search

microsoft / azure-pipelines-terraform

Azure Pipelines tasks for installing Terraform and running Terraform commands in a build or release pipeline.
MIT License
95 stars 60 forks source link

Issue with local-exec - az login required #162

Closed Pinaki-1 closed 10 months ago

Pinaki-1 commented 1 year ago

I have an issue running the az cli script using local-exec provisioner.

Receive the following error: ERROR: Please run 'az login' to setup account

Task snippet -

  - task: TerraformTaskV2@2
    displayName: 'Terraform apply TaskV2'
    inputs:
      provider: 'azurerm'
      command: 'apply'
      workingDirectory: $(workingDirectory)
      environmentServiceNameAzureRM: ${{ variables.azureServiceConnectionName }}
      backendServiceArm: ${{ variables.azureServiceConnectionName }}
      backendAzureRmResourceGroupName: ${{ variables.backendResourceGroupName }}
      backendAzureRmStorageAccountName: ${{ variables.backendStorageAccountName }}
      backendAzureRmContainerName: ${{ variables.backendContainerName }}
      backendAzureRmKey: $(backendAzureRmkey)

Terraform part :

resource "null_resource" "reset_password" {
  provisioner "local-exec" {
    command = <<-EOT
       az postgres flexible-server update --resource-group ${var.resource_group_name} --name ${azurerm_postgresql_flexible_server.psql.name} --admin-password "${var.credentials.password_secret_name}"
    EOT
  }
Pinaki-1 commented 1 year ago

Updated the task - 

  - task: TerraformTaskV4@4
    displayName: 'Terraform apply TaskV4'
    inputs:
      provider: 'azurerm'

Now I am getting a different error :

Code: AuthorizationFailed
│ Message: The client '******-*****-*******' with object id
│ '******-*****-*******' does not have authorization to
│ perform action 'Microsoft.DBforPostgreSQL/flexibleServers/read' over scope
│ '/subscriptions/*********/resourceGroups/*********/providers/Microsoft.DBforPostgreSQL/flexibleServers/pos-*********'
│ or the scope is invalid. If access was recently granted, please refresh
│ your credentials.
mericstam commented 10 months ago

Hi, running az cli requires you to do az login before you can use the command on an azure resource. the terraform extension does not do az login automatically.

Pinaki-1 commented 10 months ago

Thanks

avanmalleghem commented 7 months ago

@mericstam and so what is the best practice ? Add az login ... into the terraform script ?

mericstam commented 7 months ago

If you have a dependency on a az command in you terraform script i would would add a script task with az login before the terraform task is executed