search

jason-johnson / azure-pipelines-tasks-terraform

Azure Pipelines extension for Terraform
MIT License
122 stars 51 forks source link

(Azure / AzureRM) Terraform Plan fails after successful Init #403

Open slydewd opened 6 months ago

slydewd commented 6 months ago

After a successful Init the Plan task fails. I have tried a bunch of different combinations but I just don't understand what is causing this. If I try to add the tenant_id to the azurerm block I get almost the same error but this time it is missing the subscription_id. If I add that it isn't able to register the subscription id and I just get the same error over and over. Everything works if I setup the pipeline using TerraformTask4 instead of TerraformCLI2.

Important

Error

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: unable to build authorizer for Resource Manager API: could not configure AzureCli Authorizer: tenant ID was not specified and the default tenant ID could not be determined: obtaining tenant ID: running Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account.
│ 
│   with provider["registry.terraform.io/hashicorp/azurerm"],
│   on versions.tf line 25, in provider "azurerm":
│   25: provider "azurerm" {
│ 
╵
##[error]Terraform command 'plan' failed with exit code '1'.
##[error]╷
│ Error: unable to build authorizer for Resource Manager API: could not configure AzureCli Authorizer: tenant ID was not specified and the default tenant ID could not be determined: obtaining tenant ID: running Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account.
│ 
│   with provider["registry.terraform.io/hashicorp/azurerm"],
│   on versions.tf line 25, in provider "azurerm":
│   25: provider "azurerm" {
│

Terraform Config

##########################
# Versions
##########################
terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.85.0"
    }
  }

  backend "azurerm" {
    # this is used for federated credentials (OpenID Connect)
    use_oidc = true
  }
}

##########################
# Providers
##########################
provider "azurerm" {
  features {}
  use_oidc = true
}

Pipeline

- task: TerraformCLI@2
      displayName: 'Init'
      inputs:
        command: 'init'
        allowTelemetryCollection: false
        workingDirectory: '$(workingDir)'
        backendType: azurerm
        backendServiceArm: 'serviceConnection'
        backendAzureRmResourceGroupName: 'resourceGroup'
        backendAzureRmStorageAccountName: 'storageAccount'
        backendAzureRmContainerName: 'tfstate'
        backendAzureRmKey: terraform.tfstate

- task: TerraformCLI@2
      displayName: 'Plan'
      inputs:
        command: 'plan'
        allowTelemetryCollection: false
        workingDirectory: '$(workingDir)'
        backendType: azurerm
        backendServiceArm: 'serviceConnection'
        backendAzureRmResourceGroupName: 'resourceGroup'
        backendAzureRmStorageAccountName: 'storageAccount'
        backendAzureRmContainerName: 'tfstate'
        backendAzureRmKey: terraform.tfstate
        publishPlanResults: 'Terraform Plan'
slydewd commented 6 months ago

I've also tried adding runAzLogin: true to both Init and Plan, but same error occurs.

jason-johnson commented 5 months ago

Can you verify that you are using this extension? We don't have a TerraformTask4 task. Also, it should be TerraformCLI@1 if you want the stable version. @2 is experimental.

jason-johnson commented 1 month ago

Hi @slydewd , any update?