search

Azure / ALZ-PowerShell-Module

The Azure Landing Zones Accelerators PowerShell module
https://www.powershellgallery.com/packages/ALZ/
MIT License
79 stars 39 forks source link

Bug: Bootstrap fails on Microsoft Hosted Virtual Machines - Need to upgrade AzAPI to v2 #252

Open integyjc opened 1 week ago

integyjc commented 1 week ago

Is there an existing issue for this?

Infrastructure as Code Type? (Required)

bicep

PowerShell Module Version (Optional)

4.1.0

Bootstrap Module Version (Optional)

No response

Starter Module? (Required)

bicep - complete

Starter Module Version (Optional)

No response

Input arguments of the ALZ-PowerShell-Module (Optional)

No response

Debug Output/Panic Output (Optional)

Expected Behaviour (Required)

Terraform plan should have started

Actual Behaviour (Required)

Error: Failed to perform action │ │ with data.azapi_resource_action.locations, │ on main.tf line 12, in data "azapi_resource_action" "locations": │ 12: data "azapi_resource_action" "locations" { │ │ performing action locations of "Resource: (ResourceId \"/subscriptions/fd134809-7884-405a-redacted\" / Api │ Version \"2022-12-01\")": ChainedTokenCredential authentication failed │ GET http://169.254.169.254/metadata/identity/oauth2/token │ -------------------------------------------------------------------------------- │ RESPONSE 400 Bad Request │ -------------------------------------------------------------------------------- │ { │ "error": "invalid_request", │ "error_description": "Identity not found" │ } │ -------------------------------------------------------------------------------- │ ╵

Steps to Reproduce (Optional)

No response

Important Factoids (Optional)

First time following the new process so this could well be user error. I've got to the point of running Deploy-Accelerator -inputs "c:\accelerator\config\inputs.yaml" -output "c:\accelerator\output" and receive the error shown

Has anyone else hit this or have I missed something?

The user account im using is logged in via az login - I have also tried with -t to fix the tenant. The user is owner at tenant root

References (Optional)

No response

jaredfholgate commented 1 week ago

Looks like you are running on an Azure VM? If so, you can fix by setting the env var ARM_USE_MSI to false.

$env:ARM_USE_MSI = $false

This was a limitation with AzAPI, but has been fixed in v2. I will update the code to fix this moving forward.

integyjc commented 1 week ago

Thats done the trick thank you!

$env:ARM_USE_MSI = "false"

Yes we're using Azure DevBox and I obviously didn't google enough to find this known issue!

Much appreciated

jaredfholgate commented 1 week ago

I'll leave this issue open as a prompt for me to upgrade to azapi v2.