.Application(`application`, {
displayName: `application`,
});
const servicePrincipal = new azuread.ServicePrincipal(`servicePrincipal`, {
applicationId: application.applicationId,
});
Upvotes: 2