From 329f6eb57103446ec94227fdfc3d1e93320dd316 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 28 Oct 2024 07:04:57 -0500 Subject: [PATCH] DRIVERS-2415 Use a certfile for Azure OIDC login --- .evergreen/auth_oidc/azure/create-and-setup-vm.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.evergreen/auth_oidc/azure/create-and-setup-vm.sh b/.evergreen/auth_oidc/azure/create-and-setup-vm.sh index 295fa260..900a8f7b 100755 --- a/.evergreen/auth_oidc/azure/create-and-setup-vm.sh +++ b/.evergreen/auth_oidc/azure/create-and-setup-vm.sh @@ -17,6 +17,7 @@ pushd $SCRIPT_DIR # Set defaults. export AZUREKMS_PUBLICKEYPATH="$SCRIPT_DIR/keyfile.pub" export AZUREKMS_PRIVATEKEYPATH="$SCRIPT_DIR/keyfile" +export AZUREKMS_CERTFILE="$SCRIPT_DIR/cert.pem" export AZUREKMS_VMNAME_PREFIX=$AZUREOIDC_VMNAME_PREFIX export AZUREOIDC_ENVPATH="$SCRIPT_DIR/env.sh" export AZUREKMS_IMAGE=${AZUREOIDC_IMAGE:-"Debian:debian-11:11:0.20221020.1174"} @@ -27,8 +28,12 @@ if [ ! -f ./secrets-export.sh ]; then fi source ./secrets-export.sh +echo "${AZUREOIDC_CERT}" | base64 --decode > $AZUREKMS_CERTFILE +# Set 600 permissions on cert file. Otherwise ssh / scp may error with permissions "are too open". +chmod 600 $AZUREKMS_CERTFILE + export AZUREKMS_TENANTID=$AZUREOIDC_TENANTID -export AZUREKMS_SECRET=$AZUREOIDC_SECRET +export AZUREKMS_SECRET=$AZUREKMS_CERTFILE export AZUREKMS_CLIENTID=$AZUREOIDC_APPID # Login.