🐛 Azure Credentials missing SubscriptionId and TenantId

Question

🐛 Azure Credentials missing SubscriptionId and TenantId

candidson opened this issue 3 years ago · comments

Describe the bug
It is possible to define environment variables under the settings area. However these variables aren't actually passed to the runner. Only the environment variables defined under Credentials are actually available to the runner.

Hence, terraform plan fails in Azure with the following error:

Error: Error building AzureRM Client: 2 errors occurred:
 	* A Subscription ID must be configured when authenticating as a Service Principal using a Client Secret.
 	* A Tenant ID must be configured when authenticating as a Service Principal using a Client Secret.

To Reproduce
Steps to reproduce the behavior:

Go to Settings and define your environment variables
Click on a stack and run it
Scroll down to the logs
See error:

Error: Error building AzureRM Client: 2 errors occurred:
 	* A Subscription ID must be configured when authenticating as a Service Principal using a Client Secret.
 	* A Tenant ID must be configured when authenticating as a Service Principal using a Client Secret.

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots

A look in the live docker image used during Terraform Plan shows that only the credentials are passed:

Desktop (please complete the following information):

OSX
Chrome
Version 92.0.4515.107 (Official Build) (x86_64)

Additional context
None

Julien WITTOUCK · Answer 1 · Tue Aug 03 2021 15:21:12 GMT+0800 (China Standard Time)

Hi @candidson

Thank you for contributing by opening this issue, and for all the details.
I'll work on a fix when I'll have some time.

Also, maybe some of the variables you tried to pass as env vars should be stored in the AzureRM credentials.
As I'm not an Azure user myself, I can't tell which ones, but I'm guessing that ARM_SUBSCRIPTION_ID and ARM_TENANT_ID should be part of a Azure Credentials ?

candidson · Answer 2 · Tue Aug 03 2021 15:58:19 GMT+0800 (China Standard Time)

Hi @juwit,
Thanks a lot for the quick feedback.

And you are correct: It would be best if the credential would consist of:

ARM_CLIENT_ID
ARM_SUBSCRIPTION_ID
ARM_CLIENT_SECRET
ARM_TENANT_ID

as mentioned here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret#configuring-the-service-principal-in-terraform

Additionally, following environment variables should actually also be available, but not mandatory.

ARM_ACCESS_KEY
ARM_ENVIRONMENT

This would help a lot managing several stacks

candidson · Answer 3 · Tue Aug 03 2021 20:41:49 GMT+0800 (China Standard Time)

Hi @juwit
I think I was able to fix it. I added the variables as part of the credentials. I will create a PR

Julien WITTOUCK · Answer 4 · Tue Aug 03 2021 21:20:46 GMT+0800 (China Standard Time)

I'm working on a fix for the env var settings, it's almost ready.

I'll be happy to review your PR when it's ready :)

candidson · Answer 5 · Tue Aug 03 2021 22:46:18 GMT+0800 (China Standard Time)

That's great @juwit!

I just publish my PR. Let me what you think.

Merci!