From 2791f7b253994ee3ec5b7007a5ab1216faa57621 Mon Sep 17 00:00:00 2001
From: Jonas-Taha El Sesiy <github@elsesiy.com>
Date: Fri, 2 Aug 2019 09:46:45 -0700
Subject: [PATCH] Update documentation on service principal creation

Since AzureCli 2.0.68 the --password flag is unsupported.
The script now allows for auto-generated passwords

Signed-off-by: Jonas-Taha El Sesiy <github@elsesiy.com>
---
 docs/tasks/issuers/setup-acme/dns01/azuredns.rst | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/docs/tasks/issuers/setup-acme/dns01/azuredns.rst b/docs/tasks/issuers/setup-acme/dns01/azuredns.rst
index 22698bf87..31140f422 100644
--- a/docs/tasks/issuers/setup-acme/dns01/azuredns.rst
+++ b/docs/tasks/issuers/setup-acme/dns01/azuredns.rst
@@ -6,17 +6,18 @@ Configuring the AzureDNS DNS-01 Challenge for a Kubernetes cluster requires crea
 
 For security purposes, it is appropriate to utilize RBAC to ensure that you properly maintain access control to your resources in Azure. The service principal that is generated by this tutorial has fine grained access to ONLY the DNS Zone in the specific resource group specified. It requires this permission so that it can read/write the _acme_challenge TXT records to the zone.
 
-To create the service principal:
+To create the service principal you can use the following script (requires ``azure-cli`` and ``jq``):
 
 .. code-block:: bash
   :linenos:
 
   AZURE_CERT_MANAGER_SP_NAME=SOME_SERVICE_PRINCIPAL_NAME
-  AZURE_CERT_MANAGER_SP_PASSWORD=SOME_PASSWORD
   AZURE_CERT_MANAGER_DNS_RESOURCE_GROUP=SOME_RESOURCE_GROUP
   AZURE_CERT_MANAGER_DNS_NAME=SOME_DNS_ZONE
 
-  AZURE_CERT_MANAGER_SP_APP_ID=$(az ad sp create-for-rbac --name $AZURE_CERT_MANAGER_SP_NAME --password $AZURE_CERT_MANAGER_SP_PASSWORD --query "appId" --output tsv)
+  DNS_SP=$(az ad sp create-for-rbac --name $AZURE_CERT_MANAGER_SP_NAME)
+  AZURE_CERT_MANAGER_SP_APP_ID=$(echo $DNS_SP | jq -r '.appId')
+  AZURE_CERT_MANAGER_SP_PASSWORD=$(echo $DNS_SP | jq -r '.password')
 
   # Lower the Permissions of the SP
   az role assignment delete --assignee $AZURE_CERT_MANAGER_SP_APP_ID --role Contributor
@@ -34,7 +35,8 @@ To create the service principal:
     --from-literal=CLIENT_SECRET=$AZURE_CERT_MANAGER_SP_PASSWORD
 
   # Get the Service Principal App ID for configuration
-  echo $AZURE_CERT_MANAGER_SP_APP_ID
+  echo "Principal: $AZURE_CERT_MANAGER_SP_APP_ID"
+  echo "Password: $AZURE_CERT_MANAGER_SP_PASSWORD"
 
 You can configure the issuer like so: