Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure Usage Clarification and issue with provider bootstrap #199

Open
danielkimuipath opened this issue Oct 14, 2023 · 3 comments
Open

Azure Usage Clarification and issue with provider bootstrap #199

danielkimuipath opened this issue Oct 14, 2023 · 3 comments
Labels
bug Something isn't working needs:triage

Comments

@danielkimuipath
Copy link

What happened?

Hi All,
I am trying to use the azure approach but it seems that it is lacking some documentation; I was trying follow some examples but I get error as following:

echo "H4sIAAAAAAAA/0TOQUvEMBAF4Ht+xWPxHMSLmFtZBAUFEf9Atp20kXGmTJKq/fXSutDTDO/Bx3OPZmoB+8GlZR6yjOjeX3FWSXkMmJliIZCUZoRfbZjiQshSamSmAd26FeeXZyxkJavgzt/6+weoQeibzF/5OVrZ9M+iAqPSuCKZfqFOdCgBHJv0077jCOmH+oBTXE//f6vxwoSUmSBakbTJgCy4ees+nrxz7g8AAP//AQAA//8tKU8k3AAAAA==" | base64 -d | gunzip
Error: Error building ARM Config: please ensure you have installed Azure CLI version 2.0.79 or newer. Error parsing json result from the Azure CLI: launching Azure CLI: exec: "az": executable file not found in $PATH.

How can we reproduce it?

ProviderConfig

apiVersion: tf.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: default
spec:
  credentials:
    - filename: azure-credentials.json
      source: Secret
      secretRef:
        namespace: upbound-system
        name: azure-secret
        key: creds
    - filename: .terraformrc
      source: Secret
      secretRef:
        namespace: upbound-system
        name: terraformrc
        key: .terraformrc
    - filename: .git-credentials # use exactly this filename
      source: Secret
      secretRef:
        namespace: default
        name: git-credentials
        key: .git-credentials
  configuration: |
    terraform {
      required_version = ">= 1.0"
      required_providers {
        azurerm = {
          source  = "hashicorp/azurerm"
          version = ">=3.3.0"
        }
      }

      backend "azurerm" {
        resource_group_name  = "rg_name"
        storage_account_name = "sa_name"
        container_name       = "ca"
        key                  = "somekey.state
      }
    }

    provider "azurerm" {
      features {}
      client_id = jsondecode(file("azure-credentials.json")).clientId
      client_secret = jsondecode(file("azure-credentials.json")).clientSecret
      subscription_id = jsondecode(file("azure-credentials.json")).subscriptionId
      tenant_id = jsondecode(file("azure-credentials.json")).tenantId
    }

Provider

apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-terraform
spec:
  package: xpkg.upbound.io/upbound/provider-terraform:v0.9.0
  controllerConfigRef:
    name: terraform

Workspace

apiVersion: tf.upbound.io/v1beta1
kind: Workspace
metadata:
  name: pipeline
spec:
  providerConfigRef:
    name: default
  forProvider:
    # Workspaces default to using a remote source - like workspace-remote.yaml.
    # For simple cases you can use an inline source to specify the content of
    # main.tf as opaque, inline HCL.
    source: Inline
    module: |
      // Outputs are written to the connection secret.
      resource "random_id" "example" {
        byte_length = 4
      }

What environment did it happen in?

Crossplane version: upbound/crossplane:v1.13.2-up.2
@danielkimuipath danielkimuipath added bug Something isn't working needs:triage labels Oct 14, 2023
@danielkimuipath
Copy link
Author

Is anyone able to get it working on Azure?

@bobh66
Copy link
Collaborator

bobh66 commented Oct 15, 2023

@danielkimuipath The error message indicates that the provider is trying to use the Azure CLI which is not installed in the pod.

I don't know if anyone has tested the azurerm Terraform backend. If it requires the Azure CLI then it may not be supported. Can you try the same Workspace with backend kuberenetes and see if that works?

There is more info in #73 which seems to have worked.

@mjnovice
Copy link

mjnovice commented Nov 7, 2024

with provider version 3.78.0 it works. I tested it with OIDC though.

spec:
  configuration: |
    terraform {
      required_providers {
        azurerm = {
          source = "hashicorp/azurerm"
          version = "3.78.0"
        }
      }

      backend "kubernetes" {
        secret_suffix     = "providerconfig-azure-westeurope"
        namespace         = "upbound-system"
        in_cluster_config = true
      }
    }

    provider "azurerm" {
      client_id       = "XXXXXXXXXX"
      subscription_id = "XXXXXXXXX"
      tenant_id       = "XXXXXXXXX"
      oidc_token_file_path = "/var/run/secrets/azure/tokens/azure-identity-token"
      use_oidc = true
      skip_provider_registration = true
      features {}
    }
  pluginCache: true

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs:triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mjnovice @bobh66 @danielkimuipath