CloudQuery Azure multi-subscriptions authentication support inquiry

Hi Team,

Will CloudQuery support Azure multi-subscriptions for authentication and retrieving results?

Like this:

az login --service-principal --client-id <ClientID> --client-secret <ClientSecret> --tenant <TenantID> --subscriptions <SubscriptionID1> <SubscriptionID2>

Can you please let me know if there are any possibilities and how to do that if possible?

Hi Ravi,

Yes, this is possible. You can use the subscriptions config setting to specify the subscriptions you want to sync, or leave it empty to fetch all subscriptions. You can read more about the options here.

Hi Herman,

Is this the right format to specify multiple subscriptions in the source file? Please refer to the dummy example. If not, could you provide the correct format? There is no mention in the documentation of how to specify multiple subscriptions except for subscriptions[], which does not help.

spec: subscriptions["98290b46-21ca-4bc5-ade8-c56076tfc5d80","089c3ft1b-6kk8-47a6-bdgf-0653aa776csfr"]

What about the authentication part? The following command is not working:

az login -s --client-id <ClientID> --client-secret <ClientSecret> --tenant <TenantID> --subscriptions <SubscriptionID1> <SubscriptionID2>

I have the service principal ready and it is assigned to both of my subscriptions, but how can I authenticate with that? Could you please provide some examples? That would really help me.

Hi @inspired-monkfish

spec:
  subscriptions: ["98290b46-21ca-4bc5-ade8-c56076tfc5d80", "089c3ft1b-6kk8-47a6-bdgf-0653aa776csfr"]

is the right way to configure it. However, it should not be needed as if you have auth set up correctly, CloudQuery will discover all subscriptions available to the authenticated account.

What are you expecting

az login -s --client-id <ClientID> --client-secret <ClientSecret> --tenant <TenantID> --subscriptions <SubscriptionID1> <SubscriptionID2>

to do? I haven’t seen references to some of these arguments (like --subscriptions) when you do az login --help.

The best way to work with the Azure source plugin is to create a service principal. See https://hub.cloudquery.io/plugins/source/cloudquery/azure/v11.4.4/docs?search=az#overview-authentication-with-environment-variables.

Thank you for the help.