Not able to connect to Azure with Service Principal credentials from Jenkins

Vamsi · January 3, 2020, 2:47pm

Hi,

I am trying to deploy resources to Azure from Jenkins using Terraform. I have created a Service principal in Azure and added the credentials in Jenkins. (SP has contributor level access)

In the pipeline script, I have added sh step to authenticate with AzCLI. (Followed the procedure in TF docs). - This works fine

But, somehow Terraform is not able to get through Azure with these credentials. I am getting an error at terraform init.

The error I see is “error building azurerm client: authenticating using the azure cli is only supported as a user (not a service principal).”

What is the best practice to make terraform work with Azure?

steffencircle · January 4, 2020, 9:20am

Hi,
i think the error message is pretty clear.
Azure CLI based auth only works as a user and not as a Service Principal with Terraform.

In order to authenticate with an SP, one approach would be to set the parameters as an environment variable.

Example from the Docs:

$ export ARM_CLIENT_ID="00000000-0000-0000-0000-000000000000"
$ export ARM_CLIENT_SECRET="00000000-0000-0000-0000-000000000000"
$ export ARM_SUBSCRIPTION_ID="00000000-0000-0000-0000-000000000000"
$ export ARM_TENANT_ID="00000000-0000-0000-0000-000000000000"

See this guide for more details

Vamsi · January 4, 2020, 9:53am

Thanks for the reply. I followed the same guide. I set up the environment variables on the Jenkins host. Didnt solve the issue. I must be doing something wrong. I will figure it out.

steffencircle · January 4, 2020, 11:01am

You could specify the credentials as part of the provider configuration in your terraform code directly, just to see if thats working and to make sure Jenkins is not messing with the environment variables.

variable "client_secret" {}

provider "azurerm" {
  # Whilst version is optional, we /strongly recommend/ using it to pin the version of the Provider being used
  version = "=1.38.0"

  subscription_id = "00000000-0000-0000-0000-000000000000"
  client_id       = "00000000-0000-0000-0000-000000000000"
  client_secret   = "${var.client_secret}"
  tenant_id       = "00000000-0000-0000-0000-000000000000"
}

mmreddy1582 · April 9, 2020, 8:52pm

I too have similar issue from Jenkins .Please kindly share if any workaround .
To authenticate to Azure using a Service Principal, you can use the separate ‘Authenticate using a Service Principal’
auth method - instructions for which can be found here: https://www.terraform.io/docs/providers/azurerm/guides/service_principal_client_secret.html

Alternatively you can authenticate using the Azure CLI by using a User Account.e[0m

Topic		Replies	Views
Azure Service Principal usage in Jenkinsfile for Terraform Init Azure	1	126	November 12, 2024
Terraform Cloud Agent on Ubuntu HCP Terraform	2	279	November 15, 2023
Using an Azure service principal in main.tf Azure	3	1332	September 4, 2022
How to authenticate from Terraform Cloud to Azure? Azure	4	8533	November 22, 2023
Terraform init does not run with the same login context as other terraform commands Terraform hcp-terraform , azure	0	253	August 11, 2023

Not able to connect to Azure with Service Principal credentials from Jenkins

Related topics