Merge pull request #185810 from ntrogh/alt-github

PMEds28 · web-flow · commit 37ff18b9a674 · 2022-01-23T10:12:39.000Z
Restructured CI/CD authentication section
diff --git a/articles/load-testing/tutorial-cicd-github-actions.md b/articles/load-testing/tutorial-cicd-github-actions.md
@@ -56,11 +56,17 @@ The sample application's source repo includes an Apache JMeter script named *Sam
 
 ## Set up GitHub access permissions for Azure
 
-The GitHub Actions workflow needs to authenticate with Azure to access Azure resources. In the sample application, you use the [Azure Login](https://github.com/Azure/login) action and an Azure Active Directory service principal to authenticate with Azure.
+To grant GitHub Actions access to your Azure Load Testing resource, perform the following steps:
 
-In this section, you'll configure your GitHub repository to have permissions to access your Azure load testing resource:
+1. Create a service principal that has the permissions to access Azure Load Testing.
+1. Configure a GitHub secret with the service principal information.
+1. Authenticate with Azure using [Azure Login](https://github.com/Azure/login).
 
-1. Run the following Azure CLI command to create a service principal and assign the Contributor role:
+### Create a service principal
+
+First, you'll create an Azure Active Directory [service principal](/azure/active-directory/develop/app-objects-and-service-principals#service-principal-object) and grant it the permissions to access your Azure Load Testing resource.
+
+1. Run the following Azure CLI command to create a service principal and assign the *Contributor* role:
 
     ```azurecli
     az ad sp create-for-rbac --name "my-load-test-cicd" --role contributor \
@@ -70,50 +76,56 @@ In this section, you'll configure your GitHub repository to have permissions to
 
     In the previous command, replace the placeholder text `<subscription-id>` with the Azure subscription ID of your Azure Load Testing resource.
 
-    The outcome of the Azure CLI command is the following JSON string, which you'll add to your GitHub secrets in a later step:
+    > [!NOTE]
+    > Azure Login supports multiple ways to authenticate with Azure. For other authentication options, see the [Azure and GitHub integration site](/azure/developer/github).
+
+    The output is the role assignment credentials that provide access to your resource. The command should output a JSON object similar to this.
 
     ```json
     {
-      "clientId": "<my-client-id>",
-      "clientSecret": "<my-client-secret>",
-      "subscriptionId": "<my-subscription-id>",
-      "tenantId": "<my-tenant-id>",
+      "clientId": "<GUID>",
+      "clientSecret": "<GUID>",
+      "subscriptionId": "<GUID>",
+      "tenantId": "<GUID>",
       (...)
     }
     ```
 
-    > [!NOTE]
-    > Azure Login supports multiple ways to authenticate with Azure. For other authentication options, see the [Azure and GitHub integration site](/azure/developer/github).
-
-1. Go to your forked GitHub repository for the sample application.
-
-    You'll add a GitHub secret to your repository for the service principal you created in the previous step. The Azure Login action uses this secret to authenticate with Azure.
+1. Copy this JSON object, which you can use to authenticate from GitHub.
 
-1. Add a new secret to your GitHub repository by selecting **Settings** > **Secrets** > **New repository secret**.
-
-    :::image type="content" source="./media/tutorial-cicd-github-actions/github-new-secret.png" alt-text="Screenshot that shows selections for adding a new repository secret to your GitHub repo.":::
-
-1. Enter **AZURE_CREDENTIALS** for **Name**, paste the JSON response from the Azure CLI for **Value**, and then select **Add secret**.
-
-    :::image type="content" source="./media/tutorial-cicd-github-actions/github-new-secret-details.png" alt-text="Screenshot that shows the details of the new GitHub repository secret.":::
-
-1. To authorize the service principal to access the Azure Load Testing service, assign the Load Test Contributor role to the service principal. 
+1. Grant permissions to the service principal to create and run tests with Azure Load Testing. The Load Test Contributor role grants permissions to create, manage and run tests in an Azure Load Testing resource.
 
     First, retrieve the ID of the service principal object by running this Azure CLI command:
 
     ```azurecli
     az ad sp list --filter "displayname eq 'my-load-test-cicd'" -o table
     ```
 
-    Next, assign the Load Test Contributor role to the service principal. Replace the placeholder text `<sp-object-id>` with the `ObjectId` value from the previous Azure CLI command. Also, replace `<subscription-name-or-id>` with your Azure subscription ID.
+    Next, run the following Azure CLI command to assign the *Load Test Contributor* role to the service principal.
 
     ```azurecli
     az role assignment create --assignee "<sp-object-id>" \
         --role "Load Test Contributor" \
-        --subscription "<subscription-name-or-id>"
+        --subscription "<subscription-id>"
     ```
+    
+    In the previous command, replace the placeholder text `<sp-object-id>` with the `ObjectId` value from the previous Azure CLI command. Also, replace `<subscription-id>` with your Azure subscription ID.
+
+### Configure the GitHub secret
 
-You can now use the `AZURE_CREDENTIALS` secret with the Azure Login action in your CI/CD workflow. The following code snippet describes how this works for the sample application:
+You'll add a GitHub secret to your repository for the service principal you created in the previous step. The Azure Login action uses this secret to authenticate with Azure.
+
+1. In [GitHub](https://github.com), browse to your forked repository, select **Settings** > **Secrets** > **New repository secret**.
+
+    :::image type="content" source="./media/tutorial-cicd-github-actions/github-new-secret.png" alt-text="Screenshot that shows selections for adding a new repository secret to your GitHub repo.":::
+
+1. Paste the JSON role assignment credentials that you copied previously, as the value of secret variable *AZURE_CREDENTIALS*.
+
+    :::image type="content" source="./media/tutorial-cicd-github-actions/github-new-secret-details.png" alt-text="Screenshot that shows the details of the new GitHub repository secret.":::
+
+### Authenticate with Azure 
+
+You can now use the `AZURE_CREDENTIALS` secret with the Azure Login action in your CI/CD workflow. The *workflow.yml* file in the sample application already has the necessary configuration:
 
 ```yml
 jobs:
@@ -134,6 +146,8 @@ jobs:
           creds: ${{ secrets.AZURE_CREDENTIALS }}
 ```
 
+You've now authenticated with Azure from the GitHub. You'll now configure the CI/CD workflow to run a load test by using Azure Load Testing.
+
 ## Configure the GitHub Actions workflow to run a load test
 
 In this section, you'll set up a GitHub Actions workflow that triggers the load test. The sample application repository contains a workflow file *SampleApp.yaml*. The workflow first deploys the sample web application to Azure App Service, and then invokes the load test by using the [Azure Load Testing Action](https://github.com/marketplace/actions/azure-load-testing). The GitHub action uses an environment variable to pass the URL of the web application to the Apache JMeter script.
