search

gruntwork-io / terragrunt

Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.
https://terragrunt.gruntwork.io/
MIT License
7.96k stars 967 forks source link

ussing latest version of terragrunt with azurerm 3.0.0. terragrunt servic prinicpal auth not working for child module #2107

Open ankur8 opened 2 years ago

ankur8 commented 2 years ago

this is my root terragrunt.hcl

remote_state { backend = "azurerm" generate = { path = "backend.tf" if_exists = "overwrite_terragrunt" } config = { resource_group_name="my-rg" storage_account_name = "bucket" container_name = "bucketcontainer" key = "${path_relative_to_include()}/mystate.tfstate" } }

generate "providers" { path = "providers.tf" if_exists = "overwrite_terragrunt" contents = <<EOF terraform { required_providers { azurerm = "=2.98.0" } } provider "azurerm" { features {} } EOF }

terraform {

extra_arguments "force_subscription1" { commands = [ "init", "apply", "destroy", "refresh", "import", "plan", "taint", "untaint" ]

Passing environment variables to Terraform

env_vars = { ARM_CLIENT_ID="ddd" ARM_SUBSCRIPTION_ID="ddd" ARM_TENANT_ID="kkk" ARM_CLIENT_SECRET=get_env("secret") } } }

when I run terragrun run-all plan from root folder it always ask for azure cli auth for child module during plan.

ankur8 commented 2 years ago

problem is the moment i specified depedency section in child it start giving auth az cli error

ankur8 commented 2 years ago

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now. Releasing state lock. This may take a few moments... ╷ │ Error: Error building ARM Config: obtain subscription(**) from Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account. │ │ ╵ ERRO[0021] Module /Users/IN22/demo/apprepo/infra/dev/ewun/aks-setup2 has finished with an error: exit status 1 prefix=[/Users/IN22/demo/apprepo/infra/dev/ewun/aks-setup2] INFO[0021] ╷ │ Error: Error building ARM Config: obtain subscription() from Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account. │ │ ╵ ERRO[0021] 1 error occurred:

denis256 commented 2 years ago

Hi, on which terragrunt version did this issue start to happen?

ankur8 commented 2 years ago

latest 0.36 DEBU[0000] Terragrunt Version: v0.36.0

szczyrja commented 2 years ago

I confirm, I solved this by putting this values directly to provider and backend files... 

# Generate Azure providers
generate "providers" {
  path      = "terraform.providers.tf"
  if_exists = "overwrite_terragrunt"
  contents  = <<EOF
    terraform {
      required_providers {
        azurerm = {
          source = "hashicorp/azurerm"
          version = ">=3.10.0"
        }
        azuread = {
            source = "hashicorp/azuread"
            version = ">=2.20.0"
        }
      }
    }
    provider "azurerm" {
        features {}
        client_id            = "${local.client_id}"
        client_secret        = "${local.client_secret}"
        tenant_id            = "${local.tenant_id}"
        subscription_id      = "${local.subscription_id}"        
    }
    provider "azuread" {
    }
EOF
}

remote_state {
  backend = "azurerm"
  config = {
    client_id            = "${local.client_id}"
    client_secret        = "${local.client_secret}"
    tenant_id            = "${local.tenant_id}"
    subscription_id      = "${local.subscription_id}"
    resource_group_name  = "${local.resource_group_name}"
    storage_account_name = "${local.storage_account_name}"
    container_name       = "${local.container_name}"
    key                  = "${path_relative_to_include()}/terraform.tfstate"
  }
  generate = {
    path      = "terraform.backend.tf"
    if_exists = "overwrite_terragrunt"
  }
}

but this was quite annoying, especially that terragrunt output is unreadable