Open drdamour opened 4 years ago
Since this issue has been reported a long time ago and relates to the version of provider we no longer support - I'm going to close it. Please open a new updated bug report on current versions of terraform and provider if this is still relevant. Thank you.
@favoretti this is still an issue with the latest version can we please just reopen?
@drdamour certainly. Apologies for closing too early.
Transferring this to Core since Backends are located within the Core repository - so this documentation issue needs to be fixed here
Hi, I want to contribute to this but even though I read the docs, I couldn't fully understand the situation. I wonder if we should create a new field in this document and give information about the cli? @tombuildsstuff
if you look here it doesn't say that the subscription_id
is only for SP and MSI, it just pointless to use it when authenticating using azure
cli since it will use the azure
cli subscription
anyway which is exactly what happened here. It tried to search the keys in the azure
cli subscription_id
and couldn't find it.
So I'm not sure what's the problem, seems like expected behavior when authenticating using azure
cli.
@eladmosh yes this ticket is to request it be changed to use the subscription in the provider block so you do NOT have to set the matching subscription with az cli prior to running a terraform init. The backend block knows what subscription is supposed to be used, so why not use that info. or maybe allow setting the subscription id for az cli based authentication.
I would like to look into this problem, as most of the data for where to look for the related files is already provided.
@favoretti could you please assign this to me?
To reproduce β have an account with access to 2 subscriptions a1 and b1 (for this do I have to create an Azure account?)
@varshneydevansh This is listed as a documentation issue, as far as I understand there is no code issue to investigate. You can make a change to the docs and file a PR without this issue being assigned. Thanks!
Hi @crw,
Thanks for the clarification. So, I looked into this and understood that the subscription_id
parameter in the azurerm backend is only documented to work with Service Principal and MSI-based authentication methods, but does not mention how to use it with Azure CLI-based authentication.
So, updating the azurerm backend documentation with guidance on how to use the subscription_id
parameter with Azure CLI-based authentication could help clarify in this situation.
All I have to do is to add and explain about the subscription_id
parameter that how it can be used with Azure CLI authentication with some clear examples. This is to avoid issues caused by the Terraform attempting to retrieve keys for the default subscription of the Azure CLI.
Am I going in the right direction?
Hi @varshneydevansh, I have referred this over to the AzureRM provider team who may provide more feedback. Thanks!
Hi @varshneydevansh, thank you for your interest in this issue. We handle discussions related to code and document changes within the PR comments itself, so if you could open a PR with the docs changes you are looking to make and link this issue to it, you will be able to get feedback on your changes.
Hi @rcskosir,
I created the PR #33461. I wanted to know whether the update which I made is correct or not?
@varshneydevansh Thank you for opening a PR. Feedback regarding your PR will happen in the PR comments when a reviewer takes a look.
Community Note
Terraform (and AzureRM Provider) Version
Affected Resource(s)
azurerm provider
Terraform Configuration Files
Debug Output
N/A
Panic Output
N/A
Expected Behavior
TF should attempt to retrieve keys for the subscription identified in the azurerm provider configuration explicitly.
Actual Behavior
TF attempts to retrieve keys for the default subscription of the azure cli
Steps to Reproduce
terraform init
you'll get an error about not being able to retrieve keys. running the following works around the issue.
terraform init
Important Factoids
References