provider “azurerm” {
version = “~> 2.4.0”
skip_credentials_validation = “true”
features {}
use_msi = var.use_msi
subscription_id = var.subscription_id
tenant_id = var.tenant_id
}

verify if pipeline can access resource groups in Azure account

data “azurerm_resource_group” “example” {
name = “”
}

output “id” {
value = data.azurerm_resource_group.example.id
}

Error: Error checking for presence of existing resource group: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/<subscription_id>/resourcegroups/?api-version=2020-06-01: StatusCode=400 – Original Error: adal: Refresh request failed. Status Code = ‘400’. Response body: {“error”:“invalid_request”,“error_description”:“Identity not found”}

The identity exists and one can login using Azure CLI.
The terraform code was working about 10 days ago and then we started seeing this error.

• terraform init and terraform plan works fine
• env vars use_msi , subscription_id and tenant_id are provided in terraform commands with -var flag
• Fails at terraform apply

Hi @rkmaskara, have you tried upgrading the provider version as 2.4.x is quite old at this point. It’s possible that MI authentication was changed and the latest provider release is more likely to have any necessary changes.