search

gruntwork-io / terragrunt

Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.
https://terragrunt.gruntwork.io/
MIT License
8.04k stars 975 forks source link

Error: unable to build authorizer for Resource Manager API: could not configure AzureCli Authorizer #2602

Open MathKlim opened 1 year ago

MathKlim commented 1 year ago

Hi,

I don't know If this is really a bug or a misconfiguration right now.

Terragrunt version

terragrunt version v0.43.2

Explanation

├── az_adf
│   ├── main.tf
│   ├── outputs.tf
│   ├── README.md
│   ├── variables.tf
│   └── version.tf
├── az_rg
│   ├── main.tf
│   ├── outputs.tf
│   ├── README.md
│   ├── variables.tf
│   └── version.tf
├── pipeline.yaml
└── README.md

and I'm using the module az_rg to create the resource group in my az_adf

data "azurerm_client_config" "current" {}

data "azurerm_subscription" "primary" {}

locals {
  common_tags = {
    owner           = "daa team"
    managed_by      = "Terraform"
    resource        = "adf"
    location        = var.location
    user_or_project = var.user_or_project
    environment     = var.environment
  }
}

module "az_rg" {
  source = "../az_rg"

  user_or_project = var.user_or_project
  environment     = var.environment
}

resource "azurerm_data_factory" "current" {
  name                = "adf-${var.user_or_project}-${var.location}-${var.environment}"
  location            = module.az_rg.location
  resource_group_name = module.az_rg.rg_name

  tags = local.common_tags
}

The version.tf files are the same in both directories.

terraform {
  required_version = ">=1.4.6"

  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~>3.59.0"
    }
  }
}

provider "azurerm" {
  features {}
}
.
├── deployment-pipeline
├── dev
│   ├── adf_mkl
│   │   └── terragrunt.hcl
│   └── terragrunt.hcl
├── mgmt
├── README.md
└── staging

with dev/terragrunt.hcl looking likt that

locals {
  # Parse the file path we're in to read the env name: e.g., env
  # will be "dev" in the dev folder, "staging" in the staging folder,
  # etc.
  parsed       = regex(".*/s/(?P<env>.*?)/.*", "${get_terragrunt_dir()}/")
  env          = local.parsed.env
  secrets_vars = yamldecode(sops_decrypt_file("${get_terragrunt_dir()}/../secrets.dev.yaml"))
}

# Configure azure as a backend
remote_state {
  backend = "azurerm"
  config = {
    resource_group_name  = "RG-EU-NONPROD-TF-STATE"
    storage_account_name = "statfstatetestp50"
    container_name       = "${local.env}"
    key                  = "${path_relative_to_include()}/terraform.tfstate"

    client_id       = local.secrets_vars.ARM_CLIENT_ID
    client_secret   = local.secrets_vars.ARM_CLIENT_SECRET
    subscription_id = local.secrets_vars.ARM_SUBSCRIPTION_ID
    tenant_id       = local.secrets_vars.ARM_TENANT_ID
  }
  generate = {
    path      = "backend.tf"
    if_exists = "overwrite_terragrunt"
  }
}

generate "version" {
  path      = "versions_override.tf"
  if_exists = "overwrite_terragrunt"
  contents  = <<EOF
        terraform {
        required_version = ">=1.4.6"

        required_providers {
            azurerm = {
            source  = "hashicorp/azurerm"
            version = "~>3.59.0"
                }
              }
            }

        provider "azurerm" {
            features {}

            client_id       = "${local.secrets_vars.ARM_CLIENT_ID}"
            client_secret   = "${local.secrets_vars.ARM_CLIENT_SECRET}"
            subscription_id = "${local.secrets_vars.ARM_SUBSCRIPTION_ID}"
            tenant_id       = "${local.secrets_vars.ARM_TENANT_ID}"
        }
  EOF
}

and dev/adf_mkl/terragrunt.hcl looking like that.

include "root" {
  path = find_in_parent_folders()
}

locals {
  devops_pat = get_env("TF_VAR_PAT")
}

terraform {
  source = "git::https://${local.devops_pat}@dev.azure.com/MYORG/PROJECT/_git/infrastructure-modules//az_adf?ref=main"
}

inputs = {
  user_or_project = "adf"
  environment     = "dev"
}

What happened ?

When I tried to launch a terragrunt plan in dev/adf_mkl I have the following error in my pipeline.

data.azurerm_subscription.primary: Read complete after 0s [id=/subscriptions/7b34aa28-b315-41c8-9a1f-3ce5d17df71d]
╷
│ Error: unable to build authorizer for Resource Manager API: could not configure AzureCli Authorizer: could not parse Azure CLI version: launching Azure CLI: exec: "az": executable file not found in $PATH
│ 
│   with module.az_rg.provider["registry.terraform.io/hashicorp/azurerm"],
│   on ../az_rg/version.tf line 12, in provider "azurerm":
│   12: provider "azurerm" {
│ 
╵

I thought every submodule called would inherit from the versions_override.tf generated by terragrunt, but it doesn't seem to be the case. Is there a way to generate versions_override.tf in every submodules ? Or am I missing something ?

denis256 commented 1 year ago

Hi, looking to error message launching Azure CLI: exec: "az": executable file not found in $PATH , looks like the az binary is in in $PATH