From 7ceda6a0b2918722bda7efa5ffa93ec3cb453269 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 28 Jan 2025 03:57:17 +0000 Subject: [PATCH] More documentation fixes --- .../{documentation-20241218.yaml => added-20241218.yaml} | 2 +- docs/index.md | 3 +-- templates/index.md.tmpl | 9 ++++----- 3 files changed, 6 insertions(+), 8 deletions(-) rename .changes/unreleased/{documentation-20241218.yaml => added-20241218.yaml} (87%) diff --git a/.changes/unreleased/documentation-20241218.yaml b/.changes/unreleased/added-20241218.yaml similarity index 87% rename from .changes/unreleased/documentation-20241218.yaml rename to .changes/unreleased/added-20241218.yaml index 0d439d3c2..56c176d1b 100644 --- a/.changes/unreleased/documentation-20241218.yaml +++ b/.changes/unreleased/added-20241218.yaml @@ -1,4 +1,4 @@ -kind: documentation +kind: added body: Added Managed identity and Workload Identity Federation authentication time: 2024-12-18T08:58:50.826689481Z custom: diff --git a/docs/index.md b/docs/index.md index a960a6b6a..a024dfc4e 100644 --- a/docs/index.md +++ b/docs/index.md @@ -179,7 +179,7 @@ The Power Platform provider can use [Azure DevOps Workload Identity Federation]( 1. Create an [App Registration](guides/app_registration.md) or a [User-Managed Identity](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview). This resource will be used to manage the identity federation with Azure DevOps. 1. Register the App Registration or Managed Identity with the Power Platform. This task can be performed using [the provider itself](/resources/admin_management_application.md) or [PowerShell](https://learn.microsoft.com/en-us/power-platform/admin/powershell-create-service-principal). 1. [Complete the service connection configuration in Azure and Azure DevOps](https://learn.microsoft.com/en-us/azure/devops/pipelines/release/configure-workload-identity?view=azure-devops&tabs=managed-identity). Note that Azure DevOps may automatically generate the federated credential in Azure, depending on your permissions and Azure Subscription configuration. -1. Configure the provider to use Workload Identity Federation. This authentication option also requires values to be set in the ARM_OIDC_REQUEST_TOKEN and POWER_PLATFORM_AZDO_SERVICE_CONNECTION_ID environment variables, which should be configured in the AzDO pipeline itself. Note that this example sets some of the required properties in the provider configuration, but the whole configuration could also be performed using just environment variables. +1. Configure the provider to use Azure DevOps Workload Identity Federation. This authentication option also requires values to be set in the ARM_OIDC_REQUEST_TOKEN and POWER_PLATFORM_AZDO_SERVICE_CONNECTION_ID environment variables, which should be configured in the AzDO pipeline itself. Note that this example sets some of the required properties in the provider configuration, but the whole configuration could also be performed using just environment variables. ```terraform provider "powerplatform" { @@ -203,7 +203,6 @@ We recommend using Environment Variables to pass the credentials to the provider | `POWER_PLATFORM_USE_MSI` | if set to `true` then Managed Identity authentication will be used | | | `POWER_PLATFORM_CLIENT_CERTIFICATE` | The Base64 format of your certificate that will be used for certificate-based authentication | | | `POWER_PLATFORM_CLIENT_CERTIFICATE_FILE_PATH` | The path to the certificate that will be used for certificate-based authentication | | -| `POWER_PLATFORM_CLIENT_CERTIFICATE_PASSWORD` | Password for the provider certificate | | | `POWER_PLATFORM_AZDO_SERVICE_CONNECTION_ID` | The GUID of the Azure DevOps service connection to be used for Azure DevOps Workload Identity Federation | | -> Variables passed into the provider will override the environment variables. diff --git a/templates/index.md.tmpl b/templates/index.md.tmpl index bef9522f5..3e16c0c89 100644 --- a/templates/index.md.tmpl +++ b/templates/index.md.tmpl @@ -148,7 +148,7 @@ The Power Platform provider can use a [Managed Identity](https://learn.microsoft #### System-Managed Identity 1. [Enable system-managed identity on an Azure resource](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview) -1. [Register the managed identity with the Power Platform](https://learn.microsoft.com/en-us/power-platform/admin/powershell-create-service-principal) using the Application ID from the enterprise application for the system-managed identity resource. +1. Register the managed identity with the Power Platform using the Application ID from the enterprise application for the system-managed identity resource. This task can be performed using either [the Power Platform Terraform Provider itself](https://registry.terraform.io/providers/microsoft/power-platform/latest/docs/resources/admin_management_application), or [PowerShell]([Register the managed identity with the Power Platform](https://learn.microsoft.com/en-us/power-platform/admin/powershell-create-service-principal). 1. Configure the provider to use the system-managed identity. Note that no Client ID is required as the Client ID is derived from the Azure resource running the provider. ```terraform @@ -160,7 +160,7 @@ The Power Platform provider can use a [Managed Identity](https://learn.microsoft #### User-Managed Identity 1. [Create a User-Managed Identity resource](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview) -1. [Register the Managed Identity with the Power Platform](https://learn.microsoft.com/en-us/power-platform/admin/powershell-create-service-principal) using the Client ID from the user-managed identity resource. +1. Register the managed identity with the Power Platform using the Application ID from the enterprise application for the system-managed identity resource. This task can be performed using either [the Power Platform Terraform Provider itself](https://registry.terraform.io/providers/microsoft/power-platform/latest/docs/resources/admin_management_application), or [PowerShell]([Register the managed identity with the Power Platform](https://learn.microsoft.com/en-us/power-platform/admin/powershell-create-service-principal). 1. Configure the provider to use the System-Managed Identity. Note that this example sets the Client ID in the provider configuration, but it could also be set using the POWER_PLATFORM_CLIENT_ID environment variable. ```terraform @@ -179,7 +179,7 @@ The Power Platform provider can use [Azure DevOps Workload Identity Federation]( 1. Create an [App Registration](guides/app_registration.md) or a [User-Managed Identity](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview). This resource will be used to manage the identity federation with Azure DevOps. 1. Register the App Registration or Managed Identity with the Power Platform. This task can be performed using [the provider itself](/resources/admin_management_application.md) or [PowerShell](https://learn.microsoft.com/en-us/power-platform/admin/powershell-create-service-principal). 1. [Complete the service connection configuration in Azure and Azure DevOps](https://learn.microsoft.com/en-us/azure/devops/pipelines/release/configure-workload-identity?view=azure-devops&tabs=managed-identity). Note that Azure DevOps may automatically generate the federated credential in Azure, depending on your permissions and Azure Subscription configuration. -1. Configure the provider to use Workload Identity Federation. This authentication option also requires values to be set in the `ARM_OIDC_REQUEST_TOKEN` and `POWER_PLATFORM_AZDO_SERVICE_CONNECTION_ID` environment variables, which should be configured in the AzDO pipeline itself. Note that this example sets some of the required properties in the provider configuration, but the whole configuration could also be performed using just environment variables. +1. Configure the provider to use Azure DevOps Workload Identity Federation. This authentication option also requires values to be set in the ARM_OIDC_REQUEST_TOKEN and POWER_PLATFORM_AZDO_SERVICE_CONNECTION_ID environment variables, which should be configured in the AzDO pipeline itself. Note that this example sets some of the required properties in the provider configuration, but the whole configuration could also be performed using just environment variables. ```terraform provider "powerplatform" { @@ -203,8 +203,7 @@ We recommend using Environment Variables to pass the credentials to the provider | `POWER_PLATFORM_USE_MSI` | if set to `true` then Managed Identity authentication will be used | | | `POWER_PLATFORM_CLIENT_CERTIFICATE` | The Base64 format of your certificate that will be used for certificate-based authentication | | | `POWER_PLATFORM_CLIENT_CERTIFICATE_FILE_PATH` | The path to the certificate that will be used for certificate-based authentication | | -| `POWER_PLATFORM_CLIENT_CERTIFICATE_PASSWORD` | Password for the provider certificate | | -| `POWER_PLATFORM_AZDO_SERVICE_CONNECTION_ID` | The GUID of the Azure DevOps service connection to be used for Workload Identity Federation | | +| `POWER_PLATFORM_AZDO_SERVICE_CONNECTION_ID` | The GUID of the Azure DevOps service connection to be used for Azure DevOps Workload Identity Federation | | -> Variables passed into the provider will override the environment variables.