Prefer USERPROFILE for Azure CLI Authorization Profile

[mbrancato]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.7

Affected Resource(s)

• azurerm_*

Terraform Configuration Files

resource "azurerm_resource_group" "test" {
  name     = "test"
  location = "East US"
}

Debug Output

2018/06/14 13:40:23 [ERROR] root: eval: *terraform.EvalConfigProvider, err: Azure CLI Authorization Profile was not found. Please ensure the Azure CLI is installed and then log-in with `az login`.

Expected Behavior

Look for .azure folder in $env:USERPROFILE path

Actual Behavior

Looks for .azure folder in $env:HOMEDRIVE/$env:HOMEPATH path

Steps to Reproduce

1. terraform plan

Important Factoids

The azurerm provider is using another Go project call go-homedir which improperly prefers HOMEDRIVE/HOMEPATH over USERPROFILE.

The HOMEDRIVE/HOMEPATH path is non-standard or at least deprecated. It is a relic of Windows NT4 and mostly relates to roaming profiles. As of Windows Vista, Microsoft has defined Known Folder Locations. Note that HOMEDRIVE, HOMEPATH, and HOMESHARE are not recognized system default environment variables.

I ran into this issue because my company laptop has the HOMEDRIVE and HOMEPATH environment variables set, and are different than USERPROFILE. I noticed others had also had this issue, referenced below.

References

https://msdn.microsoft.com/en-us/library/dd378457(v=vs.85).aspx

https://github.com/terraform-providers/terraform-provider-azurerm/blob/c6fec095978bbc27d278db17074622b2c3550160/vendor/github.com/mitchellh/go-homedir/homedir.go#L120-L137

#417

[mbrancato]

Pending feedback and comments, I can submit a PR to fix.

[katbyte]

Hi @mbrancato,

Sorry to hear that you are having this problem. As this sounds like it would be an issue for anyone using this package it might be best to open an issue there?

[mbrancato]

@katbyte I was unsure if the inclusion of it as an upstream dependency would be updated in future binary builds. Many terraform modules have this issue. I will open the issue there, should we leave this open to update the dependency in this repo since it is not a submodule?

Looking at the upstream package, the terraform-provider-azurerm version of the package hasn't been updated in over a year. Is it expected that the package is updated during the build process only and not pushed back to the repo?

[katbyte]

Yes and please link to it/back here. Thanks!

…

On Thu, Jun 14, 2018 at 17:53 Mike Brancato ***@***.***> wrote: @katbyte <https://github.com/katbyte> I was unsure if the inclusion of it as an upstream dependency would be updated in future binary builds. Many terraform modules have this issue. I will open the issue there, should we leave this open to update the dependency in this repo since it is not a submodule? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1395 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABkAQ5TyEcOt_sDSd0x1FPv9q1BcmmcLks5t8wV9gaJpZM4Uooyi> .

[mbrancato]

Hey @katbyte and @tombuildsstuff - the upstream fix was merged, do you see any issues there or on this end? will the build process for the next release update the repo?

[tombuildsstuff]

@mbrancato sure we'll update the vendor to include this fix :)

[tombuildsstuff]

I've just opened #1718 which includes the updated version of github.com/mitchellh/go-homedir which will fix this issue :)

[tombuildsstuff]

hey @mbrancato

Just to let you know that we've just shipped support for this as a part of v1.13.0 of the AzureRM Provider :)

Thanks!

[mbrancato]

Thanks for the update @tombuildsstuff. I'm going to work in tests for this in our next deployments.

[ghost]

@tombuildsstuff I am using v1.13.0, but I am getting No valid (unexpired) Azure CLI Auth Tokens found. Please run az login. when I run a terraform plan.

However, running az group list (to test authentication) prints a list of resource groups from our Azure account.

Should v1.13.0 work without me having to run az login so frequently?

And just to confirm, when I do an az login, my terraform plan does work as expected, although the token seems to time out after a short while.

[tombuildsstuff]

@irmbrady

Should v1.13.0 work without me having to run az login so frequently?

Unfortunately not - this issue fixed a bug where the Azure CLI path wasn't loaded from a users home directory if their home directory was on a network share.

There's a separate issue tracking that in #502 (with a proposed solution in #1752) - essentially the issue is that we don't persist the refreshed Access Token from the Azure CLI since we don't own that file (and we were trying to not potentially cause issues with the Azure CLI by writing to a file that we don't own, for instance should the schema change). There's more details in #502 and we probably have a path forward for it - but there's some larger changes in #1746 which needs to be completed first - I'd recommend subscribing to #502 for updates.

Thanks!

[ghost]

@tombuildsstuff Thanks for clarifying, and pointing me to #502 !

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!