Closed willie-yao closed 3 months ago
hello @willie-yao
How your Terraform is authenticating to Azure ? Are you using the Azure Identity of your VM ?
Looking at the provider documentation: https://registry.terraform.io/providers/Azure/azapi/latest/docs
In #506 the solution was setting use_oidc
to true (the default is false)
@zioproto helped me with this offline. Basically, the azurerm provider and the azapi provider need to use the same authentication, which was what I was missing here. In my case I was using Azure CLI authentication with Terraform/azurerm. Therefore, I had to set use_oidc=true
as well as use_msi=false
since azureapi will use msi by default.
Is there an existing issue for this?
Greenfield/Brownfield provisioning
greenfield
Terraform Version
1.9.3
Module Version
9.1.0
AzureRM Provider Version
3.113.0
Affected Resource(s)/Data Source(s)
azapi_update_resource, aks_cluster_post_create
Terraform Configuration Files
tfvars variables values
Debug Output/Panic Output
Expected Behaviour
The cluster is deployed successfully.
Actual Behaviour
Terraform fails in
aks_cluster_post_create
. The specific error isChainedTokenCredential authentication failed
. We are using user-assigned identity for authentication and it successfully creates resource groups and the AKS Cluster, so I'm not sure why there's an auth error.Steps to Reproduce
No response
Important Factoids
No response
References
506 Had a similar error message. @zioproto had a comment that is related. This error only happens for me as I'm running terraform from my dev VM on Azure. @dtzar has this same setup running locally without a problem.