-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Azure Name Validation Docker Guide
This wiki provides comprehensive step-by-step instructions for enabling Azure Tenant Name Validation in the Azure Naming Tool when running in Docker.
Note: For complete feature documentation, see the V5.0.0 Azure Name Validation Guide - Setup and configuration for Azure tenant validation.
✅ Docker Desktop or Docker Engine installed
✅ Azure Naming Tool running in Docker with a persistent volume
✅ Azure subscription with appropriate permissions
# Create a service principal with Reader permissions
az ad sp create-for-rbac \
--name "naming-tool-sp" \
--role "Reader" \
--scopes "/subscriptions/<YOUR-SUBSCRIPTION-ID>" \
--output jsonSave the output immediately - you'll need:
-
appId→ Client ID -
password→ Client Secret (cannot be retrieved later!) -
tenant→ Tenant ID
# Get container ID
docker ps
# Find your volume name
docker volume ls | grep naming
# Common volume names:
# - azurenamingtoolv5
# - azurenamingtool_settings📝 Note for Upgrading Users:
If you upgraded to v5.0.0, the fileazurevalidationsettings.jsonalready exists in your volume'ssettings/folder.
You just need to edit it to add your Service Principal credentials - no need to create it from scratch.
- Open Docker Desktop
- Go to Volumes tab
- Click on your naming tool volume
- Click Browse or Files
- Navigate to the
settings/folder -
Edit the existing
azurevalidationsettings.jsonfile (or create if missing) - Update with your Service Principal credentials (see configuration template below)
- Save the file
# Replace these values with your actual credentials
export TENANT_ID="your-tenant-id-here"
export CLIENT_ID="your-client-id-here"
export CLIENT_SECRET="your-client-secret-here"
export SUBSCRIPTION_ID="your-subscription-id-here"
export CONTAINER_ID="your-container-id-here"
# Create/update the configuration file
cat > /tmp/azurevalidationsettings.json << EOF
[
{
"Id": 1,
"Enabled": true,
"AuthMode": "ServicePrincipal",
"TenantId": "${TENANT_ID}",
"SubscriptionIds": ["${SUBSCRIPTION_ID}"],
"ManagementGroupId": null,
"ServicePrincipal": {
"ClientId": "${CLIENT_ID}",
"ClientSecret": "${CLIENT_SECRET}",
"ClientSecretKeyVaultName": null
},
"KeyVault": null,
"ConflictResolution": {
"Strategy": "NotifyOnly",
"MaxAttempts": 100,
"IncrementPadding": 3,
"IncludeWarnings": true
},
"Cache": {
"Enabled": true,
"DurationMinutes": 5
}
}
]
EOF
# Copy to container (this will overwrite the existing file)
docker cp /tmp/azurevalidationsettings.json ${CONTAINER_ID}:/app/settings/azurevalidationsettings.json
# Clean up
rm /tmp/azurevalidationsettings.jsonCopy this template and replace the values:
[
{
"Id": 1,
"Enabled": true,
"AuthMode": "ServicePrincipal",
"TenantId": "YOUR-TENANT-ID",
"SubscriptionIds": [
"YOUR-SUBSCRIPTION-ID-1",
"YOUR-SUBSCRIPTION-ID-2"
],
"ManagementGroupId": null,
"ServicePrincipal": {
"ClientId": "YOUR-CLIENT-ID",
"ClientSecret": "YOUR-CLIENT-SECRET",
"ClientSecretKeyVaultName": null
},
"KeyVault": null,
"ConflictResolution": {
"Strategy": "NotifyOnly",
"MaxAttempts": 100,
"IncrementPadding": 3,
"IncludeWarnings": true
},
"Cache": {
"Enabled": true,
"DurationMinutes": 5
}
}
][ and ]
azurevalidationsettings.json
-
"AuthMode": "ServicePrincipal"(use string name, not numeric value) -
"Strategy": "NotifyOnly"(use string name, not numeric value)
| Field | Values |
|---|---|
AuthMode |
0 = Managed Identity, 1 = Service Principal |
Strategy |
0 = NotifyOnly, 1 = AutoIncrement, 2 = Fail |
docker restart <container-id>
# Wait for startup
sleep 5# Check logs for errors
docker logs <container-id> --tail 50
# Look for authentication errors
docker logs <container-id> 2>&1 | grep -i "failed to authenticate"
# Verify file content
docker exec <container-id> cat /app/settings/azurevalidationsettings.jsonSuccess: No "Client secret not found" or authentication errors
Failure: See Troubleshooting below
- Open Azure Naming Tool:
http://localhost:8080(or your configured port) - Navigate to Admin → Configuration → Site Configuration
- Scroll to Azure Tenant Name Validation
- Click Test Connection
- You should see:
- ✅ Authentication: Success
- ✅ Subscriptions: [Your subscriptions listed]
- ✅ Resource Graph: Accessible
Problem: The ClientSecret field is missing or empty.
Solution:
# Verify ClientSecret is in the file
docker exec <container-id> cat /app/settings/azurevalidationsettings.json | grep "ClientSecret"
# Should show: "ClientSecret": "Q2Z8Q~..."
# If empty or missing, recreate the configuration fileProblem: AuthMode has an invalid value.
Fix: Ensure "AuthMode": "ServicePrincipal" or "AuthMode": "ManagedIdentity" (use valid string enum names)
Possible Causes:
-
Wrong credentials - Verify Service Principal details:
az ad sp show --id <client-id>
-
Expired secret - Reset the credential:
az ad sp credential reset --id <client-id>
-
Wrong Tenant ID - Verify:
az account show --query tenantId
Solution:
# Ensure file exists
docker exec <container-id> ls -la /app/settings/
# Check file permissions
docker exec <container-id> ls -l /app/settings/azurevalidationsettings.json
# Restart container
docker restart <container-id>Here's a complete working example with placeholder values:
[
{
"Id": 1,
"Enabled": true,
"AuthMode": "ServicePrincipal",
"TenantId": "YOUR-TENANT-ID-HERE",
"SubscriptionIds": [
"YOUR-SUBSCRIPTION-ID-1",
"YOUR-SUBSCRIPTION-ID-2"
],
"ManagementGroupId": null,
"ServicePrincipal": {
"ClientId": "YOUR-CLIENT-ID-HERE",
"ClientSecret": "YOUR-CLIENT-SECRET-HERE",
"ClientSecretKeyVaultName": null
},
"KeyVault": null,
"ConflictResolution": {
"Strategy": "NotifyOnly",
"MaxAttempts": 100,
"IncrementPadding": 3,
"IncludeWarnings": true
},
"Cache": {
"Enabled": true,
"DurationMinutes": 5
}
}
]- Protect the configuration file - Contains sensitive secrets
- Rotate secrets regularly - Every 6-12 months
- Use minimum permissions - Reader role only
- Consider Azure Key Vault - For production deployments
- Monitor access logs - Track who accesses Docker volumes
- V5.0.0 Azure Name Validation Guide - Setup and configuration for Azure tenant validation
- GitHub Issues: Azure Naming Tool Issues
- Docker Troubleshooting: See Docker Deployment Configuration