Open Tazminia opened 2 years ago
Hi @Tazminia, thanks for reporting this issue.
Are you using the Microsoft Graph beta? If not, you should be able to specify the password value as it is generated by the provider. If you are using the beta, the password value is generated by the API and there is unfortunately nothing we can do about the unsupported characters.
Hello @manicminer, I am not sure about the Microsoft Graph beta. To be honest, I do not know what it is.
For now, to avoid the issue I am using the following code snippet:
resource "random_string" "client_rnd" {
keepers = {
client_app_name = var.client_app_name
}
length = 32
special = true
}
# Associate the password to the Client App
resource "azuread_service_principal_password" "client_pwd" {
display_name = var.cluster_name
service_principal_id = azuread_service_principal.client_sp.id
end_date_relative = "87600h"
value = random_string.client_rnd.result
}
Hi @Tazminia, thanks for the update. This does appear to be an incompatibility on the part of AKS, since the password value is accepted by the AAD API.
MS Graph is the newer API for Azure AD that we are currently in the process of moving to. In the next version of the AzureAD provider, we will be switching to the newer API. It's worth noting that the new API generates very similar passwords and it's possible this issue may persist. Unfortunately, with the new API it's not possible to provide your own password value.
I'm going to transfer this issue to the AzureRM repo and mark it as AKS related for further investigation.
Community Note
Terraform (and AzureAD Provider) Version
Terraform: 1.0.2 azuread: 1.6.0
Affected Resource(s)
azuread_service_principal_password
Terraform Configuration Files
Debug Output
Expected Behavior
Password of service principal should contain no breaking characters and kubernetes cluster creaton should proceed.
Actual Behavior
Cluster creation fails because of strange character in service principal password
Steps to Reproduce
It is hard to reproduce because there is no way to specify the characters to be used for the password.