Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

terraform import doesn't support runAzLogin: true #54

Closed
dvasdekis opened this issue Jun 3, 2021 · 3 comments
Closed

terraform import doesn't support runAzLogin: true #54

dvasdekis opened this issue Jun 3, 2021 · 3 comments
Assignees
Labels
question Further information is requested

Comments

@dvasdekis
Copy link
Contributor

Describe the bug
Running import without runAzLogin: true I get:

 Error: Error building AzureRM Client: obtain subscription(*azure sub id*) from Azure CLI: Error parsing json result from the Azure CLI: Error waiting for the Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account.

But running import with runAzLogin: true I get the same error.

To Reproduce
Try the below pipeline:

trigger:
- master
pool:
  vmImage: windows-latest
parameters:
- name: 'environments'
  type: object
  default: 
  - dev
  - tst
  - prd

steps:
- ${{ each env in parameters.environments }}:
  - task: TerraformInstaller@0
    displayName: install terraform
  - task: TerraformCLI@0
    displayName: 'Terraform set workspace to ${{ env }}'
    inputs:
      workingDirectory: $(Build.SourcesDirectory)/infra
      command: workspace
      workspaceSubCommand: new
      workspaceName: ${{ env }}
  - task: TerraformCLI@0
    displayName: 'terraform init ${{ env }}'
    inputs:
      workingDirectory: $(Build.SourcesDirectory)/infra
      command: init
      backendType: local
  - task: TerraformCLI@0
    displayName: 'terraform import ${{ env }}'
    inputs:
      command: import
      workingDirectory: $(Build.SourcesDirectory)/infra
      resourceAddress: azurerm_resource_group.myrg
      resourceId: "/subscriptions/*redacted*/resourceGroups/myrg"
      runAzLogin: true

Expected behavior
I want to be able to import my resource groups, like I can on desktop.

Pipeline Logs

C:\hostedtoolcache\windows\terraform\0.15.5\x64\terraform.exe version
Terraform v0.15.5
on windows_amd64
+ provider registry.terraform.io/hashicorp/azurerm v2.61.0
+ provider registry.terraform.io/hashicorp/random v3.1.0
C:\hostedtoolcache\windows\terraform\0.15.5\x64\terraform.exe import azurerm_resource_group.myrg /subscriptions/*redacted*/resourceGroups/myrg

│ Error: Error building AzureRM Client: obtain subscription(*redacted*) from Azure CLI: Error parsing json result from the Azure CLI: Error waiting for the Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account.
│   with provider["registry.terraform.io/hashicorp/azurerm"],
│   on D:\a\1\s\infra\main.tf line 67, in provider "azurerm":
│   67: provider "azurerm" {

Finishing: terraform import dev

Agent Configuration
All default versions, Azure hosted

@dvasdekis dvasdekis added the bug Something isn't working label Jun 3, 2021
@charleszipp charleszipp self-assigned this Jun 3, 2021
@charleszipp charleszipp added question Further information is requested and removed bug Something isn't working labels Jun 3, 2021
@charleszipp
Copy link
Collaborator

@dvasdekis, in order to use runAzLogin, you will need to specify a service connection via the environmentServiceName input in order for the azure cli to authenticate. The task uses the service connection's credentials to run az login. Without specifying the service connection, then it would have no means to authenticate against azure.
When doing this on your desktop, you have likely already logged into the az cli before running terraform import. Terraform will automatically pick the az cli context up to authenticate against azure.
If you cannot use a service connection, an alternative is to set the environment variables terraform expects for the azurerm provider. The task provides a means to more easily establish these via Secure Var Files. If you specify a secure var file via secureVarsFile input whose extension ends with .env it will export the vars set in the .env file as environment variables on the agent.

@charleszipp
Copy link
Collaborator

See also docs about how to specify a service connection here
Also, see docs about how to setup secure env files for manual configuration

@dvasdekis
Copy link
Contributor Author

Thanks Charles! Setting the service connection worked a treat :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
None yet
Development

No branches or pull requests

2 participants