[release/4.x] Cherry-pick: SNP CI: Login to az cli with VM's user-managed identity (#6123) (#6216)

eddyashton · web-flow · commit 5d165db4a36e · 2024-05-30T12:43:58.000+01:00
diff --git a/.azure-pipelines-templates/azure_cli.yml b/.azure-pipelines-templates/azure_cli.yml
@@ -2,10 +2,6 @@ steps:
   - script: |
       set -ex
       curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
-      # After the extension being in public preview, we can install the latest version automatically
-      # by `az extension update --name confcom`.
-      # But for now we need to manually manage the version. 
-      az extension add --name confcom -y
-      az login --service-principal -u ${{ parameters.app_id }} -p ${{ parameters.service_principal_password }} --tenant ${{ parameters.tenant }}
+      az login --identity -u "${{ parameters.managed_identity_id }}"
     name: setup_azure_cli
     displayName: "Install Azure CLI and login"
diff --git a/.azure-pipelines-templates/deploy_aci.yml b/.azure-pipelines-templates/deploy_aci.yml
@@ -43,9 +43,7 @@ jobs:
 
       - template: azure_cli.yml
         parameters:
-          app_id: $(CCF_SNP_CI_APP_ID)
-          service_principal_password: $(CCF_SNP_CI_SERVICE_PRINCIPAL_PASSWORD)
-          tenant: $(CCF_SNP_CI_TENANT)
+          managed_identity_id: $(CCF_SNP_CI_MANAGED_IDENTITY_ID)
 
       - script: |
           set -ex
@@ -89,13 +87,15 @@ jobs:
   - job: cleanup_aci
     displayName: "Cleanup ACI"
     pool:
-      vmImage: ubuntu-20.04
+      name: ado-virtual-ccf-sub # For access to managed identity
     dependsOn:
       - generate_ssh_key
       - deploy_primary_aci
       - ${{ parameters.used_by }}
     condition: always()
     variables:
+      Codeql.SkipTaskAutoInjection: true
+      skipComponentGovernanceDetection: true
       IpAddresses: $[ dependencies.deploy_primary_aci.outputs['deploy_primary_aci.ipAddresses'] ]
       sshKey: $[ dependencies.generate_ssh_key.outputs['generate_ssh_key.sshKey'] ]
     steps:
@@ -117,9 +117,7 @@ jobs:
 
       - template: azure_cli.yml
         parameters:
-          app_id: $(CCF_SNP_CI_APP_ID)
-          service_principal_password: $(CCF_SNP_CI_SERVICE_PRINCIPAL_PASSWORD)
-          tenant: $(CCF_SNP_CI_TENANT)
+          managed_identity_id: $(CCF_SNP_CI_MANAGED_IDENTITY_ID)
 
       - script: |
           set -ex
