๐ Azure Credentials missing SubscriptionId and TenantId
candidson opened this issue ยท 5 comments
Describe the bug
It is possible to define environment variables under the settings area. However these variables aren't actually passed to the runner. Only the environment variables defined under Credentials are actually available to the runner.
Hence, terraform plan fails in Azure with the following error:
Error: Error building AzureRM Client: 2 errors occurred:
* A Subscription ID must be configured when authenticating as a Service Principal using a Client Secret.
* A Tenant ID must be configured when authenticating as a Service Principal using a Client Secret.
To Reproduce
Steps to reproduce the behavior:
- Go to Settings and define your environment variables
- Click on a stack and run it
- Scroll down to the logs
- See error:
Error: Error building AzureRM Client: 2 errors occurred:
* A Subscription ID must be configured when authenticating as a Service Principal using a Client Secret.
* A Tenant ID must be configured when authenticating as a Service Principal using a Client Secret.
Expected behavior
A clear and concise description of what you expected to happen.
A look in the live docker image used during Terraform Plan shows that only the credentials are passed:
Desktop (please complete the following information):
- OSX
- Chrome
- Version 92.0.4515.107 (Official Build) (x86_64)
Additional context
None
Hi @candidson
Thank you for contributing by opening this issue, and for all the details.
I'll work on a fix when I'll have some time.
Also, maybe some of the variables you tried to pass as env vars should be stored in the AzureRM credentials.
As I'm not an Azure user myself, I can't tell which ones, but I'm guessing that ARM_SUBSCRIPTION_ID and ARM_TENANT_ID should be part of a Azure Credentials ?
Hi @juwit,
Thanks a lot for the quick feedback.
And you are correct: It would be best if the credential would consist of:
ARM_CLIENT_ID
ARM_SUBSCRIPTION_ID
ARM_CLIENT_SECRET
ARM_TENANT_ID
as mentioned here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret#configuring-the-service-principal-in-terraform
Additionally, following environment variables should actually also be available, but not mandatory.
ARM_ACCESS_KEY
ARM_ENVIRONMENT
This would help a lot managing several stacks
Hi @juwit
I think I was able to fix it. I added the variables as part of the credentials. I will create a PR
I'm working on a fix for the env var settings, it's almost ready.
I'll be happy to review your PR when it's ready :)