Hi @gurjitsk

Thanks for opening this issue :)

I have been using Providers.tf , is there a better /secure way to do this?

Terraform supports two auth models - logging in using a shared account (Service Principal) and via the Azure CLI. You're currently using the first approach - which supports two ways of specifying credentials (in-line like you're doing) or via environment variables - which is what we'd tend to recommend in this scenario.

Also is thr a way to create a leased based login to Azure so that we never have to save the credentials anywhere ?

In this example I'd suggest using the Azure CLI to login (you can comment out the credentials in your provider.tf file) and if you're logged in using the Azure CLI a terraform plan should work.

Would it be possible to take a look and see if this solves your issue?

Thanks!

Thanks Tom,
I have installed Power CLI 2.0 and was able to login as detailed here , https://www.terraform.io/docs/providers/azurerm/authenticating_via_azure_cli.html

howerver, I had below errorwhihc says run az login, but I have already logged in: can you help ?

• provider.azurerm: Azure CLI Authorization Profile was not found. Please ensure the Azure CLI is installed and then log-in with az login

@gurjitsk just to check - which CLI are you referring too by "Power CLI 2.0"? We only support authenticating via the Azure CLI 2.0 - and not the PowerShell Cmdlets

Thanks

I am using the Azure CLI 2.0

Process I am following:

D:\Scripts\Terraform\GSK>az login
To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code DY5RXXXX to authenticate.
[
{
"cloudName": "AzureCloud",
"id": "xxxxxxxxxxxxxxxxxxxx",
"isDefault": true,
"name": "xxxxxxxxxxxxxxxxxxxxxx",
"state": "Enabled",
"tenantId": "xxxxxxxxxxxxxxxxxxx",
"user": {
"name": "xxxxxxxxxxxxx",
"type": "user"
}
}
]

D:\Scripts\Terraform\GSK>
D:\Scripts\Terraform\GSK>az account set --subscription="xxxxxxxxxxxxxxxxxxxxx"

D:\Scripts\Terraform\GSK>az login --service-principal -u "xxxxxxxxxxxxxxx" -p "xxxxxxxxxxxx" --tenant "xxxxxxxxxxxxxxxxxxxx"
[
{
"cloudName": "AzureCloud",
"id": "xxxxxxxxxxxxxxxxx",
"isDefault": true,
"name": "xxxxxxxxxxxxxxxxxxx",
"state": "Enabled",
"tenantId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"user": {
"name": "xxxxxxxxxxxxxxxxx",
"type": "servicePrincipal"
}
}
]

D:\Scripts\Terraform\GSK>terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

Error refreshing state: 1 error(s) occurred:

• provider.azurerm: Azure CLI Authorization Profile was not found. Please ensure the Azure CLI is installed and then log-in with az login.

@gurjitsk the issue is you're logging into the Azure CLI as yourself (via az login), and then as a Service Principal (via az login --service-principal ..) - which removes your authentication tokens.

If you re-run az login and login as your user (and don't log in as a Service Principal [az login --service-principal ...]) a terraform plan should work as expected :)

Thanks

I tried _az login_ only but didn't work thats why tried using SPN etc.
Here is another try: Strange thing is it connects but Terrform does not seems to be findiing some sort of setting..may be....

D:\Scripts\Terraform\GSK>az logout

D:\Scripts\Terraform\GSK>az login
To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code DXXXXX to authenticate.
[
{
"cloudName": "AzureCloud",
"id": "xxxxxxxxxxxxxxxxxxxx",
"isDefault": true,
"name": "xxxxxxxxxxxxxxxxxxxxxx",
"state": "Enabled",
"tenantId": "xxxxxxxxxxxxxxxxxxx",
"user": {
"name": "xxxxxxxxxxxxx",
"type": "user"
}
}
]

D:\Scripts\Terraform\GSK>terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

Error refreshing state: 1 error(s) occurred:

• provider.azurerm: Azure CLI Authorization Profile was not found. Please ensure the Azure CLI is installed and then log-in with az login.

Hi Tom,
What I am really after is to see if there is way to connect to Azure without leaving any username passwords in any text files.
My Colleagues are using AWS provider, and they can just use some sort of token signing where no credentials are saved locally at all and I am finding similar for Azure.

@gurjitsk to investigate this further, would it be possible to see the directory listing for the ~/.azure folder in your home directory?

What I am really after is to see if there is way to connect to Azure without leaving any username passwords in any text files.

You can use Environment Variables when using a Service Principal to achieve the same thing as detailed here, but you'll need a reboot on Windows for these to take effect in the terminal.

Directory of D:\Users\gurjsing.azure

12/10/2017 12:12

Hi, Any luck on this issue - This issue still persists on terraform version v0.11.0

Was using Azure SP with provider "azurerm" in main.tf - Removed all SP Required variables, installed azure cli 2.0.2, logged in using az login but terraform plan still throws the below error

provider.azurerm Azure CLI Authorization Profile was not found Please ensure the Azure CLI is installed and then log-in with az-login

Any help or pointers would be greatly appreciated - all my deployments blocked due to this - please advise if I should be rolling back to previous version of tf.

I am getting the same error as mentioned by @gurjitsk . I have one difference in the operation. I run the Azure CLI in a docker container (with volume mapped to home. So, I can see .azure in the home of my host). Did any one find a workaround ?

I have seen this issue resolved when using a redirected desktop. Running procmon I found that the terroform provider was looking in the HOMESHARE location for my token but could not find it.

I added run the following line after AZ LOGIN

robocopy "$env:userprofile\.azure" "$env:homeshare\.azure"

AND THEN RUN TERRAFORM.

@virtualbubble Thank you! This was my issue as well. Copying the token to homeshare was the fix.

@tombuildsstuff I'm using Azure Service Principle for authentication with Azure, I use this module for creating a VM. Upon running terraform plan, I get the below error:

* module.linuxservers.provider.azurerm: Azure CLI Authorization Profile was not found. Please ensure the Azure CLI is installed and then log-in with 'az login'.

I only use the 'linuxservers' block of the module. Any idea? Is there any way I can get through in authentication without using Azure CLI?

Closing this in favour of #1395 - which I believe should solve this.

Regarding Service Principals - we support authenticating as a Service Principal using either Environment Variables or by specifying them in-line. We also support authenticating as a regular user via the Azure CLI - however authenticating as a Service Principal via the Azure CLI is not supported (since we expect users to authenticate via either Environment Variables or inline).

Thanks!

I'm getting this same error. I'm not using a service principal. I ran az login --use-device-code and logged in. My terraform init passes just fine. Then when I run the terraform plan I get the error. I've tried robocopying the .azure folder to $env:homeshare. Tried reinstalling azureCLI. Tried setting an environment variable to the .azure folder. Nothing seems to work.

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!