I recently found that if i dont include subscriptionId, tenantId, clientId and clientSecret (service principal credentials) in the provider block, my terraform scripts still work - albeit to the wrong subscription.
My question is:
How does this work?
Where is it pulling mhy subscription details from? I have looked at the environment variables and I didnt see anything. I have run terraform in a new terminal window.
Has this recently changed?
Also, I recently read on the Terraform documentation that the provider block is deprecated and used for backward compatibility - but I cant fidn the is paragraph again to find out the context. Does anyone know where this is?
It depends on the provider, and there should be information in the provider documentation (if not, I suggest opening an issue with the provider). Many providers, aws for example, are able to pull credentials and other configuration information from environment variables or their native SDk/CLI tool authentication methods (see Terraform Registry for one example).
As for your second question:
the provider block is deprecated and used for backward compatibility
This is not true! It’s possible you came across something else that is deprecated, but the provider block is not.
As for how the terminal use of terraform cli works when I dont provide any credentials, I am still stuck. I looked at the authentication segments again and still nothing clicked with me. As I mentioned, I already checked the environment variables. I will now start to look for configuration files around the mac OSX. I really dont like the idea of my guids being available like that though.
I use vs code as my editor and what ever my az account show is will be the subscription details used. when I change my account with az login and az account set the terraform script uses this set of credentials.
I dont know where these details are stored but am happy to know how to check and set them.