Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support Azure DevOps Service Connection #475

Open
Bouke opened this issue Oct 2, 2024 · 2 comments
Open

Support Azure DevOps Service Connection #475

Bouke opened this issue Oct 2, 2024 · 2 comments

Comments

@Bouke
Copy link

Bouke commented Oct 2, 2024

Terraform Version

Terraform v1.9.5
on linux_amd64
+ provider registry.terraform.io/cyrilgdn/postgresql v1.21.1-beta.1

Affected Resource(s)

provider

Terraform Configuration Files

provider "postgresql" {
  host                = azurerm_postgresql_flexible_server.instance.fqdn
  port                = 5432
  database            = "postgres"
  username            = azurerm_postgresql_flexible_server_active_directory_administrator.instance.principal_name
  sslmode             = "require"
  superuser           = false
  azure_identity_auth = true
  azure_tenant_id     = data.azurerm_client_config.current.tenant_id
}

Debug Output

│ Error: DefaultAzureCredential: failed to acquire a token.
│ Attempted credentials:
│ 	EnvironmentCredential: missing environment variable AZURE_CLIENT_ID
│ 	WorkloadIdentityCredential: no client ID specified. Check pod configuration or set ClientID in the options
│ 	ManagedIdentityCredential: no default identity is assigned to this resource
│ 	AzureCLICredential: ERROR: Please run 'az login' to setup account.
│ 
│ 
│   with provider["registry.terraform.io/cyrilgdn/postgresql"],
│   on main.tf line 446, in provider "postgresql":
│  446: provider "postgresql" {

Expected Behavior

Use the service connection's principal to access Azure RM.

Actual Behavior

Doesn't use the service connection's principal, and cannot communicate with Azure RM.

Steps to Reproduce

Run terraform using Azure DevOps Pipeline, using a service connection principal:

- task: TerraformTaskV4@4
  displayName: Build execution plan
  inputs:
    provider: 'azurerm'
    command: 'plan'
    environmentServiceNameAzureRM: '$(azureSubscription)'

Important Factoids

References

@librucha
Copy link
Contributor

Hi @Bouke

Which credentials type of service connection are you using?
image

@Bouke
Copy link
Author

Bouke commented Dec 12, 2024

The service connection is a service principal (there's a linked app registration).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants