Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authenticating via a Service Principal and a Client Certificate tries to authenticate with Managed Identities and times out #609

Open
FrancescaRodricks opened this issue Sep 9, 2024 · 2 comments
Open

Authenticating via a Service Principal and a Client Certificate tries to authenticate with Managed Identities and times out #609

FrancescaRodricks opened this issue Sep 9, 2024 · 2 comments

Comments

@FrancescaRodricks
Copy link

FrancescaRodricks commented Sep 9, 2024
edited
Loading

https://github.com/Azure/terraform-provider-azapi/blob/main/docs/guides/service_principal_client_certificate.md#configuring-the-service-principal-in-terraform

I tried to run a similar setup https://github.com/thomast1906/thomasthorntoncloud-examples/blob/master/Terraform-OpenAI-ContentFilter-AzAPI/terraform/main.tf#L38 of code with provider version as below.

Provider version used - azure/azapi v1.14.0...

provider "azapi" {
  subscription_id             = var.subscription_id
  client_id                   = var.client_id
  client_certificate          = var.client_certificate
  client_certificate_password = var.client_certificate_password
  tenant_id                   = var.tenant_id
  use_cli                     = false
}

And had the following error when trying to create azapi_resource.

ChainedTokenCredential: failed to
│ acquire a token.
│ Attempted credentials:
│ 	managed identity timed out
│ 	AzureCLICredential: Azure CLI not found on path

So i tried to set managed identity based auth to false using the use_msi = false

provider "azapi" {
  subscription_id             = var.subscription_id
  client_id                   = var.client_id
  client_certificate          = var.client_certificate
  client_certificate_password = var.client_certificate_password
  tenant_id                   = var.tenant_id
  use_cli                     = false
  use_msi                     = false 
}

And ran into the following error

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: Failed to obtain a credential.
│ 
│   with provider["registry.terraform.io/azure/azapi"],
│   on main.tf line 115, in provider "azapi":
│  115: provider "azapi" {
│ 
│ no credentials were successfully initialized
╵

Which indicates that service principal credentials are not being used.

Expected Behaviour - The provider should use the service principal rather that a managed identity
@ms-henglu
Copy link
Member

Hi @FrancescaRodricks ,

Thank you for taking time to report this issue!

Please share the debug log to help us investigate.

Here's how:

  1. Add the below environment variables:
TF_LOG=DEBUG
TF_LOG_PATH=./terraform.log
  1. Run terraform plan command and the logs will be stored in the terraform.log file.

@alexey-ban
Copy link

same problem with version 1.15.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@FrancescaRodricks @alexey-ban @ms-henglu