search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.44k stars 9.51k forks source link

Terraform init hangs with 'Building the Container Client from an Access Token (using user credentials)' error #34294

Open blzsadam opened 10 months ago

blzsadam commented 10 months ago

Terraform Version

Terraform v1.6.4
on darwin_amd64

Terraform Configuration Files

  required_version = ">= 1.5.2"

  backend "azurerm" {
    resource_group_name  = "rg-terraform"
    storage_account_name = "tfstateterraform"
    container_name       = "tfstate"
    key                  = "dev.terraform.tfstate"
  }

Debug Output

2023-11-23T12:09:02.594+0100 [TRACE] Meta.Backend: backend has not previously been initialized in this working directory
2023-11-23T12:09:02.594+0100 [DEBUG] New state was assigned lineage 
2023-11-23T12:09:02.594+0100 [TRACE] Meta.Backend: moving from default local state only to "azurerm" backend
2023-11-23T12:09:02.595+0100 [DEBUG] checking for provisioner in "."
2023-11-23T12:09:02.600+0100 [DEBUG] checking for provisioner in "/usr/local/bin"
2023-11-23T12:09:02.601+0100 [TRACE] backend/local: state manager for workspace "default" will:
 - read initial snapshot from terraform.tfstate
 - write new snapshots to terraform.tfstate
 - create any backup at terraform.tfstate.backup
2023-11-23T12:09:02.601+0100 [TRACE] statemgr.Filesystem: reading initial snapshot from terraform.tfstate
2023-11-23T12:09:02.601+0100 [TRACE] statemgr.Filesystem: snapshot file has nil snapshot, but that's okay
2023-11-23T12:09:02.601+0100 [TRACE] statemgr.Filesystem: read nil snapshot
2023-11-23T12:09:02.601+0100 [TRACE] Meta.Backend: ignoring local "default" workspace because its state is empty
2023-11-23T12:09:02.601+0100 [INFO]  Testing if Service Principal / Client Certificate is applicable for Authentication..
2023-11-23T12:09:02.601+0100 [INFO]  Testing if Multi Tenant Service Principal / Client Secret is applicable for Authentication..
2023-11-23T12:09:02.601+0100 [INFO]  Testing if Service Principal / Client Secret is applicable for Authentication..
2023-11-23T12:09:02.601+0100 [INFO]  Using Service Principal / Client Secret for Authentication
2023-11-23T12:09:02.601+0100 [INFO]  Getting OAuth config for endpoint https://login.microsoftonline.com/ with  tenant 
2023-11-23T12:09:02.601+0100 [DEBUG] Obtaining an MSAL / Microsoft Graph token for Resource Manager..
2023-11-23T12:09:02.602+0100 [DEBUG] New state was assigned lineage 
2023-11-23T12:09:02.602+0100 [DEBUG] Building the Container Client from an Access Token (using user credentials)

Expected Behavior

Terraform init should have (run as before) and modules, plugins should have been downloaded. Terraform state file should have been created and (as before) in the given storage account.

Actual Behavior

Terraform init hangs.

Steps to Reproduce

terraform init

Additional Context

No response

References

No response

jrnkng commented 10 months ago

I'm having the exact same issue. Running TF_LOG=trace terraform init gives me the same output. Did you find a way around this @blzsadam? Very frustrating because this prevents us from moving forward with the project... I am authenticated through ARM secrets set in my environmment

Edit: Turns out the ARM secrets were expired. No idea why this was not returned as feedback....

harshavmb commented 9 months ago

Hi @blzsadam ,

Does your storage account have private endpoints? If yes, can you/terraform execution environment resolve the DNS records & fetch blobs from that container?