Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document Azure service principal auth in snapshot/agent.mdx #21942

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

SuyashHashiCorp
Copy link

Starting from Consul v1.20.1+ent, Consul supports using Azure Blob Storage for the snapshot agent via Azure Service Principal ID and Secret authentication. I've successfully tested this configuration in my lab environment and have added the relevant parameters to this documentation for completeness.

Description

Testing & Reproduction steps

Links

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern

Starting from Consul v1.20.1+ent, Consul supports using Azure Blob Storage for the snapshot agent via Azure Service Principal  ID and Secret authentication. I've successfully tested this configuration in my lab environment and have added the relevant parameters to this documentation for completeness.
@SuyashHashiCorp SuyashHashiCorp requested a review from a team as a code owner November 14, 2024 11:15
Copy link

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Have you signed the CLA already but the status is still pending? Recheck it.

1 similar comment
Copy link

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Have you signed the CLA already but the status is still pending? Recheck it.

@github-actions github-actions bot added the type/docs Documentation needs to be created/updated/clarified label Nov 14, 2024
are AZURECHINACLOUD, AZUREGERMANCLOUD and AZUREUSGOVERNMENTCLOUD. Introduced in Consul 1.7.3.

~> These below options `azure-blob-service-principal-id`, `azure-blob-service-principal-secret`, and `azure-blob-tenant-id` are introduced in v1.20.1+ent.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
~> These below options `azure-blob-service-principal-id`, `azure-blob-service-principal-secret`, and `azure-blob-tenant-id` are introduced in v1.20.1+ent.
~> The following options were introduced in v1.20.1+ent.

are AZURECHINACLOUD, AZUREGERMANCLOUD and AZUREUSGOVERNMENTCLOUD. Introduced in Consul 1.7.3.

~> These below options `azure-blob-service-principal-id`, `azure-blob-service-principal-secret`, and `azure-blob-tenant-id` are introduced in v1.20.1+ent.

- `-azure-blob-service-principal-id` and `-azure-blob-service-principal-secret` - Use these parameters to authenticate using Service Principal (SPN) ID + Secret together.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- `-azure-blob-service-principal-id` and `-azure-blob-service-principal-secret` - Use these parameters to authenticate using Service Principal (SPN) ID + Secret together.
- `-azure-blob-service-principal-id` -
- `-azure-blob-service-principal-secret` -

These parameters should be listed and documented separately.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 to Blake's suggestion


- `-azure-blob-service-principal-id` and `-azure-blob-service-principal-secret` - Use these parameters to authenticate using Service Principal (SPN) ID + Secret together.

- `-azure-blob-tenant-id` - Required when using Service Principal ID and Secret.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- `-azure-blob-tenant-id` - Required when using Service Principal ID and Secret.
- `-azure-blob-tenant-id` - The ID of the tenant that owns the Azure blob.

It should be reworded to something similar that clearly describes the value that is required by this field.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Plus one to Blake's comment

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also: was -azure-blob-tenant-id introduced in v1.20.1+ent? It's a new attribute listing like the other two, but the break in the list makes it unclear whether it's meant to be included with the other two

@blake blake changed the title Update agent.mdx Update snapshot/agent.mdx Nov 15, 2024
Copy link
Contributor

@boruszak boruszak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blake's comments covered most of the style review - I added a few formatting notes ot implement as well

are AZURECHINACLOUD, AZUREGERMANCLOUD and AZUREUSGOVERNMENTCLOUD. Introduced in Consul 1.7.3.

~> These below options `azure-blob-service-principal-id`, `azure-blob-service-principal-secret`, and `azure-blob-tenant-id` are introduced in v1.20.1+ent.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
~> These below options `azure-blob-service-principal-id`, `azure-blob-service-principal-secret`, and `azure-blob-tenant-id` are introduced in v1.20.1+ent.
The following options were introduced in v1.20.1+ent.

In addition to Blake's suggestion, the callout should be dropped. Especially because the callout with a list inside it is likely to throw rendering errors

are AZURECHINACLOUD, AZUREGERMANCLOUD and AZUREUSGOVERNMENTCLOUD. Introduced in Consul 1.7.3.

~> These below options `azure-blob-service-principal-id`, `azure-blob-service-principal-secret`, and `azure-blob-tenant-id` are introduced in v1.20.1+ent.

- `-azure-blob-service-principal-id` and `-azure-blob-service-principal-secret` - Use these parameters to authenticate using Service Principal (SPN) ID + Secret together.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 to Blake's suggestion


- `-azure-blob-service-principal-id` and `-azure-blob-service-principal-secret` - Use these parameters to authenticate using Service Principal (SPN) ID + Secret together.

- `-azure-blob-tenant-id` - Required when using Service Principal ID and Secret.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Plus one to Blake's comment


- `-azure-blob-service-principal-id` and `-azure-blob-service-principal-secret` - Use these parameters to authenticate using Service Principal (SPN) ID + Secret together.

- `-azure-blob-tenant-id` - Required when using Service Principal ID and Secret.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also: was -azure-blob-tenant-id introduced in v1.20.1+ent? It's a new attribute listing like the other two, but the break in the list makes it unclear whether it's meant to be included with the other two

@boruszak boruszak added pr/no-changelog PR does not need a corresponding .changelog entry backport/1.20 Changes are backported to 1.20 labels Nov 19, 2024
@blake blake changed the title Update snapshot/agent.mdx Document Azure service principal auth in snapshot/agent.mdx Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport/1.20 Changes are backported to 1.20 pr/no-changelog PR does not need a corresponding .changelog entry type/docs Documentation needs to be created/updated/clarified
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants