Not able to connect to Azure with Service Principal credentials from Jenkins

Hi,

I am trying to deploy resources to Azure from Jenkins using Terraform. I have created a Service principal in Azure and added the credentials in Jenkins. (SP has contributor level access)

In the pipeline script, I have added sh step to authenticate with AzCLI. (Followed the procedure in TF docs). - This works fine

But, somehow Terraform is not able to get through Azure with these credentials. I am getting an error at terraform init.

The error I see is “error building azurerm client: authenticating using the azure cli is only supported as a user (not a service principal).”

What is the best practice to make terraform work with Azure?

Hi,
i think the error message is pretty clear.
Azure CLI based auth only works as a user and not as a Service Principal with Terraform.

In order to authenticate with an SP, one approach would be to set the parameters as an environment variable.

Example from the Docs:

$ export ARM_CLIENT_ID="00000000-0000-0000-0000-000000000000"
$ export ARM_CLIENT_SECRET="00000000-0000-0000-0000-000000000000"
$ export ARM_SUBSCRIPTION_ID="00000000-0000-0000-0000-000000000000"
$ export ARM_TENANT_ID="00000000-0000-0000-0000-000000000000"

See this guide for more details

Thanks for the reply. I followed the same guide. I set up the environment variables on the Jenkins host. Didnt solve the issue. I must be doing something wrong. I will figure it out.

You could specify the credentials as part of the provider configuration in your terraform code directly, just to see if thats working and to make sure Jenkins is not messing with the environment variables.

variable "client_secret" {}

provider "azurerm" {
  # Whilst version is optional, we /strongly recommend/ using it to pin the version of the Provider being used
  version = "=1.38.0"

  subscription_id = "00000000-0000-0000-0000-000000000000"
  client_id       = "00000000-0000-0000-0000-000000000000"
  client_secret   = "${var.client_secret}"
  tenant_id       = "00000000-0000-0000-0000-000000000000"
}