Terraform-provider-azurerm: data.azurerm_client_config.current has empty client_id, object_id and tenant_id when using Azure MSI

Created on 16 Jul 2020  路  2Comments  路  Source: terraform-providers/terraform-provider-azurerm

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

terraform -v
Terraform v0.12.26
+ provider.azurerm v2.19.0

Affected Resource(s)

  • azurerm_client_config Data

Terraform Configuration Files

provider "azurerm" {
    version = "~> 2.0" 
    features {}
}

data azurerm_client_config current {}

output current_client_config {
    value = data.azurerm_client_config.current
}

Debug Output

Panic Output

Expected Behavior

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Outputs:

current_client_config = {
  "client_id" = "00000000-0000-0000-0000-000000000000"
  "id" = "2020-07-16 19:32:04.738092599 +0000 UTC"
  "object_id" = "00000000-0000-0000-0000-000000000000"
  "subscription_id" = "00000000-0000-0000-0000-000000000000"
  "tenant_id" = "00000000-0000-0000-0000-000000000000"
}

Actual Behavior

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Outputs:

current_client_config = {
  "client_id" = ""
  "id" = "2020-07-16 19:32:04.738092599 +0000 UTC"
  "object_id" = ""
  "subscription_id" = "00000000-0000-0000-0000-000000000000"
  "tenant_id" = ""
}

Steps to Reproduce

  1. Create a VM in azure with a Managed System Identity(MSI)
  2. Login to the newly created VM.
  3. Set required environment variables export ARM_SUBSCRIPTION_ID=00000000-0000-0000-0000-000000000000 ARM_USE_MSI=true
  4. terraform init
  5. terraform apply

Important Factoids


The azure_client_config data provider becomes useless since you're not able to retrieve any useful information.

References

  • #0000
authentication question
Source
picture gevorg15
👍6

Most helpful comment

The MSI works fine (can manage resources) but if you want to access these (client_id and object_id) keys under azurerm_client_config, the values are missing/empty.
Terraform 0.13.5
Provider 2.38.0

picture radu-stefanache on 27 Nov 2020
👍2

All 2 comments

Hi @gevorg15 thanks for this issue and sorry for the delay of response.

According to this document, to get the MSI authentication working, you will have to set ARM_SUBSCRIPTION_ID, ARM_USE_MSI=true and ARM_TENANT_ID or configurate them in the provider block like this:

provider "azurerm" {
  features {}

  use_msi = true
  subscription_id = "..."
  tenant_id = "..."
}
ArcturusZhang picture ArcturusZhang on 9 Oct 2020

The MSI works fine (can manage resources) but if you want to access these (client_id and object_id) keys under azurerm_client_config, the values are missing/empty.
Terraform 0.13.5
Provider 2.38.0

radu-stefanache picture radu-stefanache on 27 Nov 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

tomasaschan picture tomasaschan  路  3Comments
mikemorris picture mikemorris  路  3Comments
bentterp picture bentterp  路  3Comments
Kanikamiglani31 picture Kanikamiglani31  路  3Comments
whytoe picture whytoe  路  3Comments