I’m struggling to get the TFC agent working on an Azure VM running Ubuntu. I have set up The TFC workspace and the Agent Pool. The agent is initializing as expected when I submit jobs to the workspace. I have installed the Azure CLI onto the Agent VM and successfully logged into AZ. I have even installed the full terraform client onto the vm and successfully deployed resources using tf files with no credentials, proving the Azure client is functioning. Every job I submit to the agent fails though, with “Error: building AzureRM Client: obtain subscription() from Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Please run ‘az login’ to setup account” Can anyone suggest a reason/solution to this ?
When Terraform runs are managed by Terraform Cloud, even if that’s being run through your own Terraform Cloud Agent, the system expects the necessary credentials to be configured as part of the workspace in Terraform Cloud, and then Terraform Cloud will send that information to the agent as part of each agent job. This then allows a single agent to work on many different workspaces that have different settings.
I am not very experienced with Azure in particular so I can’t give specific advice about it, but the general idea would be to configure environment variables in your workspace settings that match the environment variables mentioned in the provider documentation related to authentication. The provider should not need to rely on Azure CLI for authentication when running in Terraform Cloud Agent, because all of the settings it requires should already be present in the environment.
Many thanks for the reply. I concur with your thoughts. My reason for attempting to use the agent was as a workaround to my inability to create a Service Principal in a particular environment I’m working in. My intent was to try to capture user credentials and use them with the agent, hence using the AZ client. Testing the agent using a Security Principal, with parameters included as TF variables, worked as expected but did not achieve the goal I was trying for. Seems there is no way to use a personal AZ account as provider authentication when using TFC with Azure, This is easily done with AWS and GCP so its obviously an Azure restriction. Thanks again