Azure dynamic host catalogs
Boundary uses dynamic host catalogs to automatically discover Azure resources available through Azure Resource Manager (ARM) and add them as hosts.
Create a host catalog to connect with Azure
Boundary uses plugins to integrate with a variety of providers. To use a
dynamic host catalog to integrate with Azure, you create a host catalog of the
plugin
type and set the plugin-name
value to azure
. You must also provide the
specific fields needed for Boundary to authenticate with Azure.
$ boundary host-catalogs create plugin \ -scope-id $PROJECT_ID \ -plugin-name azure \ -attr disable_credential_rotation=true \ -attr tenant_id=env://ARM_TENANT_ID \ -attr subscription_id=env://ARM_SUBSCRIPTION_ID \ -attr client_id=env://ARM_CLIENT_ID \ -secret secret_value=env://ARM_CLIENT_SECRET
The scope-id
and plugin-name
fields are required when you create a
dynamic host catalog.
The fields following the attr
and secret
flags are specific to Azure and are required by
Boundary for authentication.
disable_credential_rotation
: When set totrue
, Boundary will not rotate the credentials automatically.tenant_id
: The ARM Tenant(Directory) IDsubscription_id
: The ARM Subscription IDclient_id
: The ARM Client (Application) IDsecret_value
: The ARM Client Secret
Refer to the domain model documentation for additional fields that you can use when you create host catalogs.
Create a host set to connect with Azure
Host sets specify which Azure Resource Manager (ARM) filters should be used to identify the discovered hosts that should be added as members.
Create a host set using the following command:
$ boundary host-sets create plugin \ -name database \ -host-catalog-id $HOST_CATALOG_ID \ -attr filter="tagName eq 'service-type' and tagValue eq 'database'"
The host-catalog-id
value is a required field that specifies in which host catalog to
create this host set.
The fields following the attr
flag are specific to Azure.
The filter
field represents the ARM filter used to select resources that should be a part of
this host set. There are some limitations with the filtering syntax.
Specifically, when you use tags, other types of filters (such as on resource
type) are not allowed. As a result, it is generally useful to filter
directly on tag names or values as in the following examples:
- `tagName eq 'application'`- `tagName eq 'application' and tagValue eq 'app2'`
Refer to the domain model documentation for additional fields that you can use when you create host catalogs.