You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Terraform version: 1.8.1
Go runtime version: go1.22.1
Use Cases
According to azurerm provider docs, the azurerm provider supports service principal authentication with the ARM_CLIENT_CERTIFICATE env var (base64 encoded .pfx file contents).
It would be great if azure remote state backend would support that too.
Attempted Solutions
Here is an example of the backend configuration used:
...
Initializing the backend...
2024-04-22T08:35:08.491Z [INFO] Testing if Service Principal / Client Certificate is applicable for Authentication..
2024-04-22T08:35:08.492Z [INFO] Testing if Multi Tenant Service Principal / Client Secret is applicable for Authentication..
2024-04-22T08:35:08.492Z [INFO] Testing if Service Principal / Client Secret is applicable for Authentication..
2024-04-22T08:35:08.492Z [INFO] Testing if OIDC is applicable for Authentication..
2024-04-22T08:35:08.492Z [INFO] Testing if Managed Service Identity is applicable for Authentication..
2024-04-22T08:35:08.492Z [INFO] Testing if Obtaining a Multi-tenant token from the Azure CLI is applicable for Authentication..
2024-04-22T08:35:08.492Z [INFO] Testing if Obtaining a token from the Azure CLI is applicable for Authentication..
2024-04-22T08:35:08.492Z [INFO] Using Obtaining a token from the Azure CLI for Authentication
.... # More initialization logs
╷
│ Error: Error building ARM Config: obtain subscription(20000000-0000-0000-0000-000000000000) from Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account.
│
│
╵
As you can see Service Principal / Client Certificate authentication is not used.
Proposal
I am guessing that the starting point would be to add a property in the schema here:
Thanks for this feature request! If you are viewing this issue and would like to indicate your interest, please use the 👍 reaction on the issue description to upvote this issue. We also welcome additional use case descriptions.
Note that the Azure backend is maintained by the AzureRM provider team, who primarily work out of the terraform-provider-azurerm repository and have their own prioritization process and schedule.
Terraform Version
Use Cases
According to azurerm provider docs, the azurerm provider supports service principal authentication with the ARM_CLIENT_CERTIFICATE env var (base64 encoded .pfx file contents).
It would be great if azure remote state backend would support that too.
Attempted Solutions
Here is an example of the backend configuration used:
Example of environment variables used:
Outputed logs from
terraform init
:As you can see Service Principal / Client Certificate authentication is not used.
Proposal
I am guessing that the starting point would be to add a property in the schema here:
terraform/internal/backend/remote-state/azure/backend.go
Line 112 in 5868f99
References
Same was proposed for azurerm provider: hashicorp/terraform-provider-azurerm#17741
The text was updated successfully, but these errors were encountered: