Merge pull request #1960 from elsesiy/feat/fix-azuredns-sp-script

Update documentation on service principal creation

docs/tasks/issuers/setup-acme/dns01/azuredns.rst

@@ -6,17 +6,18 @@ Configuring the AzureDNS DNS-01 Challenge for a Kubernetes cluster requires crea
 
 For security purposes, it is appropriate to utilize RBAC to ensure that you properly maintain access control to your resources in Azure. The service principal that is generated by this tutorial has fine grained access to ONLY the DNS Zone in the specific resource group specified. It requires this permission so that it can read/write the _acme_challenge TXT records to the zone.
 
-To create the service principal:
+To create the service principal you can use the following script (requires ``azure-cli`` and ``jq``):
 
 .. code-block:: bash
   :linenos:
 
   AZURE_CERT_MANAGER_SP_NAME=SOME_SERVICE_PRINCIPAL_NAME
-  AZURE_CERT_MANAGER_SP_PASSWORD=SOME_PASSWORD
   AZURE_CERT_MANAGER_DNS_RESOURCE_GROUP=SOME_RESOURCE_GROUP
   AZURE_CERT_MANAGER_DNS_NAME=SOME_DNS_ZONE
 
-  AZURE_CERT_MANAGER_SP_APP_ID=$(az ad sp create-for-rbac --name $AZURE_CERT_MANAGER_SP_NAME --password $AZURE_CERT_MANAGER_SP_PASSWORD --query "appId" --output tsv)
+  DNS_SP=$(az ad sp create-for-rbac --name $AZURE_CERT_MANAGER_SP_NAME)
+  AZURE_CERT_MANAGER_SP_APP_ID=$(echo $DNS_SP | jq -r '.appId')
+  AZURE_CERT_MANAGER_SP_PASSWORD=$(echo $DNS_SP | jq -r '.password')
 
   # Lower the Permissions of the SP
   az role assignment delete --assignee $AZURE_CERT_MANAGER_SP_APP_ID --role Contributor
@@ -34,7 +35,8 @@ To create the service principal:
     --from-literal=CLIENT_SECRET=$AZURE_CERT_MANAGER_SP_PASSWORD
 
   # Get the Service Principal App ID for configuration
-  echo $AZURE_CERT_MANAGER_SP_APP_ID
+  echo "Principal: $AZURE_CERT_MANAGER_SP_APP_ID"
+  echo "Password: $AZURE_CERT_MANAGER_SP_PASSWORD"
 
 You can configure the issuer like so: