Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: No data in Secret of application #155

Closed
1 task done
lennprog opened this issue Sep 19, 2024 · 1 comment
Closed
1 task done

[Bug]: No data in Secret of application #155

lennprog opened this issue Sep 19, 2024 · 1 comment
Labels
bug Something isn't working needs:triage

Comments

@lennprog
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Affected Resource(s)

applications.azuread.upbound.io/v1beta1

Resource MRs required to reproduce the bug

azuread provider version 1.4.1

crossplane version v1.14.9

kubernetes version v1.29.7

application:

apiVersion: applications.azuread.upbound.io/v1beta1
kind: Application
metadata:
  name: application
  annotations:
    argocd.argoproj.io/compare-options: IgnoreExtraneous
  labels:
    testing.upbound.io/example-name: example
spec:
  providerConfigRef:
    name: default
  forProvider:
    displayName: application
    requiredResourceAccess:
      - resourceAccess:
          - id: "64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0"
            type: "Scope"
          - id: "7427e0e9-2fba-42fe-b0c0-848c9e6a8182"
            type: "Scope"
          - id: "37f7f235-527c-4136-accd-4a02d197296e"
            type: "Scope"
          - id: "14dad69e-099b-42c9-810b-d002981feec1"
            type: "Scope"
          - id: "e1fe6dd8-ba31-4d61-89e7-88639da4683d"
            type: "Scope"
        resourceAppId: 00000003-0000-0000-c000-000000000000
    web:
      - redirectUris: 
         - https://<redirect-uri>.com
  writeConnectionSecretToRef:
    name: application-secret
    namespace: default

Steps to Reproduce

deploy ressource

What happened?

I get an empty secret.

NAME TYPE DATA AGE
application-secret connection.crossplane.io/v1alpha1 0 6h33m

apiVersion: v1
kind: Secret
metadata:
  creationTimestamp: "2024-09-19T08:08:10Z"
  name: application-secret
  namespace: default
  ownerReferences:
  - apiVersion: applications.azuread.upbound.io/v1beta1
    blockOwnerDeletion: true
    controller: true
    kind: Application
    name: application
    uid: <uid>
  resourceVersion: "422431951"
  uid: <uid>
type: connection.crossplane.io/v1alpha1

Relevant Error Output Snippet

no errors in provider pod or application

Crossplane Version

1.14.9

Provider Version

1.4.1

Kubernetes Version

v1.29.7

Kubernetes Distribution

AKS

Additional Info

No response
@lennprog lennprog added bug Something isn't working needs:triage labels Sep 19, 2024
@lennprog
Copy link
Author

Never Mind I found out you need to create a service principal and a password too. Maybe someone could link the terraform documentation in the readme, it helps a lot to understand how to use this provider.

Just in case someone stumbles upon this im providing a minimal example how to provision an authentication app with a secret. The secret is then in the connection secret of the password ressource (base64 encoded).

azure-app.yaml

apiVersion: applications.azuread.upbound.io/v1beta1
kind: Application
metadata:
  name: application
  labels:
    testing.upbound.io/example-name: example
spec:
  providerConfigRef:
    name: default
  forProvider:
    displayName: application
    requiredResourceAccess:
      - resourceAccess:
          - id: "64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0"
            type: "Scope"
          - id: "7427e0e9-2fba-42fe-b0c0-848c9e6a8182"
            type: "Scope"
          - id: "37f7f235-527c-4136-accd-4a02d197296e"
            type: "Scope"
          - id: "14dad69e-099b-42c9-810b-d002981feec1"
            type: "Scope"
          - id: "e1fe6dd8-ba31-4d61-89e7-88639da4683d"
            type: "Scope"
        resourceAppId: <resourceappid>
    web:
      - redirectUris: 
        - <uri>
  writeConnectionSecretToRef:
    name: application-secret
    namespace: default

azure-service-pricipal.yaml

apiVersion: serviceprincipals.azuread.upbound.io/v1beta1
kind: Principal
metadata:
  annotations:
    meta.upbound.io/example-id: serviceprincipals/v1beta1/tokensigningcertificate
  labels:
    testing.upbound.io/example-name: example
  name: example
spec:
  forProvider:
    appRoleAssignmentRequired: false
    applicationIdSelector:
      matchLabels:
        testing.upbound.io/example-name: example
  writeConnectionSecretToRef:
    name: application-secret-sp
    namespace: default

azure-password.yaml

apiVersion: applications.azuread.upbound.io/v1beta1
kind: Password
metadata:
  annotations:
    meta.upbound.io/example-id: applications/v1beta1/password
  labels:
    testing.upbound.io/example-name: example
  name: example
spec:
  forProvider:
    applicationObjectIdSelector:
      matchLabels:
        testing.upbound.io/example-name: example
  writeConnectionSecretToRef:
    name: application-secret-pw
    namespace: default

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs:triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lennprog