Setting up Azure and GCP credentials for Spacelift Intent»

Azure credentials»

Get your tenant id.

    $ az account show --query 'tenantId'`
    "<YOUR-TENANT-ID>"

Get your subscription id.

  $ az account subscription list --query '[].{name:displayName,id:id}'
    [ ... , { "id": "<YOUR-SUBSCRIPTION-ID>", "name": "..." }, ... ]

Optionally, create a role (role.json).

    {
      "Name": "example-role”,
      "IsCustom": true,
      "Description": "example-role",
      "Actions": [
        "Microsoft.Resources/subscriptions/<ACTIONS…>"
      ],
      "NotActions": [],
      "DataActions": [],
      "NotDataActions": [],
      "AssignableScopes": [
        "/subscriptions/<YOUR-SUBSCRIPTION-ID>"
      ]
    }

    $ az role definition create --role-definition role.json

Create a service principal.

    $ az ad sp create-for-rbac --name "example-name" --role "example-role" --scopes "/subscriptions/<YOUR-SUBSCRIPTION-ID>"
    {
    "appId": "<YOUR-CLIENT-ID>",
    "displayName": "example-name",
    "password": "<YOUR-CLIENT-PASSWORD>",
    "tenant": "<YOUR-TENANT-ID>"
    }

Get client id and client password from above and setup env vars.

  ARM_CLIENT_ID="<YOUR-CLIENT-ID>"
  ARM_CLIENT_SECRET="<YOUR-CLIENT-PASSWORD>"
  ARM_TENANT_ID="<YOUR-TENANT-ID>"
  ARM_SUBSCRIPTION_ID="<YOUR-SUBSCRIPTION-ID>"

Azure environment setup

Google credentials»

Configuring Google credentials for Intent follows the same steps as setting up GCP for Spacelift, with only a slight change to the file paths for spacelift.oidc and gcp.json.

Spacelift docs on GCP

When setting up the OIDC file location, use /app/spacelift.oidc instead of /mnt/workspace/spacelift.oidc.
When setting up the JSON configuration, use /app/spacelift.oidc as well.
At the end we need:
- GOOGLE_APPLICATION_CREDENTIALS=<pointing-to-JSON-configuration-file>.
- GOOGLE_PROJECT=<project name> (optional).
- gcp.json (JSON configuration file).
- spacelift.oidc will be automatically mounted.

GCP env configuration