search

cyrilgdn / terraform-provider-postgresql

Terraform PostgreSQL provider
https://www.terraform.io/docs/providers/postgresql/
Mozilla Public License 2.0
394 stars 200 forks source link

In Terraform, this causes timeout when using Managed Identity in Azure #418

Open geirivarjerstad opened 8 months ago

geirivarjerstad commented 8 months ago

https://github.com/cyrilgdn/terraform-provider-postgresql/blob/f46ec221181b09b153c7fc816e75c7030a3e8ab9/postgresql/provider.go#L271C15-L271C44

I have a custom buildagent for Azure DevOps Pipeline running in an App Service that uses Managed Identity to login into the Azure Database for PostgreSQL database. When the code uses "DefaultAzureCredential", it times out pretty quick and the pipeline fails with this error:

Plan: 0 to add, 4 to change, 0 to destroy.
╷
│ Error: DefaultAzureCredential: failed to acquire a token.
│ Attempted credentials:
│   EnvironmentCredential: missing environment variable AZURE_TENANT_ID
│   WorkloadIdentityCredential: no client ID specified. Check pod configuration or set ClientID in the options
│   ManagedIdentityCredential: managed identity timed out
│   AzureCLICredential: ERROR: Please run 'az login' to setup account.
│ 
│ 
│   with provider["registry.terraform.io/cyrilgdn/postgresql"].dev,
│   on provider.tf line 56, in provider "postgresql":
│   56: provider "postgresql" {
│ 
╵
##[error]Error: The process '/usr/bin/terraform' failed with exit code 1
Finishing: Apply Terraform

The timeout is short by design: https://github.com/Azure/azure-sdk-for-go/blob/main/sdk/azidentity/TROUBLESHOOTING.md

So we need a way to force the provider with either another timeout value or that it can be configured to use ManagedIdentityCredential directly.

Thanks :)

Bouke commented 1 month ago

Did you find a way around this issue, while still using a managed identity?

geirivarjerstad commented 1 month ago

No, I am still getting this error, but this time it is slightly different:

Error: DefaultAzureCredential: failed to acquire a token. │ Attempted credentials: │ EnvironmentCredential: missing environment variable AZURE_TENANT_ID │ WorkloadIdentityCredential: no client ID specified. Check pod configuration or set ClientID in the options │ ManagedIdentityCredential: managed identity timed out │ AzureCLICredential: ERROR: Tenant shouldn't be specified for managed identity account