Docs: Azure auth example using metadata service (#6124)

There are probably better ways to massage this but I think it would be helpful to have something like this included
2019-01-30 13:13:39 -07:00 · 2019-01-30 13:13:39 -07:00 · 4363453017
parent ef43617efd
commit 4363453017
1 changed files with 10 additions and 0 deletions
--- a/website/source/docs/auth/azure.html.md
+++ b/website/source/docs/auth/azure.html.md
@ -58,6 +58,16 @@ $ vault write auth/azure/login \

 The `role` and `jwt` parameters are required. When using bound_service_principal_ids and bound_groups in the token roles, all the information is required in the JWT.  When using other bound_* parameters, calls to Azure APIs will be made and subscription id, resource group name, and vm name are all required and can be obtained through instance metadata.

+For example:
+
+```text
+$ vault write auth/azure/login role="dev-role" \
+     jwt="$(curl -s 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.hashicorp.com%2F' -H Metadata:true | jq -r '.access_token')" \
+     subscription_id=$(curl -s -H Metadata:true "http://169.254.169.254/metadata/instance?api-version=2017-08-01" | jq -r '.compute | .subscriptionId')  \
+     resource_group_name=$(curl -s -H Metadata:true "http://169.254.169.254/metadata/instance?api-version=2017-08-01" | jq -r '.compute | .resourceGroupName') \
+     vm_name=$(curl -s -H Metadata:true "http://169.254.169.254/metadata/instance?api-version=2017-08-01" | jq -r '.compute | .name')
+```
+
 ### Via the API

 The default endpoint is `auth/azure/login`. If this auth method was enabled