account is not configured

[andrewfraley]

I am admittedly extremely naive when it comes to Azure, but I cannot seem to sort out what the issue is here. Any suggestions would be greatly appreciated. Note this is using azure-nuke version 1.0.0-next.4

I created a service principal like so:

az ad sp create-for-rbac --name nuke-role --role contributor --scopes /subscriptions/redacted-subscription-id

My config.yaml currently just looks like this, but I've also tried many other combos of config.yaml settings and get the same results:

regions:
    - global
    - eastus

I then run:

azure-nuke run --tenant-id=redacted --client-id=redacted --client-secret=redacted --subscription-id=redacted --log-level trace --log-caller

And get:

TRAC[0000]command.go:45 tenant id: redacted
DEBU[0000]auth.go:30 authentication type: client secret
TRAC[0000]command.go:55 preparing to run nuke
TRAC[0000]tenant.go:32 start: NewTenant                              handler=NewTenant
TRAC[0000]tenant.go:46 attempting to list tenants                    handler=NewTenant
TRAC[0000]command.go:31 2024/03/20 17:16:56 [DEBUG] POST https://login.microsoftonline.com/redacted/oauth2/v2.0/token  source=standard-logger
TRAC[0000]tenant.go:59 listing subscriptions
TRAC[0000]tenant.go:70 adding subscriptions id: redacted
TRAC[0000]tenant.go:73 listing resource groups
INFO[0000]tenant.go:77 configured locations[global eastus]
DEBU[0000]tenant.go:89 resource group name: redacted
DEBU[0000]tenant.go:89 resource group name: NetworkWatcherRG
DEBU[0000]tenant.go:89 resource group name: redacted
FATA[0000]main.go:46 account is not configured

[ekristen]

@andrewfraley you have to configure at least one tenant in your blocklist configuration and the tenant you are targeting in the config as well.

regions:
  - global
  - eastus

blocklist:
  - production-tenant-id

accounts:
  TARGET_TENANT_ID: {}

{} is if you do not want to configure any filters.

[andrewfraley]

@ekristen thank you! I was able to get it working with this.