terraform-provider-azuread: Error Waiting for the Azure CLI - Error Parsing JSON Result

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
Please do not leave “+1” or “me too” comments, they generate extra noise for issue followers and do not help prioritise the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureAD Provider) Version

vault-identity1[develop !?]$ terraform -v
Terraform v0.13.5
+ provider registry.terraform.io/hashicorp/azuread v1.0.0
vault-identity[develop !?]$

Affected Resource(s)

provider "azuread"

Terraform Configuration Files

This can be reproduced with only 2 files:

backends.tf

# Using multiple workspaces:
terraform {
  backend "remote" {
    hostname = "app.terraform.io"
    organization = "my-company"

    workspaces {
      prefix = "vault-identity-"
    }
  }
}

providers.tf

# Configure the Azure AD Provider
provider "azuread" {
  version = "~> 1.0.0"

  # NOTE: This relies on authentication via the Azure CLI.
  # see here for more info: https://terraform.io/docs/providers/azuread/

  tenant_id = "4c69d615-9554-4839-8aac-07898be2c4ac"
}

# Retrieve domain information
data "azuread_domains" "maindomain" {
  only_initial = true
}

The error I run into, after successful authentication with az login --tenant $TENANT_ID, is as follows:

vault-identity[develop !?]$ terraform plan azure-ad-oidc
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


Error: building AzureAD Client: obtain subscription(a0496e39-63e6-4ab6-a1e1-2cdbc77582d2) from Azure CLI: Error parsing json result from the Azure CLI: Error waiting for the Azure CLI: exit status 1

  on azure-ad-oidc/providers.tf line 2, in provider "azuread":
   2: provider "azuread" {

The above output reflects running this with local execution, but I also got stuck on the same crap when I tried remote execution.

I mean, a parsing error? What is that supposed to mean? Is there any way I could even see what it was even trying to parse?

Please refer to this forum post, too: https://discuss.hashicorp.com/t/error-building-azuread-client-obtain-subscription-error-waiting-for-the-azure-cli/16694

Debug Output

https://gist.github.com/v6/e7a8e88901c2d50968fb3443bff6bb99

Expected Behavior

Terraform should have succeeded, or at least shown the JSON that it supposedly cannot parse.

Actual Behavior

Got some vague or misleading error about JSON.

Steps to Reproduce

Run terraform plan with the provided configuration.

Important Factoids

This seems to rely heavily on the azure CLI.

References

https://discuss.hashicorp.com/t/error-building-azuread-client-obtain-subscription-error-waiting-for-the-azure-cli/16694

About this issue

Original URL
State: closed
Created 4 years ago
Reactions: 14
Comments: 18 (7 by maintainers)

Most upvoted comments

Correct, the provider is passing a subscription ID to the CLI and using the tenant ID as the value. This was to maintain compatibility with the CLI, which overloads the two depending on the scenario. However, at around the time that v1 of the provider was released, the CLI behavior changed.

The workaround in the meantime is to try az login --allow-no-subscriptions --tenant TENANT_ID, which enables subscriptionless tenants to appear in the output of az account and targets the specified tenant (making it, or one of its subscriptions, the default). Failing that, revert to v0.11 and repeat these steps.

A fix for this will land shortly.

manicminer on Nov 4, 2020