Question 388442 in Azure Question posted in
The official documentation to get you started can be found here.

Azure – Terraform unable to run after converting service connection to workload identity

I have had my service connection converted to workload identity and now I’m getting these authorization errors:

enter image description here

I added in the use_oidc = true option as per the documentation:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_oidc

enter image description here

I’ve added the use_oidc = true option into the provider "azurerm" section. I’ve also tried adding it into the backend as per the documentation but none of the configurations have been successfull for me. Has anybody cracked this problem yet? Any help greatly appreciated 🙂

PS, I’m using the TerraformTaskV4@4 task

enter image description here

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I created a Microsoft support ticket, they were able to confirm that this is not supported but could not comment on the Terraform issues as this is a 3rd party tool.

    I also reached out to Databricks and they were able to confirm that this is not supported and to create a feature request.


  2. 0

    To authenticate with a service principal, you need to provide the required parameters client_id, client_secret, subscription_id, and tenant_id in the backend block.

    enter image description here

        terraform {
      backend "azurerm" {
        resource_group_name  = "RG_Name"          
        storage_account_name = "venkatstorage"                            
        container_name       = "venkat"                               
        key                  = "prod.terraform.tfstate"                
        use_oidc             = true                              
        client_id            = "xxxxxx" 
        subscription_id      = "xxxxx"  
        tenant_id            = "xxxxxxxx"
        client_secret        = "xxxxxxx"  
        use_azuread_auth     = true 
                                          
      }
    }
    
    provider "azurerm"{
        features {}
        skip_provider_registration = "true"
        subscription_id      = "1234566-c5b6-44fb-b5ba-2b83a074c23f"
        use_oidc        = true   
        use_cli         = false 
    }

    Output:

    enter image description here

    If you are using any pipeline, make sure to set the service principal details in environment by following the Stack Link by quadroid

    Reference: Stack Link1

    Configuring the Service Principal in Terraform

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search