using the provider block
provider "azurerm" {
subscription_id = var.subscription_id
version = "=1.44"
}
and after successfully logging in with
az login
running
terraform plan
I get the following error:
Error: Error building account: Error getting authenticated object ID: Error parsing json result from the Azure CLI: Error waiting for the Azure CLI: exit status 2
on main.tf line 21, in provider "azurerm":
21: provider "azurerm" {
UPDATE:
If I change the provider block to:
provider "azurerm" {
version = "~> 1.43"
}
and set the environment variables
ARM_USE_MSI=true
ARM_SUBSCRIPTION_ID=<...>
ARM_TENANT_ID=<...>
HTTP_PROXY=<...>
HTTPS_PROXY=<...>
http_proxy=<...>
https_proxy=<...>
than after executing terraform plan I get the following error:
Connection to 169.254.169.254 failed. No route to host.
which is very strange, as it seems to me, that a service endpoints IP is "hardcoded" into the terraform client.
Even though I was already logged in via az cli, forcing another:
az login
Resolved this for me.
Removing variable
ARM_USE_MSI=true
Solved my problem.
This variable tells terraform to use Managed Service Identity. See the docs. The problem was, that the Azure Instance Metadata service endpoint(available on the above mentioned IP), that is used from that point, is only accessible from within a VM, and I was running the terraform from my desktop.
az login --tenant TENANT_ID
resolved by using tenant ID
Initially, I tried to log in with "az login" but got a similar error you posted.
Related
I get this error running a "terraform plan". I authenticated terraform to Azure via CLI. I have set up an account subscription. How can I solve this problem?
Error: building AzureRM Client: please ensure you have installed Azure CLI version 2.0.79 or newer. Error parsing JSON result from the Azure CLI: launching Azure CLI: exec: "az": executable file not found in %PATH%.
The error says that az is not found. So for this type of error simple way out is logging-in into Azure like below:
az login
Then the error goes:
And then you can check your subscriptions once like below:
az account list
And following login step i got resolved my problem.
And also check if you are using latest Azure Cli version.
And also try the below command:
az account get-access-token
References taken from:
Terraform apply results in Error populating Client ID from the Azure CLI
azure cli $Path error running in terraform cloud
https://forum.gitlab.com/t/teraform-gitlab-image-no-azure-cli/60534
Terraform cloud needs an Azure access since your plan is running on the cloud.
First, you need to create a service principal for azure
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/SUBSCRIPTION_ID"
See this tutorial: https://developer.hashicorp.com/terraform/tutorials/azure-get-started/azure-build
After service principal is created, you get this in response:
{
"appId": "...", - client_id
"displayName": "...",
"password": "...", - client_secret
"tenant": "..." - tenant_id
}
Then you can provide azure access for terraform using one of these methods:
Add Workspace variables via terraform cloud GUI. They will be treated as environment variables.
ARM_CLIENT_ID="..."
ARM_CLIENT_SECRET="..."
ARM_SUBSCRIPTION_ID="..."
ARM_TENANT_ID="..."
Or include them into your .tf file.
provider "azurerm" {
features {}
subscription_id = '...'
client_id = '...'
client_secret = '...'
tenant_id = '...'
}
Hovever it's not a good idea to sotre sensitive data in config.
That's why you may use method #3:
Declare variables in your .tf file and pass them via command line
provider "azurerm" {
features {}
subscription_id = var.subscription-id
client_id = var.client-id
client_secret = var.secret
tenant_id = var.tenant-id
}
terraform apply -var client-id='...' -var tenant-id='...' -var...
See this answer for details:
https://discuss.hashicorp.com/t/using-the-azure-provider-with-terraform-cloud/18177/2
since today I am experiencing an error concerning terraform initilization using Azure AD Authentication.
Terrform v1.2.2
Az Cli v2.37.0
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>3.0"
}
}
backend "azurerm" {
tenant_id = "XXX"
subscription_id = "XXX"
resource_group_name = "XXX"
storage_account_name = "XXX"
container_name = "tfstate"
key = "devops.terraform.tfstate"
use_azuread_auth = true
}
}
terraform init
> Error: obtaining Authorization Token from the Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: User 'XXX' does not exist in MSAL token cache. Run `az login`.
Upon running az login or az logout/az login, the error remains.
Deleting MSAL token cache file or az account clear do not help, either.
I am using latest versions of terraform and az cli. I was using terraform v1.1.x before when I encountered the error but upgrading did not solve it, either.
Also, the user definetly exists in the msal_token_cache.json at Account.username.
Any suggestions?
Cheers,
AJ
SOLVED:
After reinstalling az cli, the issue resolved. I think it is a problem with WSL2. If not both terraform and az cli are windows binaries (or both linux binaries), configuration is probably all over the place.
Thanks anyway!
Thank You AJQREA sharing the solution. Posting it as an solution to help other community member who might encounter the same problem in future.
The error is due to you having changed the password of your Azure account and the access token stored on the disk becoming invalid.
Terraform internally is just calling az account get-access-token - as such you should be able to run the same command to see the error.
Solution : After reinstalling or upgrading the azure-cli-iot-ext extension, Terraform was able to retrieve the access token again with new updated password.
Reference : https://github.com/hashicorp/terraform-provider-azurerm/issues/3686
providers.tf
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>2.0"
}
}
}
provider "azurerm" {
features {}
}
terraform version: Terraform v1.1.7
terraform command: terraform plan
CLI Error:
Error: building AzureRM Client: obtain subscription(XXXXXXXX-XXXX-XXXX-XXX-XXXXXXXXXXXX) from Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account.
with provider["registry.terraform.io/hashicorp/azurerm"],
on providers.tf line 10, in provider "azurerm":
10: provider "azurerm" {
I did run az login and signed into my Azure account.
Question:
I can't find out what I'm doing wrong?
Tested in my environment getting the same error when i haven't connected with any active account.
As Suggested by cdub is correct , Tried running az logout multiple times until you see There are no active accounts, running az login, az account set -s <your-subscription-name>, then re-running terraform init and finally, terraform plan
#get the current default subscription using show
az account show --output table
I cannot create any resource in azure cloud using terraform.
WSL2 - Ubuntu:
Ubuntu 20.04.3 LTS
Terraform version:
Terraform v1.1.5
AZ CLI version:
"azure-cli": "2.33.0"
"azure-cli-core": "2.33.0"
"azure-cli-telemetry": "1.0.6"
At the beggining I login to azure subscription through az login. I have only one available subscription on this account and I am owner.
Then I create "main.tf" file same as here : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#example-usage
After "terraform init" i do "terraform plan" but i recive that error:
Error: Unable to list provider registration status, it is possible that this is due to invalid credentials or the service principal does not have permission to use the Resource Manager API, Azure error: resources.ProvidersClient#List: Failure sending request: StatusCode=0 -- Original Error: Get "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers?api-version=2016-02-01": dial tcp: lookup management.azure.com on 000.00.000.0:00: cannot unmarshal DNS message
with provider["registry.terraform.io/hashicorp/azurerm"],
on main.tf line 10, in provider "azurerm":
10: provider "azurerm" {
Also i go through this way: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret
My app has contributor/owner priviliges at the subscription level.
Then adding this configuration :
provider "azurerm" {
features {}
subscription_id = "00000000-0000-0000-0000-000000000000"
client_id = "00000000-0000-0000-0000-000000000000"
client_secret = var.client_secret
tenant_id = "00000000-0000-0000-0000-000000000000"
}
Finally I get the same error. Do you have any ideas?
sudo vim /etc/resolv.conf
and change nameserver value to 8.8.8.8
It should work, but every time you reboot you should do this action or write a script to automate it!
I try to apply terraform plan with terraform apply. But when I run the command I get the following error
Error: Error building AzureRM Client: Error populating Client ID from the Azure CLI:
No Authorization Tokens were found -
please ensure the Azure CLI is installed and then log-in with `az login`.
I do have the Azure CLI installed and I'm logged in with az login. When I run az login I am redirected to the landing page where I am able to log in just fine.
Also terraform init works without any problems.
Below my terraform file:
provider "azurerm" {
version = "1.38.0"
}
I also tried to provide subscription and tenant IDs but it didn't help:
provider "azurerm" {
version = "1.38.0"
subscription_id = "00000000-0000-0000-0000-000000000000"
tenant_id = "00000000-0000-0000-0000-000000000001"
}
Error: Error building AzureRM Client: Error populating Client ID from
the Azure CLI: No Authorization Tokens were found - please ensure
the Azure CLI is installed and then log-in with az login.
This error is due to the Azure CLI version that you are using . There was a breaking change in the Azure CLI version 2.30.0 where Azure migrated the authentication from ADAL to MSAL. For which if you are using Azure CLI latest and Terraform azurerm old then , it will fail in authentication which will result in the error.
To Fix the problem you will have to use the latest Azure CLI version i.e. 2.32.0 and also at the same time try to use the terraform latest azurerm Provider i.e. 2.92.0.
To Upgrade CLI version , You can run az upgrade command and in terraform you can use the below :
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "2.92.0"
}
}
}
provider "azurerm" {
# Configuration options
}
You can refer these Similar Github Issues are well : Issue 1 and Issue 2