Terrafrom plan step failing @ azure login

#1

Hello,
New to Octopus and Terraform and I am trying to get the 2 working together. I am receiving the below error when I attempt to run my Azure plan from our Octopus on -prem server. I am able log on to the server and execute the Terrafrom plan cmd successfully using the Azure Service Principal for login. When I try to run the same plan from the Octopus portal I receive the below. We are currently on version 2018.6.1 of Octopus. I assume I am missing a major step but I am not seeing it in the documentation or through my searches? Any insight/ education would be extremely appreciated. Thanks!

  • provider.azurerm: Error building AzureRM Client: Azure CLI Authorization Profile was not found. Please ensure the Azure CLI is installed and then log-in with az login.
(Matthew Casperson) #3

Hi @DarrinMisk, thanks for reaching out.

The Terraform step doesn’t currently integrate with Azure accounts directly in the way it will with AWS account, but you can still deploy to Azure with a few changes to a Terraform template. The process you will want to use is this:

  1. Define an Azure account that you wish to use with the Terraform deployments. The docs at https://octopus.com/docs/infrastructure/accounts/azure have details on Azure accounts in Octopus.
  2. Define a variable called Azure in your project of type Azure Account and point it to the account you created in step 1.

  1. The Azure variable will provide an number of expanded variables that you can use in your TF template: #{Azure.SubscriptionNumber}, #{Azure.Client}, #{Azure.Password} and #{Azure.TenantId}. In the example below I have used these variables in the provider block.
# Configure the Microsoft Azure Provider
provider "azurerm" {
    subscription_id = "#{Azure.SubscriptionNumber}"
    client_id       = "#{Azure.Client}"
    client_secret   = "#{Azure.Password}"
    tenant_id       = "#{Azure.TenantId}"
}

# Create a resource group if it doesn’t exist
resource "azurerm_resource_group" "myterraformgroup" {
    name     = "myResourceGroup"
    location = "eastus"

    tags {
        environment = "Terraform Demo"
    }
}
  1. When the template is deployed, the Azure credentials will be made available to Terraform

Regards
Matt C

#4

Thank you! I was expecting the template to call the Service Principal variables I had defined in Terraform and did not realize I needed to set and call them from Octopus. Thank you for the education and lesson in variables from Octopus within Terraform.

#5

@Matthew_Casperson is there a way to load octopus variable as environment variables on the process running the step? Not environment in the octopus scoping sense, but actual OS environment vars?

If we could set ARM_CLIENT_ID, etc, as octopus variables, terraform could use them to authenticate. Then we wouldn’t need to reference octopus syntax in our terraform files.

(Matthew Casperson) #6

Hi @Adnan_G

You may want to look at the latest version of Octopus, which includes the new feature at https://github.com/OctopusDeploy/Issues/issues/5518. This feature allows Azure accounts to be used with the Terraform step natively.