Allow for authenticating to Azure using the Azure CLI

marcin478 commented 4 months ago

This is already supported by the azurerm and azuread providers. It's required to solve the problem with the 10 minutes idToken validity limitation when using Workload Identity to Federation for Azure DevOps Service Connection.

ms-henglu commented 4 months ago

Hi @marcin478 ,

Thank you for taking time to report this issue and apologize for late response.

The azapi provider does support this feature, more details could be found here: https://registry.terraform.io/providers/Azure/azapi/latest/docs/guides/azure_cli

srvmsr commented 2 months ago

We are facing the same issue , azure cli auth works well when auzure cli is authenticated via Service principal client secret, however we get below error when we use Workload Identity to Federation for Azure DevOps Service Connection.

"Error: reading "Resource: (ResourceId \"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\" / Api Version \"2022-09-01\")": ChainedTokenCredential authentication failed │ GET http://169.254.169.254/metadata/identity/oauth2/token │ -------------------------------------------------------------------------------- │ RESPONSE 400 Bad Request │ -------------------------------------------------------------------------------- │ { │ "error": "invalid_request", │ "error_description": "Identity not found" │ }

At the same config , azurerm provider works well. Provider config as below:

`terraform { required_providers { azurerm = { source = "hashicorp/azurerm" version = "~> 3.63.0" } azapi = { source = "Azure/azapi" version = "~> 1.8.0" } } backend "azurerm" { } }

provider "azapi" { use_cli = true }

provider "azurerm" { skip_provider_registration = true features {} } `