Closed futojin closed 7 months ago
Hi, thanks for reporting. could you please provide the Azure DevOps pipeline script ( YAML) or screenshots of you build steps if you use classic pipelines .
Br, Manuel
Thanks for getting back to me.
Here's the some YAML snippets extracted from the web browser context:
steps:
- task: ms-devlabs.custom-terraform-tasks.custom-terraform-installer-task.TerraformInstaller@0
displayName: 'Install Terraform 1.2.9'
inputs:
terraformVersion: 1.2.9
steps:
- task: ms-devlabs.custom-terraform-tasks.custom-terraform-release-task.TerraformTaskV4@4
displayName: 'Terraform init'
inputs:
workingDirectory: '$(System.DefaultWorkingDirectory)/environments/$(prefix)/$(project_name)'
backendServiceArm: '$(devops_azure_service)'
backendAzureRmResourceGroupName: '$(devops_resouce_group)'
backendAzureRmStorageAccountName: '$(devops_storage_account)'
backendAzureRmContainerName: '$(devops_container)'
backendAzureRmKey: '$(tfstate_key)'
Note that the pipelines works when we are using Service principal (manual)
service connection.
Is this something you can take a look at, @jaredfholgate ?
Hi @futojin. I think you need to use a newer version of the Terraform CLI. 1.2.9 is quite old and may not have the OIDC support. I think it was added around 1.3.4. Also check the version of the azurerm
provider you are targeting supports OIDC auth.
@futojin , did upgrading to a later version resolve the issue?
@mericstam @jaredfholgate Thank you for the hint. I've upgraded the CLI to latest at the time of writing (1.6.3) and terraform init and other steps are working perfectly, with OIDC auth performed successfully.
Many thanks again for the help and closing this issue.
We have used a recommended service connection:
Azure Resource Manager using Workload Identity federation with OpenID Connect (automatic)
However the Terraform Init seems having an issue connecting to azurerm storage backend: