-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support az ad app permission admin-consent being called by a service principal #10403
Comments
Agreed, this single limitation is stopping our automation of the advanced networking features in AKS cluster deployments through automated pipelines... it always has to have a human in the loop for just this one step. |
Thank you for raising this feature request. We will look into it. |
This is also blocking CI/CD for rolling out new Azure Functions w/ RBAC |
I got the same problem to automate AkS creation using terraform |
I've been making a huge push to begin leveraging AKS as the container platform of choice for my organization. Unfortunately, this issue is going to delay or possibly prevent the adoption of AKS entirely. We need to be able to have end-to-end automation for provisioning and configuring AKS. Can this issue be worked around in any way, such as making calls against the REST API? |
We are unable to automate the AAD integration with our AKS cluster due to this limitation. |
Same here. Blocks CI/CD for us with automatic nightly builds/tests |
Duplicate of #12137 Granting Delegated Permission and Application Permission called by a Service Principal is now supported using Microsoft Graph API with Please check #12137 (comment) for more information. |
Want this feature too to automate using pipelines. |
FYI it is now possible to grant consent through the REST API -See here. |
@sam-cogan I saw this blog post and this is only for Delegate permissions. It was the application permissions I wanted to automate the grants for. With the new permissions of AppRoleAssignment.ReadWrite.All available, it is now possible to do AppRoles as well as Oauth2Permissions. I have put together a github project https://github.com/pmatthews05/CFAppOnlyGrantPermissions with the instructions in the readme.md file. I will get round to writing a blog post within the next week to explain the code. |
Hi @pmatthews05,
We do support granting Application Permissions with |
Is your feature request related to a problem? Please describe.
Based on the discussion here I understand it is not possible to have a service principal run the az ad app permission admin-consent CLI command. This is a major blocker to being able to fully automate AKS deployments that use Azure AD integration, as the apps you create for this need consent.
Describe the solution you'd like
Service Principals able to run the az ad app permission admin-consent command
Describe alternatives you've considered
The only current workaround is to run a deployment as a user, which is no good for automated CI/CD
Additional context
The text was updated successfully, but these errors were encountered: