search

jason-johnson / azure-pipelines-tasks-terraform

Azure Pipelines extension for Terraform
MIT License
121 stars 52 forks source link

[error] Terraform backend initialization for AzureRM only support service principal authorization #378

Closed rhollins closed 9 months ago

rhollins commented 9 months ago

Describe the bug

After converting Service Connection to the new one using workload identity federation with openid connect terraform cli tasks return error: [error] Terraform backend initialization for AzureRM only support service principal authorization

To Reproduce Steps to reproduce the behavior:

  1. Create SC using new Workload Identity federation (automatic)
  2. Provide new SC name as backendServiceArm 
    - task: TerraformCLI@0
      displayName: 'terraform init'
      inputs:
        command: init
        backendType: azurerm
        workingDirectory: '$(System.DefaultWorkingDirectory)/terraform/'
        ensureBackend: false
        backendServiceArm: ${{ parameters.backendServiceArm }}

Expected behavior terraform init should work

Screenshots If applicable, add screenshots to help explain your problem.

Pipeline Logs

[error]Terraform backend initialization for AzureRM only support service principal authorization

Agent Configuration

Additional context Same step works from SC created using for example "Service principal (automatic)"

jaredfholgate commented 9 months ago

This is an odd one as that error message only existed in the previous version of the task.

See the diff where it was removed here: https://github.com/jason-johnson/azure-pipelines-tasks-terraform/commit/edbc47a3eede0609881bb1e5c04ec44fdcbbeeb8

Are you sure you have version 1.0.2?

In any case, even if you pull the correct version, there is another bug at the moment that we are resolving, should be fixed today or tomorrow.

jaredfholgate commented 9 months ago

Hi @rhollins. I am just following up on this. We have just release version 1.0.3 of the task, which fixes a bug unrelated to your reported issue, but relevant to Workload identity federation. Please can you try targeting that version and confirm all is good. Thanks

rhollins commented 9 months ago

Turns out it was a mistake on my site by not using major version 1 but 0 when I referenced the task.

TerraformCLI@0 - was using Version : 0.7.12 TerraformCLI@1 - is using Version : 1.0.4

Now it works fine with a workload identity federation.

Thanks