in pkg/providers/azure.go [251:288]
func (sc *SetUpCmd) createFederatedCredentials() error {
log.Debug("Creating federated credentials...")
fics := &[]string{
`{"name":"prfic","subject":"repo:%s:pull_request","issuer":"https://token.actions.githubusercontent.com","description":"pr","audiences":["api://AzureADTokenExchange"]}`,
`{"name":"mainfic","subject":"repo:%s:ref:refs/heads/main","issuer":"https://token.actions.githubusercontent.com","description":"main","audiences":["api://AzureADTokenExchange"]}`,
`{"name":"masterfic","subject":"repo:%s:ref:refs/heads/master","issuer":"https://token.actions.githubusercontent.com","description":"master","audiences":["api://AzureADTokenExchange"]}`,
}
uri := "https://graph.microsoft.com/beta/applications/%s/federatedIdentityCredentials"
for _, fic := range *fics {
createFicCmd := exec.Command("az", "rest", "--method", "POST", "--uri", fmt.Sprintf(uri, sc.appObjectId), "--body", fmt.Sprintf(fic, sc.Repo))
out, err := createFicCmd.CombinedOutput()
if err != nil {
log.Printf("%s\n", out)
return err
}
}
log.Debug("Waiting 10 seconds to allow credentials time to populate")
time.Sleep(10 * time.Second)
count := 0
// check to make sure credentials were created
// count to prevent infinite loop
for count < 10 {
if sc.hasFederatedCredentials() {
break
}
log.Debug("Credentials not yet created, retrying...")
count += 1
}
return nil
}