I am trying to provision a storage account but running it results in error:
Error: Error reading static website for AzureRM Storage Account "sa12345461234512name":
accounts.Client#GetServiceProperties:
Failure responding to request: StatusCode=403 -- Original Error: autorest/azure:
Service returned an error. Status=403 Code="AuthorizationPermissionMismatch"
Message="This request is not authorized to perform this operation using this permission.\n
RequestId:05930d46-301e-00ac-6d72-f021f0000000\n
Time:2020-03-02T09:09:44.9417598Z"
Running OS Windows 10 Pro.
Steps to replicate (in Powershell with Azure CLI installed)
az login
mkdir dummyFolder
cd dummyFolder
create config.tf
terraform init
terraform plan
terraform apply -auto-approve
Config.tf contents
# Configure the Azure Provider
provider "azurerm" {
version = "=2.0.0"
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "Australia East"
}
resource "azurerm_storage_account" "example" {
name = "sa12345461234512name"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
tags = {
environment = "staging"
}
}
Not sure what i am missing, all other resources work fine, just the storage account.
This is a bug in the azure provider, see: https://github.com/terraform-providers/terraform-provider-azurerm/issues/5869
Update your provider; it doesn't seem to be related to the terraform version.
From:
# Configure the Azure Provider
provider "azurerm" {
# whilst the `version` attribute is optional, we recommend pinning to a given version of the Provider
version = "=2.0.0"
features {}
}
To:
provider "azurerm" {
version = "~> 2.1.0"
features {}
}
Just to add to this since none of above worked. In my case it first didn't work, then next day worked just to not work again in the evening... Not changing versions or anything, was same computer.
It turned out that my time settings on my Ubuntu running in Windows was skewed. Just simply running a sudo ntpdate time.nist.gov to update time solved the problem.
Found the issue. Its got to do with Terraform.
Just checked for updates and notices 0.12.21 is out (I was runnning 0.12.20).
Seems like if running AzureARM 2.0.0 then really need to be min 0.12.21 to make it work.
Same problem as #tesharp experienced.
On my Ubuntu WSL2 the following command fixed the problem:
sudo hwclock -s
Related
I am new to Terraform and I'm trying to deploy a resource group using the example from the documentation found here, in Visual Studio Code. I receive a json parsing error when trying to use terraform apply or terraform plan. The commandsterraform init, terraform fmt and terraform validate all work fine. Connecting to azure using az login also works.
Information about code, versioning and setup can be seen below.
Error
╷
│ Error: building AzureRM Client: please ensure you have installed Azure CLI version 2.0.79 or newer. Error parsing json result from the Azure CLI: unmarshaling the result of Azure CLI: invalid character 'C' looking for beginning of value.
│
│ with provider["registry.terraform.io/hashicorp/azurerm"],
│ on main.tf line 10, in provider "azurerm":
│ 10: provider "azurerm" {
│
╵
Code in main.tf
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.28.0"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resourcegroup"
location = "eu-west"
}
az --version output
azure-cli 2.41.0
core 2.41.0
telemetry 1.0.8
Dependencies:
msal 1.20.0b1
azure-mgmt-resource 21.1.0b1
terraform --version output
Terraform v1.2.5
on windows_amd64
+ provider registry.terraform.io/hashicorp/azurerm v3.28.0
I tried to reproduce the same issue in my environment and got the below results
For installing the terraform in visual studio refer this link
We have to install the developer cli use this link to download and install
I have installed the visual studio code and install the terraform
Please find the versions which I have used
I have created terraform file
vi main.tf
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.28.0"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example23" {
name = "example-resourcegroup23"
location = "eastus"
}
I have followed some commands to run the file
Terraform init
terraform plan
terraform apply
When I open the portal I am able to see newly created resource group
Note:
1).In order to use the azure CLI, terraform should be able to do the azure cli authentication for that we have to add the token.
2).Both terraform and Azure cli should be on same path
az account get-access-token { "accessToken": token_id", "expiresOn": <Date_with_time>, "subscription": "subscription_id", "tenant": "", "tokenType": "token_type" }***
3). you can also refer this link here for know abt the issue
Since adding backend "azurerm" to my Terraform main.tf file it's now returning a 404 on the resource group created to maintain the state file.
I'm at a bit of a loss to explain why, the session is logged in to the correct tenant and subscription using Connect-AzAccount and Set-AzContext methods in the Az PowerShell module.
Here's my setup:
main.tf
## Terraform Configuration
terraform {
# Azure Remote State
backend "azurerm" {
resource_group_name = "abc-uat-tfstate"
storage_account_name = "abcuattfstate"
container_name = "tfstate"
key = "myapp.uat.tfstate"
}
# Provider Dependencies
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0.0"
}
}
}
## Provider Configurations
# Azure
provider "azurerm" {
subscription_id = var.subscriptionId
features {}
}
...
When I run terraform init on this main.tf file I receive the following error:
However note, I can immediately run Get-AzResourceGroup and it returns the group as I see it in Azure Portal.
Until I added the backend it was creating resources correctly so I'm thinking this is a simple configuration issue but after reviewing all the docs don't see what I've got wrong.
Ok, operator error as I suspected.
Running az login --tenant '...' and then az account set --subscrption '...' resolved the problem. terraform init now works correctly.
I should have thought about this earlier.
since today I am experiencing an error concerning terraform initilization using Azure AD Authentication.
Terrform v1.2.2
Az Cli v2.37.0
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>3.0"
}
}
backend "azurerm" {
tenant_id = "XXX"
subscription_id = "XXX"
resource_group_name = "XXX"
storage_account_name = "XXX"
container_name = "tfstate"
key = "devops.terraform.tfstate"
use_azuread_auth = true
}
}
terraform init
> Error: obtaining Authorization Token from the Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: User 'XXX' does not exist in MSAL token cache. Run `az login`.
Upon running az login or az logout/az login, the error remains.
Deleting MSAL token cache file or az account clear do not help, either.
I am using latest versions of terraform and az cli. I was using terraform v1.1.x before when I encountered the error but upgrading did not solve it, either.
Also, the user definetly exists in the msal_token_cache.json at Account.username.
Any suggestions?
Cheers,
AJ
SOLVED:
After reinstalling az cli, the issue resolved. I think it is a problem with WSL2. If not both terraform and az cli are windows binaries (or both linux binaries), configuration is probably all over the place.
Thanks anyway!
Thank You AJQREA sharing the solution. Posting it as an solution to help other community member who might encounter the same problem in future.
The error is due to you having changed the password of your Azure account and the access token stored on the disk becoming invalid.
Terraform internally is just calling az account get-access-token - as such you should be able to run the same command to see the error.
Solution : After reinstalling or upgrading the azure-cli-iot-ext extension, Terraform was able to retrieve the access token again with new updated password.
Reference : https://github.com/hashicorp/terraform-provider-azurerm/issues/3686
I cannot create any resource in azure cloud using terraform.
WSL2 - Ubuntu:
Ubuntu 20.04.3 LTS
Terraform version:
Terraform v1.1.5
AZ CLI version:
"azure-cli": "2.33.0"
"azure-cli-core": "2.33.0"
"azure-cli-telemetry": "1.0.6"
At the beggining I login to azure subscription through az login. I have only one available subscription on this account and I am owner.
Then I create "main.tf" file same as here : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#example-usage
After "terraform init" i do "terraform plan" but i recive that error:
Error: Unable to list provider registration status, it is possible that this is due to invalid credentials or the service principal does not have permission to use the Resource Manager API, Azure error: resources.ProvidersClient#List: Failure sending request: StatusCode=0 -- Original Error: Get "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers?api-version=2016-02-01": dial tcp: lookup management.azure.com on 000.00.000.0:00: cannot unmarshal DNS message
with provider["registry.terraform.io/hashicorp/azurerm"],
on main.tf line 10, in provider "azurerm":
10: provider "azurerm" {
Also i go through this way: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret
My app has contributor/owner priviliges at the subscription level.
Then adding this configuration :
provider "azurerm" {
features {}
subscription_id = "00000000-0000-0000-0000-000000000000"
client_id = "00000000-0000-0000-0000-000000000000"
client_secret = var.client_secret
tenant_id = "00000000-0000-0000-0000-000000000000"
}
Finally I get the same error. Do you have any ideas?
sudo vim /etc/resolv.conf
and change nameserver value to 8.8.8.8
It should work, but every time you reboot you should do this action or write a script to automate it!
using the provider block
provider "azurerm" {
subscription_id = var.subscription_id
version = "=1.44"
}
and after successfully logging in with
az login
running
terraform plan
I get the following error:
Error: Error building account: Error getting authenticated object ID: Error parsing json result from the Azure CLI: Error waiting for the Azure CLI: exit status 2
on main.tf line 21, in provider "azurerm":
21: provider "azurerm" {
UPDATE:
If I change the provider block to:
provider "azurerm" {
version = "~> 1.43"
}
and set the environment variables
ARM_USE_MSI=true
ARM_SUBSCRIPTION_ID=<...>
ARM_TENANT_ID=<...>
HTTP_PROXY=<...>
HTTPS_PROXY=<...>
http_proxy=<...>
https_proxy=<...>
than after executing terraform plan I get the following error:
Connection to 169.254.169.254 failed. No route to host.
which is very strange, as it seems to me, that a service endpoints IP is "hardcoded" into the terraform client.
Even though I was already logged in via az cli, forcing another:
az login
Resolved this for me.
Removing variable
ARM_USE_MSI=true
Solved my problem.
This variable tells terraform to use Managed Service Identity. See the docs. The problem was, that the Azure Instance Metadata service endpoint(available on the above mentioned IP), that is used from that point, is only accessible from within a VM, and I was running the terraform from my desktop.
az login --tenant TENANT_ID
resolved by using tenant ID
Initially, I tried to log in with "az login" but got a similar error you posted.