I am starting to test migrating from Terraform 1.0.0 to 1.1.5, and also migrate to the use of Microsoft Graph per the Azure AD Graph deprecation on June 30, 2020.
To test, I started tcpdump then ran terraform apply with:
My interpretation is that Terraform 1.1.5, even with the correct directive and reconfiguration, does not use Microsoft Graph. Can anyone give me some insights as to what could be happening?
I’m not personally familiar with these Azure backend concepts, so hopefully someone who is more familiar will see this and respond, but for my part I looked at the part of the backend code which handles that new argument:
It seems like the behavior of this flag is to choose between two different methods on the underlying Azure SDK, which are then responsible for making whatever network calls you are seeing.
I see it also emits a different log line in each case, so if you set the environment variable TF_LOG=DEBUG when you run Terraform you should presumably be able to see it show one of the following log lines to indicate what type of token it requested:
[DEBUG] Obtaining a MSAL / Microsoft Graph token for Resource Manager..
OR
[DEBUG] Obtaining a ADAL / Azure Active Directory Graph token for Resource Manager..