Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Azure US Government #215

Merged
merged 1 commit into from
Aug 21, 2023
Merged

Add support for Azure US Government #215

merged 1 commit into from
Aug 21, 2023

Conversation

mpatalon
Copy link
Contributor

@mpatalon mpatalon commented Aug 21, 2023
edited
Loading

Currently the azure-credentials-plugin and azure-keyvault-plugin do not support Azure US Government environment.
Any try ends up with "AADSTS900382: Confidential Client is not supported in Cross Cloud" error.

The fix is required in the following plugins:

  • azure-credentials-plugin
  • azure-keyvault-plugin

Changes

Setting authorityHost on ClientSecretCredentialBuilder object.
The authorityHost is taken from azureCredential.

Related issues

Testing done

There is no automated test for this specific scenario.

Manual test

This change was manually tested with conjunction with fix for azure-keyvault-plugin.

Prerequisites
Scenario
  • Add Azure Service Principal credential as GLOBAL, e.g. test-azure-us-gov-service-principal,
  • configure Azure Key Vault Plugin in Manage Jenkins => System:
    • set Key Vault URL,
    • set Credential ID to test-azure-us-gov-service-principal,
  • click Test Connection and make sure that there is no error and message like "Success, found (n) secrets in the vault" appeared,
  • make sure that the Azure Key Vault Secret has beed added to Jenkins Azure Credentials,
  • create testing Jenkins Pipeline which reads the secret, e.g. 
          def secrets = [
          [ secretType: 'Secret', name: 'my-test-secret', envVariable: 'SECRET' ]
      ]
      withAzureKeyvault(secrets) {
          sh('echo ${SECRET}')
      }
  • run the pipeline and make sure the secret has been read.

Submitter checklist
Preview Give feedback

@mpatalon mpatalon mentioned this pull request Aug 21, 2023
Merged
@timja timja added the bug label Aug 21, 2023
@timja timja changed the title Fix for Azure US Government Key Vault issue [jenkinsci/azure-keyvault-plugin#66] Add support for Azure US Government Aug 21, 2023
timja
timja approved these changes Aug 21, 2023
View reviewed changes
Copy link
Member

@timja timja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

(untested)

@timja timja merged commit bd50614 into jenkinsci:master Aug 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@timja timja timja approved these changes

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mpatalon @timja