0
votes

Terraform plan followed by successful azure login returns the below error. Not sure why Terraform complains about invalid credentials while refreshing state even though the credentials were successfully executed.

    terraform plan
  `[0m[1mRefreshing Terraform state in-memory prior to plan...[0m The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage.
[0m
[31m
[1m[31mError: [0m[0m[1mError refreshing state: 1 error occurred:
    * provider.azurerm: Error building AzureRM Client: Error populating Client ID from the Azure CLI: No Authorization Tokens were found - please re-authenticate using `  `az login`.
1
Not exactly... This to me works fine in my local .. when you executing the same via Jenkins pipeline am I'm trying to inject the env variable set for the Client Secret to be used inside the Terraform as I don't want to check in the credentials into gitAvi
Yes, you can set the client secret as environment variables, see the details here.Charles Xu

1 Answers

1
votes

To authenticate in Terraform for Azure, Azure CLI and Azure service principal are the two ways we usually use.

To use the Azure CLI, generally, we do not set the provider block in the terraform or just set the provider only like below:

provider "azurerm" {

  version = "=1.28.0"

}

I will suggest you do not set the provider in the Terraform file. If the tenant has multiple subscriptions, you can also set the special subscription when you log in through the Azure CLI.

To use the Azure service principal, you need to set the provider block in the terraform like below:

provider "azurerm" {

  version = "=1.28.0"

  subscription_id = "00000000-0000-0000-0000-000000000000"
  client_id       = "00000000-0000-0000-0000-000000000000"
  client_secret   = "xxxxxxx"
  tenant_id       = "00000000-0000-0000-0000-000000000000"
}

As I think, the error may show that you set the client Id in the Terraform provider and it's different from the CLI which you login successfully.

As you said, you have login successfully through Azure CLI, so the easiest way is just to delete the provider in the Terraform file.