Terraform azure cli authentication in container

1
votes

I want to create container from which I will run my terraform commands. My dockerfile looks like this:

FROM mcr.microsoft.com/azure-cli
RUN apk add curl
ENV TERRAFORM_VERSION 0.12.21
RUN curl -sL https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip -o tf.zip \
  && unzip tf.zip \
  && mv terraform /sbin/ \
  && rm -rf tf.zip

My main.tf looks like:

provider "azurerm" {
  version         = "~>1.44"
  subscription_id = "xxx"
}
provider "azuread" {
  version = "~>0.6.0"
}
terraform {
  backend "azurerm" {}
}

What I usually do on my Windows host is az login and then

terraform init \
    -backend-config=storage_account_name=xxx \
    -backend-config=container_name=terraform-state \
    -backend-config=access_key="xxx" \
    -backend-config=key=app.tfstate

The problem is that when I do same inside the docker container run as follows docker run --rm -ti <IMAGE_ID> bash instead of successful initialization I get weird error like:

Error: Failed to get existing workspaces: storage: service returned error: StatusCode=403, ErrorCode=AuthenticationFailed, ErrorMessage=Server failed to authenticate the request. Make sure the value of 
Authorization header is formed correctly including the signature.

Is this somehow related to

1
terraformterraform-provider-azure
just created this dockerfile today, it worked fine, can you, perhaps, try it out?4c74356b41
Thanks for link @4c74356b41. Tried out but there is not difference. I get same error. Are you also using terraform azure cli authentication?svobol13
yeah, I'm using azure cli auth on that particular docker image. does this work for you using the same credentials outside of docker4c74356b41
yes I aws using azure cli auth for several months from my windows machine but once I try to run it from inside of the Docker container I get that error. So far I was not able to simulate that behavior outside the container.svobol13

1 Answers

1
votes

For some unknown reason everything started working once I used ubuntu:18.04 image instead of mcr.microsoft.com/azure-cli and installed az myself.

FROM ubuntu:18.04
RUN apt update && apt install -y curl jq wget unzip ca-certificates gnupg lsb-release apt-transport-https 

# Install Azure CLI
COPY azure-cupi.pub /root/.ssh/azure-cupi.pub
RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash
RUN curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
RUN AZ_REPO=$(lsb_release -cs) && echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | tee /etc/apt/sources.list.d/azure-cli.list
RUN apt update && apt install -y azure-cli

# Install Terraform
ARG TERRAFORM_VERSION="0.12.22"
RUN cd /tmp && \
    wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \
    unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/bin && \
    rm -rf /tmp/* && \
    rm -rf /var/cache/apk/* && \
    rm -rf /var/tmp/*

I did not find the significant difference.