Open Bouke opened 4 months ago
Hi thanks for reporting. If you run the command locally, what exitcode do you get?
Br Manuel
I haven't tried reproducing this issue locally. This specific error is because the task-provided auth token expired. I have no idea how I could reproduce that locally.
ok got it. I was just curious what exitcode terraform commad gets when this happens. br Manuel
I face the same issue. Exitcode is 1. It happens when TF can't load its state:
Pipeline continues as normal with this error:
Error: Failed to load state: Error retrieving keys for Storage Account "***": autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: clientCredentialsToken: received HTTP status 401 with response: {"error":"invalid_client","error_description":"AADSTS700024: Client assertion is not within its valid time range. Current time: 2024-06-30T22:04:39.8297163Z, assertion valid from 2024-06-30T21:40:32.0000000Z, expiry time of assertion 2024-06-30T21:50:32.0000000Z. Review the documentation at https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials . Trace ID: *** Correlation ID: *** Timestamp: 2024-06-30 22:04:39Z","error_codes":[700024],"timestamp":"2024-06-30 22:04:39Z","trace_id":"***","correlation_id":"***","error_uri":"[https://login.microsoftonline.com/error?code=700024"}](https://login.microsoftonline.com/error?code=700024%22})
Reproduced locally:
PS C:\...\tf> terraform output
Error: Failed to load state: blobs.Client#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation.\nRequestId:***\nTime:2024-06-30T22:39:11.4584662Z"
PS C:\...\tf> $LastExitCode
1
The task reports as succeeded, but looking at the logs it is very apparent that it should've been marked as failed instead:
Reporting the proper task status is fundamental to building a stable CI pipeline.