From 8fb0913cf519bf224ab71979c09185c3d0ff348c Mon Sep 17 00:00:00 2001
From: Charlie Vieth <charlie@porter.run>
Date: Fri, 5 Jun 2026 13:27:39 -0400
Subject: [PATCH 1/2] scripts/azure-wif: wait for federated-credential to exist
 in Azure

This changes the setup-azure-porter-wif.sh script to wait for the
federated-credential we create to be persisted in Azure.
---
 scripts/setup-azure-porter-wif.sh | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/scripts/setup-azure-porter-wif.sh b/scripts/setup-azure-porter-wif.sh
index 4c8fddf..331591e 100755
--- a/scripts/setup-azure-porter-wif.sh
+++ b/scripts/setup-azure-porter-wif.sh
@@ -382,6 +382,25 @@ get_oidc_issuer() {
     print_success "Using OIDC issuer: $OIDC_ISSUER"
 }
 
+# Wait for the federated identity credential to exist in Azure
+wait4_federated_credential() {
+    print_status "Waiting for the federated identity credential to exist in Azure..."
+
+    federated_credential_exists() {
+        az ad app federated-credential list --output=json --id="${APP_OBJECT_ID}" |
+            jq --exit-status "any(.subject == \"${OIDC_SUBJECT}\")" >/dev/null
+    }
+
+    i=0
+    while ((i++ < 30)); do
+        if federated_credential_exists; then
+            return
+        fi
+        ((i == 30)) || sleep 3
+    done
+    return 1
+}
+
 # Function to create federated identity credential
 create_federated_credential() {
     print_status "Creating federated identity credential..."
@@ -398,7 +417,12 @@ create_federated_credential() {
             \"audiences\": [\"api://AzureADTokenExchange\"]
         }" > /dev/null
 
-    print_success "Federated identity credential created"
+    if wait4_federated_credential; then
+        print_success "Federated identity credential created"
+    else
+        # Note: this might not be a fatal error.
+        print_error "Timed out waiting for the federated-credential ${APP_OBJECT_ID} to exist in Azure."
+    fi
 }
 
 # Function to display results

From ec7d2418c927c983a9568ed75644e8cbf7ea5551 Mon Sep 17 00:00:00 2001
From: Charlie Vieth <charlie@porter.run>
Date: Fri, 5 Jun 2026 13:34:23 -0400
Subject: [PATCH 2/2] scripts/azure-wif: simplify final fed-cred check

---
 scripts/setup-azure-porter-wif.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/setup-azure-porter-wif.sh b/scripts/setup-azure-porter-wif.sh
index 331591e..b74a552 100755
--- a/scripts/setup-azure-porter-wif.sh
+++ b/scripts/setup-azure-porter-wif.sh
@@ -391,14 +391,14 @@ wait4_federated_credential() {
             jq --exit-status "any(.subject == \"${OIDC_SUBJECT}\")" >/dev/null
     }
 
-    i=0
+    local i=0
     while ((i++ < 30)); do
         if federated_credential_exists; then
             return
         fi
-        ((i == 30)) || sleep 3
+        sleep 3
     done
-    return 1
+    federated_credential_exists # final check (will also set return status)
 }
 
 # Function to create federated identity credential