Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't run plan when logged in using interactive az cli login #319

Open
Cyr-Az opened this issue Jan 30, 2025 · 0 comments
Open

Can't run plan when logged in using interactive az cli login #319

Cyr-Az opened this issue Jan 30, 2025 · 0 comments

Comments

@Cyr-Az
Copy link

Cyr-Az commented Jan 30, 2025
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureStack Provider) Version

Tried with both Terraform v1.1.1 and v 1.9.5 windows as wel as 1.10.5 linux
azurestack provider v1.0.0
az cli v1.29.0

Affected Resource(s)

any resource

Terraform Configuration Files

provider "azurestack" {
metadata_host= "https://management.region.fqdn"
subscription_id = "xxxxxxx"
tenant_id = "xxxxxxx"

features {}
}

resource "azurestack_resource_group" "test_rg" {
name = "test"
location = "xxx"
}

Debug Output

terraform.exe plan

│ Error: building account: getting authenticated object ID: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: MSIS9617: The received grant is invalid. The resource for which the grant was issued is no longer valid on this STS.
│ To re-authenticate, please run:
│ az login --scope https://graph.windows.net/.default

│ with provider["registry.terraform.io/hashicorp/azurestack"],
│ on test.tf line 1, in provider "azurestack":
│ 1: provider "azurestack" {

Panic Output

Expected Behaviour

plan runs successfuly

Actual Behaviour

plan fails

Steps to Reproduce

  1. terraform plan

Important Factoids

Azure stack hub disconnected environment with ADFS

The error seems to happen because the command "az ad signed-in-user show" is ran implicitely, as visible in c:\users<myuser>.azure\commands logs.
Running that command manually fails with the exact same error message, but I don't know why it's ran when running terraform plan in the first place.

Running terraform with a client id/secret instead of using az cli login works fine, but forces us to create SPN for everyone using terraform which is not super convenient

References

  • #0000
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Cyr-Az