[JIRA] (JENKINS-56756) Jenkins Azure Credentials Plugin (Managed Service Identity)

2 views
Skip to first unread message

harmitrai@hotmail.com (JIRA)

unread,
Mar 26, 2019, 7:59:07 AM3/26/19
to jenkinsc...@googlegroups.com
Harmit Rai created an issue
 
Jenkins / Story JENKINS-56756
Jenkins Azure Credentials Plugin (Managed Service Identity)
Issue Type: Story Story
Assignee: Azure DevOps
Components: azure-credentials-plugin
Created: 2019-03-26 11:58
Priority: Blocker Blocker
Reporter: Harmit Rai

Hi, we are attempting to use the Azure Credentials Plugin but are struggling to find some documentation on how to call the Managed Service Identity plugin. We have used the ServicePrincipal plugin successfully in the past and are now looking at using MSI.

// Some comments here
pipeline {
    agent any
    stages {
        stage('Login') {
            steps {
                withCredentials([AzureMsiCredentials('AzureManagedServiceID')]) {
                    sh ''
                }
            }
        }
    }
}

Above is a snippet of how we are trying to use the plugin. Are you able to advise if this is correct?

From what we are seeing it doesnt appear if anything is exposed for Managed Service Identity.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

jieshe@microsoft.com (JIRA)

unread,
Mar 26, 2019, 9:38:04 PM3/26/19
to jenkinsc...@googlegroups.com
Jie Shen assigned an issue to Jie Shen
Change By: Jie Shen
Assignee: Azure DevOps Jie Shen

jieshe@microsoft.com (JIRA)

unread,
Mar 26, 2019, 9:40:02 PM3/26/19
to jenkinsc...@googlegroups.com
Jie Shen commented on Story JENKINS-56756
 
Re: Jenkins Azure Credentials Plugin (Managed Service Identity)

Hi Harmit Rai, unfortunately the plugin does not support binding Managed Service Identity in the build pipeline now.

harmitrai@hotmail.com (JIRA)

unread,
Mar 27, 2019, 5:14:02 AM3/27/19
to jenkinsc...@googlegroups.com

Jie Shen Will this be available at somepoint in the future? We are looking at using "User-assigned Managed Service Identity" within our pipeline.
We noticed on the dev branch of the Azure Credential Plugin repo that the "Managed Service Identity" feature had deprecated next to it. Is this something you are looking to make obsolete in the future?

jieshe@microsoft.com (JIRA)

unread,
Mar 27, 2019, 9:56:06 PM3/27/19
to jenkinsc...@googlegroups.com
Jie Shen commented on Story JENKINS-56756

Harmit Rai, what is your scenario to use "User-assigned Managed Service Identity" in your pipeline? Indeed, this type of credential is now mainly used by our other plugins to create resources. So we do not expose it in the pipeline. 

 

For the deprecated thing, it used to request token from localhost which is deprecated. So we change it to fetch the token from the IMDS endpoint, details at https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview#how-a-system-assigned-managed-identity-works-with-an-azure-vm . We will still support Managed Service Identity.

jieshe@microsoft.com (JIRA)

unread,
Jul 16, 2019, 1:34:03 AM7/16/19
to jenkinsc...@googlegroups.com
Jie Shen resolved as Won't Do
 

Close this issue for long time silence. If you still have any problems, please feel free to reopen it.
Change By: Jie Shen
Status: Open Resolved
Resolution: Won't Do
Reply all
Reply to author
Forward
0 new messages