Support for MSI authentication in App Service/Azure Function

hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs

Mozilla Public License 2.0

4.6k stars 4.64k forks source link

Support for MSI authentication in App Service/Azure Function #5558

Open iljoong opened 4 years ago

iljoong commented 4 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Currently MSI authentication supports only VM and not App Service/Azure Function.

App Service/Azure Function has different MSI endpoint and terraform should be able to use right MSI endpoint.

For a workaround for this, I tried to authenticate using SP secret in Key Vault with system assigned identity but it crashes. See the issue at https://github.com/terraform-providers/terraform-provider-azurerm/issues/5557 for more detail

tombuildsstuff commented 4 years ago

This becomes available once we upgrade to the latest Go Autorest, which is blocked on versions 45.x and 46.x of the Azure SDK not being usable

Ayiadim commented 3 years ago

Has there been an update on this? I've just encountered this issue and don't want to resort to using the ARM_MSI_ENDPOINT env variable.

RyDoug commented 2 years ago

This becomes available once we upgrade to the latest Go Autorest, which is blocked on versions 45.x and 46.x of the Azure SDK not being usable

Hi Tom, thanks for following up with me on that duplicate issue.

Is Go Autorest update still the blocker on this issue? I believe Azure SDK is on version 62.x at this point.

Do you know if this is on any roadmaps so we might look forward to when this could work in the future?

Thanks!

karlschriek commented 2 years ago

Is there any documentation somewhere on how to correctly set ARM_MSI_ENDPOINT as a workaround? What should I set ARM_MSI_ENDPOINT to?

nayeem-num commented 1 year ago

Hello @tombuildsstuff ,

Is there any update on this issue? This terraform doc seems to indicate terraform support managed identity with Azure App Services. However, We are having issues authenticating.

We are using App Services with User managed Identity and followed the this doc but getting the below error. Is there workaround? Does using ARM_MSI_ENDPOINT solve the issue? As @karlschriek mentioned whats the best way to set this option?

Error:

╷
│ Error: Error building ARM Config: please ensure you have installed Azure CLI version 2.0.79 or newer. Error parsing json result from the Azure CLI: launching Azure CLI: exec: "az": executable file not found in $PATH.
│ 
│

Thank you,