0

I am getting below error while running pipeline from Azure DevOps (Using Terraform). I have defined a service connection which is used as Variable on the pipeline.

Error building ARM Config: obtain subscription() from Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account.

enter image description here

Below is my YAML file

    parameters:
  environment: ''
  environmentPath: ''
  terraformStateFilename: ''
  artifacts: ''

steps:
  - task: TerraformInstaller@0
    inputs:
      terraformVersion: $(terraformVersion)
  - task: TerraformCLI@0
    displayName: Terraform Init
    inputs:
      provider: 'azurerm'
      command: 'init'
      workingDirectory: $(System.DefaultWorkingDirectory)/${{ parameters.environmentPath }}
      backendServiceArm: $(subscription)
      backendAzureRmResourceGroupName: $(terraformGroup)
      backendAzureRmStorageAccountName: $(terraformStorageName)
      backendAzureRmContainerName: $(terraformContainerName)
      backendAzureRmKey: ${{ parameters.terraformStateFilename }}
  - task: TerraformCLI@0
    displayName: Terraform Plan
    inputs:
      provider: 'azurerm'
      command: 'plan'
      workingDirectory: $(System.DefaultWorkingDirectory)/${{ parameters.environmentPath }}
      environmentServiceNameAzureRM: $(subscription)
      commandOptions: '-out plan.tfplan'
  - task: CopyFiles@2
    inputs:
      SourceFolder: '${{ parameters.environmentPath }}'
      Contents: |
        terraform.lock.hcl
        versions.tf
        providers.tf
        plan.tfplan
        terraform.tfvars
      TargetFolder: '$(Build.ArtifactStagingDirectory)'
    displayName: 'Copy Artifacts'
  - publish: '$(Build.ArtifactStagingDirectory)'
    artifact: ${{ parameters.artifacts }}
e

1 Answer 1

0

You need to login to Azure using this step:

steps:
  - task: AzureCLI@1
    displayName: Set Azure vars
    inputs:
      azureSubscription: ${{ parameters.azureSubscription }}
      scriptLocation: inlineScript
      inlineScript: |
        Write-Host "##vso[task.setvariable variable=AZURE_CLIENT_ID]$env:servicePrincipalId"
        Write-Host "##vso[task.setvariable variable=AZURE_CLIENT_SECRET]$env:servicePrincipalKey"
        Write-Host "##vso[task.setvariable variable=AZURE_TENANT_ID]$env:tenantId"
      addSpnToEnvironment: true

Then in the steps where Terraform is required, you add an env to reference the previous variables:

 - task: TerraformCLI@0
    displayName: Terraform Plan
    env: 
      ARM_CLIENT_ID: $(AZURE_CLIENT_ID)
      ARM_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
      ARM_TENANT_ID: $(AZURE_TENANT_ID)
    inputs:
      provider: 'azurerm'
      command: 'plan'
      workingDirectory: $(System.DefaultWorkingDirectory)/${{ parameters.environmentPath }}
      environmentServiceNameAzureRM: $(subscription)
      commandOptions: '-out plan.tfplan'

Sign up to request clarification or add additional context in comments.

6 Comments

Thanks a lot for your answer. I want to user service connection name here instead of client id and client secret. Is it not possible?
That's not a supported authentication method in Terraform.
I have used that method in Terraform earlier version using TerraformTask@02
Probably that task under the hood was running az login or just setting/exporting the required environment variables to authenticate against Azure, as you can see here registry.terraform.io/providers/hashicorp/azurerm/latest/…, those are the only supported authentication methods.
Hi , Its not working for me. please can you provide me steps by steps guide on this
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.