5

Setting up terraform cloud for the first time and getting this error. Not sure why as on my local machine azure CLI is installed and the path is set, but I think has something to do with setting it in the terraform cloud platform.

Error: building AzureRM Client: please ensure you have installed Azure CLI version 2.0.79 or newer. Error parsing json result from the Azure CLI: launching Azure CLI: exec: "az": executable file not found in $PATH.
with provider["registry.terraform.io/hashicorp/azurerm"]
on versions.tf line 21, in provider "azurerm":

provider "azurerm" {

My currently tf code

versions.tf

terraform {

  cloud {
    organization = "myorg"

    workspaces {
      name = "dev"
    }
  }

  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~>3.10.0"
    }
  }

  required_version = ">= 1.2.3"
}

provider "azurerm" {
  features {}
}

variables.tf

variable "tenant_id" {
    description = "tenant id for azure subscription"
}

main.tf

resource "azurerm_resource_group" "testrg" {
  name     = "test-rg"
  location = "Central US"
}

not doing anything fancy, but not sure how to get past the azure CLI error. I know where variables can be set in the terraform cloud platform, but not specifically where to set a $Path for the azure cli or even how to install azure cli in terraform cloud. On my local machine, I am logging in with az login on an account with sufficient permissions to the subscription.

dcvl
  • 485
  • 1
  • 7
  • 21
  • 1
    I've hit the same block. I've been trying for a while now to try and figure it out, but I can not for the life of me work it out. Trying out Pulumi which I've had slightly better luck with, so if anyone is looking for an alternative to try, it might help Googling for Terraform alternatives too? My $PATH clearly has the correct values, so I'm uncertain about what I should do/try next... kibble@duke:~/ $ which az # /usr/bin/az kibble@duke:~/ $ echo $PATH # /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/lib/wsl/lib # az version: 2.38.0 – kibblewhite Jul 30 '22 at 14:08

3 Answers3

8

I'm trying to "boil down" kavya Saraboju's answer, which is formally correct, to a bare minimum that helped me.

The Error message seems to be very confusing, if it has anything at all to do with the actual problem. I had to set the environment variables ARM_CLIENT_ID, ARM_TENANT_ID, ARM_CLIENT_SECRET and ARM_SUBSCRIPTION_ID in Terraform Cloud. Go to Terraform Cloud's web admin panel, choose your workspace, click on "Variables" and set all the required values:

enter image description here

Read here how to obtain the values for those variables.

I'm a beginner as well on both Terraform and Azure, but I anyway hope this answer will help anybody who stumbles across this issue.

And also, my solution is described comprehensively in this tutorial.

Monkey Supersonic
  • 1,165
  • 1
  • 10
  • 19
4

It looks like , you are trying to login using az login.This works for local terraform runs . To authenticate in terraform cloud instance , you may need to use Terraform Cloud workspace variables .

Please make sure to complete below steps:

  1. Please check , if you have created service principal. If you're using Azure Clouds for example US Government .In the first step you need to configure the Azure CLI to work with that Cloud.

    $ az cloud set --name AzureUSGovernment

    Then log in using az login and check for the subscriptions listed and set it up for one.

    $ az login
$ az account list
$ az account set --subscription="SUBSCRIPTION_ID"

    Now please try to create the Service Principal which will have permissions to actually manage resources in that particular specified Subscription which had been set in the previous step.

    $ az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/SUBSCRIPTION_ID"

    Where you can get tenant id, clientId etc which can be used as environment variables later. This document on creating a service principal using the azure-cli | Terraform Registry will guide you in detail

  2. Now in terraform cloud workers , as we cant use az login, we can logout of it and set the environment variables something like below from the obtained values from previous steps.

    $ export ARM_CLIENT_ID="xxxxxxxxxx"
$ export ARM_SUBSCRIPTION_ID="xxxxxxx"
$ export ARM_TENANT_ID="xxxxxx"
$ export ARM_CLIENT_SECRET="xxxxxxx"

    see Configuring the Service Principal in Terraform

  3. Then you can specify Terraform and Provider blocks

    terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=3.0.0"
    }
  }
}

# Configure the Microsoft Azure Provider
provider "azurerm" {
  features {}
}

    Then try to run terraform init > terraform plan or terraform apply which can probably make it possible to authenticate and make terraform to run using the Service Principal .

Reference: Using the Azure Provider with Terraform Cloud - Terraform - HashiCorp Discuss

Also do check if you have latest version of terraform, if not install and try with it.

kavyaS
  • 8,026
  • 1
  • 7
  • 19
0

@Monkey Supersonic's answer is correct and worked for me. When using Terraform Cloud, setting the environmental variables for Azure authentication is needed for the Terraform Cloud agent to login. You get the values for the variables by creating a service principal for the subscription you want to create resources in.

I recommend using a Variable set, so you don't have to recreate the variables in each workspace you create. Just make sure to apply the Variable set to either all workspaces (if only using one subscription) or apply the variable set to the appropriate workspace or project containing the workspaces for the desired subscription.

Asmar Fontenot
  • 1