Powershell in local-exec (Azure DevOps Pipelines)

[Bartosz Dopke]

Hi,

I'm using Azure DevOps Pipeline to deploy an infrastructure. One of Terraform modules use local-exec and it is a Powershell script which enables VM SQL Backup. Everything works fine locally from my PC when I'm connected to Azure as a user. The problem appears only in a pipeline. I use a built-in Powershell just to run Connect-AzAccount living with a hope that connection will be kept during all tasks. Unfortunately when it comes to Terraform Apply, during my module deployment, there's an error:
Please provide a valid tenant or a valid subscription.

Resource group 'abcd' could not be found.

Does somebody know how to keep connection with Azure during all tasks? I even tried to run Set-AzContext -SubscriptionId "xxxx-xxxx-xxxx-xxxx" but module doesn't find my subscription.

This is how Powershell task looks like:

$AzureAADClientKey = "***"

$AzureTenantID = " xxxx-xxxx-xxxx-xxxx "

$AzureSubscriptionName = " xxxx-xxxx-xxxx-xxxx "

$AzureEnv = "AzureCloud"

#Start Connection

$securePassword = ConvertTo-SecureString $AzureAADClientKey -AsPlainText -Force

$credential = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $AzureAADClientID,$securePassword

$n = Disable-AzContextAutosave -Scope Process

Clear-AzContext -Scope Process

Connect-AzAccount -Credential $credential -TenantId $AzureTenantID -Environment $AzureEnv -ServicePrincipal -SubscriptionId $AzureSubscriptionName

[Christopher Campbell]

Why are you using terraform local exec to do powershell commands. Use the azure module in terraform and use what ever resource you need to use. 

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/7a9b9894-5c66-41d2-aa76-d88a5b7f1e5en%40googlegroups.com.

[Bartosz Dopke]

Hi,

Because it's a Terraform module which I use through a lot of projects. The solution of this issue is here:
https://stackoverflow.com/questions/65001791/powershell-in-local-exec-azure-devops-pipelines/65018255#65018255

[Christopher Campbell]

Ok so few things, are you using an onprem agent or hosted agent? Is the agent a service agent running as a user? Is this azure devops hosted or onprem? What version of terraform? Is this an azure devops release pipeline in vnext or in yaml? When you call terraform apply are you using an powershell/cmd task or a terraform task in the pipeline?

Also I was asking why you were doing this vs using an azure service connection to connect to azure. If you are using powershell/cmd to execute terraform you could put in env variables in the task that contains your connection to azure for terraform. 

To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/1b5e5c50-fd58-4d55-aaf1-06da3e14c492n%40googlegroups.com.