docs: update docs to use azure cli for federated identity credential (#…

…526) * docs: update docs to use azure cli for federated identity credential * docs: add note about local terminal or cloud shell * Update docs/book/src/topics/federated-identity-credential.md Co-authored-by: Anish Ramasekar <[email protected]> * Update docs/book/src/topics/federated-identity-credential.md Co-authored-by: Anish Ramasekar <[email protected]> Co-authored-by: Anish Ramasekar <[email protected]>
Azure · Aug 17, 2022 · 018b019 · 018b019
1 parent 8b88c06
commit 018b019
Showing 1 changed file with 7 additions and 8 deletions.
diff --git a/docs/book/src/topics/federated-identity-credential.md b/docs/book/src/topics/federated-identity-credential.md
@@ -41,14 +41,13 @@ azwi serviceaccount delete phase federated-identity \
 
 ## Azure CLI
 
-To create a federated identity credential, login to [Azure Cloud Shell][1] and run the following commands:
+A federated identity credential can also be created using the `az` CLI. This can either be done in a local terminal session, or using [Azure Cloud Shell][1]. Use the `az` CLI to run the following commands:
 
 ```bash
-# Get the client and object ID of the AAD application
-export APPLICATION_CLIENT_ID="$(az ad sp list --display-name "${APPLICATION_NAME}" --query '[0].appId' -otsv)"
-export APPLICATION_OBJECT_ID="$(az ad app show --id "${APPLICATION_CLIENT_ID}" --query id -otsv)"
+# Get the object ID of the AAD application
+export APPLICATION_OBJECT_ID="$(az ad app list --display-name "${APPLICATION_NAME}" --query '[0].id' -otsv)"
 
-cat <<EOF > body.json
+cat <<EOF > params.json
 {
   "name": "kubernetes-federated-identity",
   "issuer": "${SERVICE_ACCOUNT_ISSUER}",
@@ -60,19 +59,19 @@ cat <<EOF > body.json
 }
 EOF
 
-az rest --method POST --uri "https://graph.microsoft.com/beta/applications/${APPLICATION_OBJECT_ID}/federatedIdentityCredentials" --body @body.json
+az ad app federated-credential create --id $APPLICATION_OBJECT_ID --parameters params.json
 ```
 
 To delete a federated identity credential, the federated identity credential ID needs to be obtained with the following command:
 
 ```bash
-az rest --method GET --uri "https://graph.microsoft.com/beta/applications/${APPLICATION_OBJECT_ID}/federatedIdentityCredentials"
+az ad app federated-credential list --id "${APPLICATION_OBJECT_ID}"
 ```
 
 Select the desired ID of the federated identity credential and run the following command:
 
 ```bash
-az rest --method DELETE --uri "https://graph.microsoft.com/beta/applications/${APPLICATION_OBJECT_ID}/federatedIdentityCredentials/${FIC_ID}"
+az ad app federated-credential delete --federated-credential-id $FIC_ID --id $APPLICATION_OBJECT_ID
 ```
 
 ## Azure Portal UI