I have a simple main.tf that is attempting to create a new group in azure AD with an SPN and cert authentication. I’m not a hard core terraform, but have worked with in the past using SPNs and secrets. Here is my main.tf:
terraform {
required_providers {
azuread = {
source = “hashicorp/azuread”
version = “1.5.0”
}
}
}
provider “azuread” {
}
resource “azuread_group” “example” {
display_name = “zztstgrp01”
}
But I get the following error:
│ Error: getting authenticated object ID: adal: Refresh request failed. Status Code = ‘401’. Response body: {“error”:“invalid_client”,“error_description”:“AADSTS700027: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client: ‘88B00441D9B54F0A5726334A9FF9303D7B2B0DF5’, Please visit the Azure Portal, Graph Explorer or directly use MS Graph to see configured keys for app Id ‘00c6b0f7-0fc7-466c-a696-8dbb32762894’. Review the documentation at National cloud deployments - Microsoft Graph | Microsoft Docs to determine the corresponding service endpoint and Get application - Microsoft Graph v1.0 | Microsoft Docs to build a query request URL, such as ‘https://graph.microsoft.com/beta/applications/00c6b0f7-0fc7-466c-a696-8dbb32762894’]\r\nTrace ID: 28416850-550a-4e39-bb18-2defa2485300\r\nCorrelation ID: 5f848b92-853b-46da-9a51-46fc29557283\r\nTimestamp: 2021-07-30 02:53:47Z”,“error_codes”:[700027],“timestamp”:“2021-07-30 02:53:47Z”,“trace_id”:“28416850-550a-4e39-bb18-2defa2485300”,“correlation_id”:“5f848b92-853b-46da-9a51-46fc29557283”,“error_uri”:“https://login.microsoftonline.com/error?code=700027”} Endpoint Sign in to your account
Can somebody please give me an example URL or tell me what I’m going wrong or missing. I should add that I’m running under powershell and I’ve set:
$env:ARM_CLIENT_ID
$env:ARM_CLIENT_CERTIFICATE_PATH
#$env:ARM_CLIENT_CERTIFICATE_PASSWORD
$env:ARM_TENANT_ID
I do not have a client cert password, so I did not set.
Thank you,
crick