I am encountering an error while running terraform plan. The error message is as follows:
Planning failed. Terraform encountered an error while generating this plan.
╷
│ Error: unable to build authorizer for Resource Manager API: could not configure AzureCli Authorizer: obtaining subscription ID: obtaining account details: running Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account.
│
│ with provider["registry.terraform.io/hashicorp/azurerm"],
│ on providers.tf line 17, in provider "azurerm":
│ 17: provider "azurerm" {
This is my Provider.tf file:-
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=4.4.0"
}
azapi = {
source = "Azure/azapi"
version = "1.9.0"
}
}
}
provider "azurerm" {
storage_use_azuread = true
features {}
}
This is my github action workflow-call
file where I am defined all the needed environment variables.
name: Terraform Plan
on:
workflow_call:
inputs:
environment:
required: true
description: Environment used to config Github environments
type: string
location:
required: true
description: The azure region location to deploy the resources
type: string
terraform_version:
required: true
description: The Terraform version to use
type: string
default: "1.6.6"
terraform_directory:
required: true
description: The path to the terraform code relative to the root directory
type: string
default: ./terraform/selfhosted-dp-appsvc
terraform_workspace:
required: true
description: Terraform workspace to use
type: string
default: dev-default
terraform_plan_output:
required: true
description: Name of the terraform plan output
type: string
terraform_apply:
required: false
description: Whether to apply terraform play or not
type: boolean
default: false
env:
TF_VAR_location: ${{ inputs.location }}
TF_VAR_env: ${{ inputs.environment }}
ARM_CLIENT_ID: ${{ secrets.AARM_CLIENT_ID_NON_PROD }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET_NON_PROD }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID_NON_PROD }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID_NON_PROD}}
ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY_NON_PROD }}
jobs:
terraform:
name: terraform
runs-on: uhg-runner
environment: ${{ inputs.environment }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Terraform
uses: uhg-actions/setup-terraform@v2
with:
terraform_version: ${{ inputs.terraform_version }}
- name: Terraform init
working-directory: ${{ inputs.terraform_directory }}
run: terraform init -reconfigure -backend-config=${{ inputs.environment }}/backend.config
- name: Terraform workspace
working-directory: ${{ inputs.terraform_directory }}
run: terraform workspace new ${{ inputs.terraform_workspace }} || terraform workspace select ${{ inputs.terraform_workspace }}
- name: Terraform Validate
working-directory: ${{ inputs.terraform_directory }}
run: terraform validate
- name: Terraform plan
working-directory: ${{ inputs.terraform_directory }}
run: terraform plan -input=false -var-file=${{ inputs.environment }}/terraform.tfvars -out=${{ inputs.terraform_plan_output }}
- name: Terraform Apply
if: ${{ inputs.terraform_apply }}
working-directory: ${{ inputs.terraform_directory }}
run: terraform apply -input=false ${{ inputs.terraform_plan_output }}
This is my github action file:
name: AZ CONTAINER APP IAC pipeline
on:
workflow_dispatch:
inputs:
environment:
type: environment
description: 'Environment to deploy'
required: true
default: 'non-prod'
permissions:
contents: read
pull-requests: write
jobs:
deployment-cgw-az-containerapp-centralus:
name: AZ CONATINER APP deployment [CentralUS]
uses: ./.github/workflows/azure-tf.yaml
with:
environment: ${{ github.event.inputs.environment || 'non-prod' }}
terraform_version: "1.6.6"
terraform_workspace: ${{ github.event.inputs.environment }}-az-container-app
terraform_directory: ./terraform/containerapp
location: centralus
terraform_plan_output: ${{ github.event.inputs.environment }}-az-container-app-centralus-tfplan
terraform_apply: true
secrets: inherit
Build Authorizer for Azure Resource Manager API while using terraform.
Hello vikash sharma, seems like you have already found a workaround for your problem, I am highlighting the approach, please feel free to add your inputs or your workaround solution to this as it may help other folks having similar problem on SO.
The blocker you mentioned that the is due to Azure CLI (az
) is not logged in which is mandatory to authenticate.
As GuiFalourd suggested the typo due to extra "A" at the beginning could be causing the error since Terraform might not be able to pick up the correct client ID.
Updated line
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID_NON_PROD }}
Make sure that all other environment variables (ARM_CLIENT_SECRET
, ARM_TENANT_ID
, ARM_SUBSCRIPTION_ID
, and ARM_ACCESS_KEY
) are accurately named and match your secrets configuration.
refer:
https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure
https://dev.to/willvelida/deploying-to-azure-with-terraform-and-github-actions-5191