Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AzureRM backend - Error building ARM Config: A Subscription ID must be configured #35901

Open
delikvent opened this issue Oct 25, 2024 · 1 comment
Open

AzureRM backend - Error building ARM Config: A Subscription ID must be configured #35901

delikvent opened this issue Oct 25, 2024 · 1 comment
Labels
backend/azure bug new new issue not yet triaged

Comments

@delikvent
Copy link

delikvent commented Oct 25, 2024
edited
Loading

Terraform Version

Terraform v1.9.8
on darwin_arm64

Terraform Configuration Files

# I understand the need for "subscription_id" and "resource_group_name"
# in azurerm backend config when using "access keys" based AUTH, example code below :

backend "azurerm" {
  subscription_id      = "d4b99e03-5dc4-4874-b951-b6a7ea5f0e6c" # randomly generated GUID to emulate a real "subscription_id"
  resource_group_name  = "resource_group_name"
  storage_account_name = "storage_account_name"
  container_name       = "container_name"
  key                  = "terraform.tfstate"
}

# Technically speaking, terraform doesn't require "subscription_id" or "resource_group_name"
# in azurerm backend config when using "RBAC" based AUTH.
# However, currently, you need to pass a placeholder/dummy "subscription_id" 
# for terraform to configure the azurerm backend as expected, example code below :

backend "azurerm" {
  subscription_id      = "00000000-0000-0000-0000-000000000000" # placeholder/dummy "subscription_id"
  storage_account_name = "storage_account_name"
  container_name       = "container_name"
  key                  = "terraform.tfstate"
  use_azuread_auth     = true
}

Debug Output

n/a

Expected Behavior

# The example code below should be a valid azurerm backend config :

backend "azurerm" {
  storage_account_name = "storage_account_name"
  container_name       = "container_name"
  key                  = "terraform.tfstate"
  use_azuread_auth     = true
}

Actual Behavior

Got the following error message during terraform init stage :

  • Error building ARM Config: 1 error occurred:
  • A Subscription ID must be configured when authenticating as a Service Principal using a Client Secret.

Steps to Reproduce

terraform init

Additional Context

Environment variables :

  • ARM_CLIENT_ID
  • ARM_CLIENT_SECRET
  • ARM_TENANT_ID

References

Throwing in error code paths that I have looked at :

https://github.com/hashicorp/terraform/blob/v1.9.8/internal/backend/remote-state/azure/arm_client.go#L102
https://github.com/hashicorp/go-azure-helpers/blob/v0.43.0/authentication/auth_method_client_secret.go#L88
@delikvent delikvent added bug new new issue not yet triaged labels Oct 25, 2024
@crw
Copy link
Collaborator

crw commented Nov 15, 2024

Thanks for this submission! The azure backend is managed by the AzureRM team at HashiCorp, and this has been put on their backlog for review. Thanks again for the report!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backend/azure bug new new issue not yet triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jbardin @crw @delikvent