Have you encountered the error mentioned in the subject line before?, I'm intrigued by it and unable to a solution. Here are the steps I executed to create a service principal
az login
-- Gives me a device code to enter in browser
Login to az non-interactively
az account set --subscription="xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Check correct account by
az account show
Create a SP
az ad sp create-for-rbac -n "tf-authenticator" --role contributor
Run terraform plan as like below:
[jim@rhel75 msdn]$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
azurerm_resource_group.tf-rg-cluster-sql: Refreshing state... os_profile_windows_config.1060902566.enable_automatic_upgrades: "true"
Plan: 28 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
Now, I run terraform again and I get error that No authorization token found!
[jim@rhel75 msdn]$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
Error: Error refreshing state: 1 error(s) occurred:
* provider.azurerm: Error building AzureRM Client: Error populating Client ID from the Azure CLI: No Authorization Tokens were found - please re-authenticate using `az login`.
Note, I tested and same behavior exhibits on 1. CentOS 7.6 2. Ubuntu 16.04 3. Azure Pipelines Release Pipeline (Which utilizes Ubuntu 16.04 agent)
Update: I encounter a weird error when I try to create a SP. I have already my default subscription but still run the below command and receive error:
az ad sp create-for-rbac -n "tf-authenticator" --role="Contributor" --scopes="/subscriptions/xxxxxxxxxxxxxxxxxxx"
Error message:
Changing "tf-authenticator" to a valid URI of "http://tf-authenticator", which is the required format used for service principal names
Get Token request returned http error: 400 and server response: {"error":"unauthorized_client","error_description":"AADSTS700016: Application with identifier 'bd58677d-d0a4-46a5-9b5a-02c6662ae149' was not found in the directory '055b56f0-423b-4b1a-b6bc-6ae09ab61485'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.\r\nTrace ID: cc58c97b-2247-4bf7-ab6c-7d1b993f0b00\r\nCorrelation ID: 42540a48-7d44-494b-9dc2-a8dd9d6c10b7\r\nTimestamp: 2019-03-14 00:46:49Z","error_codes":[700016],"timestamp":"2019-03-14 00:46:49Z","trace_id":"cc58c97b-2247-4bf7-ab6c-7d1b993f0b00","correlation_id":"42540a48-7d44-494b-9dc2-a8dd9d6c10b7","error_uri":"https://login.microsoftonline.com/error?code=700016"}
I have further drilled down that this has to do something with azure tokens, as I can create a VM instances with Azure CLI itself, please see evidence below:
az vm create --resource-group "myResourceGroup" --name "myVM" --image "Win2016Datacenter" --admin-username "Demouser" --admin-password "Demouser@123" --use-unmanaged-disk --location "Australia Southeast"
Azure Error: InvalidTemplateDeployment
Message: The template deployment failed with error: 'The resource with id: '/subscriptions/11855b5b-484f-4104-b77b-a73eb8cd74dc/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM' failed validation with message: 'The requested size for resource '/subscriptions/11855b5b-484f-4104-b77b-a73eb8cd74dc/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM' is currently not available in location 'australiasoutheast' zones '' for subscription '11855b5b-484f-4104-b77b-a73eb8cd74dc'. Please try another size or deploy to a different location or zones. See https://aka.ms/azureskunotavailable for details.'.'.
It did not launched a VM but at least its clear that it was able to proceed should size would have been right.
