Added text to point out two device auth

8 years ago · 8a3e599cad
parent a54fcc9efe
commit 8a3e599cad
2 changed files with 4 additions and 1 deletions
--- a/builder/azure/arm/builder.go
+++ b/builder/azure/arm/builder.go
@ -378,10 +378,12 @@ func (b *Builder) getServicePrincipalTokens(say func(string)) (*adal.ServicePrin
 	var err error

 	if b.config.useDeviceLogin {
+		say("Getting auth token for Service management endpoint")
 		servicePrincipalToken, err = packerAzureCommon.Authenticate(*b.config.cloudEnvironment, b.config.TenantID, say, b.config.cloudEnvironment.ServiceManagementEndpoint)
 		if err != nil {
 			return nil, nil, err
 		}
+		say("Getting token for Vault resource")
 		servicePrincipalTokenVault, err = packerAzureCommon.Authenticate(*b.config.cloudEnvironment, b.config.TenantID, say, strings.TrimRight(b.config.cloudEnvironment.KeyVaultEndpoint, "/"))
 		if err != nil {
 			return nil, nil, err
--- a/website/source/docs/builders/azure-setup.html.md
+++ b/website/source/docs/builders/azure-setup.html.md
@ -46,7 +46,8 @@ There are three pieces of information you must provide to enable device login mo
 The device login flow asks that you open a web browser, navigate to <http://aka.ms/devicelogin>, and input the supplied
 code. This authorizes the Packer for Azure application to act on your behalf. An OAuth token will be created, and stored
 in the user's home directory (~/.azure/packer/oauth-TenantID.json). This token is used if the token file exists, and it
-is refreshed as necessary. The token file prevents the need to continually execute the device login flow.
+is refreshed as necessary. The token file prevents the need to continually execute the device login flow. Packer will ask
+for two device login auth, one for service management endpoint and another for accessing temp keyvault secrets that it creates.

 ## Install the Azure CLI