terraform-provider-azurerm: Starting with 3.0 key vault secrets data resource is attempting to use an invalid URL
Is there an existing issue for this?
- I have searched the existing issues
Community Note
- Please vote on this issue by adding a đź‘Ť reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave “+1” or “me too” comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version
1.1.7
AzureRM Provider Version
3.0.2
Affected Resource(s)/Data Source(s)
azurerm_key_vault_secret
Terraform Configuration Files
data "azurerm_resource_group" "Shared" {
name = "Shared"
}
data "azurerm_key_vault" "v4secrets-global" {
name = "v4secrets-global"
resource_group_name = data.azurerm_resource_group.Shared.name
}
data "azurerm_key_vault_secret" "AZKV-Global-AdminAccounts-MachineAdminUsername" {
name = "AdminAccounts-MachineAdminUsername"
key_vault_id = data.azurerm_key_vault.v4secrets-global.id
}
Debug Output/Panic Output
2022-04-07T10:21:54.477-0600 [TRACE] provider.terraform-provider-azurerm_v3.0.2_x5: Called downstream: tf_proto_version=5 tf_provider_addr=provider tf_rpc=ReadDataSource @caller=/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-azurerm/vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server/server.go:483 @module=sdk.proto tf_data_source_type=azurerm_key_vault_secret tf_req_id=ca1b7232-f5ef-f5ff-faec-df7da066ef48 timestamp=2022-04-07T10:21:54.476-0600
2022-04-07T10:21:54.477-0600 [TRACE] provider.terraform-provider-azurerm_v3.0.2_x5: Served request: tf_proto_version=5 tf_rpc=ReadDataSource @caller=/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-azurerm/vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server/server.go:489 @module=sdk.proto tf_data_source_type=azurerm_key_vault_secret tf_provider_addr=provider tf_req_id=ca1b7232-f5ef-f5ff-faec-df7da066ef48 timestamp=2022-04-07T10:21:54.476-0600
2022-04-07T10:21:54.477-0600 [ERROR] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminUsername" error: making Read request on Azure KeyVault Secret AdminAccounts-MachineAdminUsername: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: e2edb45b-db3e-460a-87be-3ad146675200\r\nCorrelation ID: 8709a1a1-3279-49a8-b91f-39ea398b9b79\r\nTimestamp: 2022-04-07 16:17:53Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:53Z","trace_id":"e2edb45b-db3e-460a-87be-3ad146675200","correlation_id":"8709a1a1-3279-49a8-b91f-39ea398b9b79","error_uri":"https://login.microsoftonline.us/error?code=500011"}
2022-04-07T10:21:54.477-0600 [TRACE] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminUsername": visit complete, with errors
2022-04-07T10:21:54.477-0600 [TRACE] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminUsername": dynamic subgraph encountered errors: making Read request on Azure KeyVault Secret AdminAccounts-MachineAdminUsername: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: e2edb45b-db3e-460a-87be-3ad146675200\r\nCorrelation ID: 8709a1a1-3279-49a8-b91f-39ea398b9b79\r\nTimestamp: 2022-04-07 16:17:53Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:53Z","trace_id":"e2edb45b-db3e-460a-87be-3ad146675200","correlation_id":"8709a1a1-3279-49a8-b91f-39ea398b9b79","error_uri":"https://login.microsoftonline.us/error?code=500011"}
2022-04-07T10:21:54.477-0600 [ERROR] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminUsername" error: making Read request on Azure KeyVault Secret AdminAccounts-MachineAdminUsername: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: e2edb45b-db3e-460a-87be-3ad146675200\r\nCorrelation ID: 8709a1a1-3279-49a8-b91f-39ea398b9b79\r\nTimestamp: 2022-04-07 16:17:53Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:53Z","trace_id":"e2edb45b-db3e-460a-87be-3ad146675200","correlation_id":"8709a1a1-3279-49a8-b91f-39ea398b9b79","error_uri":"https://login.microsoftonline.us/error?code=500011"}
2022-04-07T10:21:54.477-0600 [TRACE] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminUsername": visit complete, with errors
2022-04-07T10:21:54.477-0600 [TRACE] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminUsername (expand)": dynamic subgraph encountered errors: making Read request on Azure KeyVault Secret AdminAccounts-MachineAdminUsername: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: e2edb45b-db3e-460a-87be-3ad146675200\r\nCorrelation ID: 8709a1a1-3279-49a8-b91f-39ea398b9b79\r\nTimestamp: 2022-04-07 16:17:53Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:53Z","trace_id":"e2edb45b-db3e-460a-87be-3ad146675200","correlation_id":"8709a1a1-3279-49a8-b91f-39ea398b9b79","error_uri":"https://login.microsoftonline.us/error?code=500011"}
2022-04-07T10:21:54.477-0600 [ERROR] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminUsername (expand)" error: making Read request on Azure KeyVault Secret AdminAccounts-MachineAdminUsername: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: e2edb45b-db3e-460a-87be-3ad146675200\r\nCorrelation ID: 8709a1a1-3279-49a8-b91f-39ea398b9b79\r\nTimestamp: 2022-04-07 16:17:53Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:53Z","trace_id":"e2edb45b-db3e-460a-87be-3ad146675200","correlation_id":"8709a1a1-3279-49a8-b91f-39ea398b9b79","error_uri":"https://login.microsoftonline.us/error?code=500011"}
2022-04-07T10:21:54.477-0600 [TRACE] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminUsername (expand)": visit complete, with errors
2022-04-07T10:21:54.658-0600 [TRACE] provider.terraform-provider-azurerm_v3.0.2_x5: Called downstream: tf_proto_version=5 tf_provider_addr=provider tf_req_id=d304fb4f-e876-cbe5-0840-97e946ed0f02 @caller=/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-azurerm/vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server/server.go:483 @module=sdk.proto tf_data_source_type=azurerm_key_vault_secret tf_rpc=ReadDataSource timestamp=2022-04-07T10:21:54.658-0600
2022-04-07T10:21:54.658-0600 [TRACE] provider.terraform-provider-azurerm_v3.0.2_x5: Served request: tf_req_id=d304fb4f-e876-cbe5-0840-97e946ed0f02 tf_data_source_type=azurerm_key_vault_secret tf_proto_version=5 tf_provider_addr=provider tf_rpc=ReadDataSource @caller=/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-azurerm/vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server/server.go:489 @module=sdk.proto timestamp=2022-04-07T10:21:54.658-0600
2022-04-07T10:21:54.659-0600 [ERROR] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminPassword" error: making Read request on Azure KeyVault Secret AdminAccounts-MachineAdminPassword: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: b8e9d945-2b79-4600-96ae-cbd1b2995c00\r\nCorrelation ID: 2b9fb223-7961-4db1-8c2c-bf5dc0252458\r\nTimestamp: 2022-04-07 16:17:54Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:54Z","trace_id":"b8e9d945-2b79-4600-96ae-cbd1b2995c00","correlation_id":"2b9fb223-7961-4db1-8c2c-bf5dc0252458","error_uri":"https://login.microsoftonline.us/error?code=500011"}
2022-04-07T10:21:54.659-0600 [TRACE] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminPassword": visit complete, with errors
2022-04-07T10:21:54.659-0600 [TRACE] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminPassword": dynamic subgraph encountered errors: making Read request on Azure KeyVault Secret AdminAccounts-MachineAdminPassword: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: b8e9d945-2b79-4600-96ae-cbd1b2995c00\r\nCorrelation ID: 2b9fb223-7961-4db1-8c2c-bf5dc0252458\r\nTimestamp: 2022-04-07 16:17:54Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:54Z","trace_id":"b8e9d945-2b79-4600-96ae-cbd1b2995c00","correlation_id":"2b9fb223-7961-4db1-8c2c-bf5dc0252458","error_uri":"https://login.microsoftonline.us/error?code=500011"}
2022-04-07T10:21:54.659-0600 [ERROR] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminPassword" error: making Read request on Azure KeyVault Secret AdminAccounts-MachineAdminPassword: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: b8e9d945-2b79-4600-96ae-cbd1b2995c00\r\nCorrelation ID: 2b9fb223-7961-4db1-8c2c-bf5dc0252458\r\nTimestamp: 2022-04-07 16:17:54Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:54Z","trace_id":"b8e9d945-2b79-4600-96ae-cbd1b2995c00","correlation_id":"2b9fb223-7961-4db1-8c2c-bf5dc0252458","error_uri":"https://login.microsoftonline.us/error?code=500011"}
2022-04-07T10:21:54.659-0600 [TRACE] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminPassword": visit complete, with errors
2022-04-07T10:21:54.659-0600 [TRACE] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminPassword (expand)": dynamic subgraph encountered errors: making Read request on Azure KeyVault Secret AdminAccounts-MachineAdminPassword: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: b8e9d945-2b79-4600-96ae-cbd1b2995c00\r\nCorrelation ID: 2b9fb223-7961-4db1-8c2c-bf5dc0252458\r\nTimestamp: 2022-04-07 16:17:54Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:54Z","trace_id":"b8e9d945-2b79-4600-96ae-cbd1b2995c00","correlation_id":"2b9fb223-7961-4db1-8c2c-bf5dc0252458","error_uri":"https://login.microsoftonline.us/error?code=500011"}
2022-04-07T10:21:54.659-0600 [ERROR] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminPassword (expand)" error: making Read request on Azure KeyVault Secret AdminAccounts-MachineAdminPassword: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: b8e9d945-2b79-4600-96ae-cbd1b2995c00\r\nCorrelation ID: 2b9fb223-7961-4db1-8c2c-bf5dc0252458\r\nTimestamp: 2022-04-07 16:17:54Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:54Z","trace_id":"b8e9d945-2b79-4600-96ae-cbd1b2995c00","correlation_id":"2b9fb223-7961-4db1-8c2c-bf5dc0252458","error_uri":"https://login.microsoftonline.us/error?code=500011"}
2022-04-07T10:21:54.659-0600 [TRACE] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminPassword (expand)": visit complete, with errors
2022-04-07T10:21:54.659-0600 [TRACE] dag/walk: upstream of "azurerm_linux_virtual_machine.dnsproxy (expand)" errored, so skipping
2022-04-07T10:21:54.659-0600 [TRACE] dag/walk: upstream of "azurerm_virtual_machine_extension.dnsproxy-extenstion-dependencyagent (expand)" errored, so skipping
2022-04-07T10:21:54.659-0600 [TRACE] dag/walk: upstream of "azurerm_virtual_machine_extension.dnsproxy-extenstion-adlogin (expand)" errored, so skipping
2022-04-07T10:21:54.659-0600 [TRACE] dag/walk: upstream of "azurerm_backup_protected_vm.backups_dnsproxy (expand)" errored, so skipping
2022-04-07T10:21:54.659-0600 [TRACE] dag/walk: upstream of "azurerm_virtual_machine_extension.dnsproxy-extenstion-omsagent (expand)" errored, so skipping
2022-04-07T10:21:54.826-0600 [TRACE] provider.terraform-provider-azurerm_v3.0.2_x5: Called downstream: tf_data_source_type=azurerm_key_vault_secret tf_provider_addr=provider tf_req_id=501f2e90-6358-6c3b-9f53-bddf22291942 @caller=/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-azurerm/vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server/server.go:483 @module=sdk.proto tf_proto_version=5 tf_rpc=ReadDataSource timestamp=2022-04-07T10:21:54.826-0600
2022-04-07T10:21:54.826-0600 [TRACE] provider.terraform-provider-azurerm_v3.0.2_x5: Served request: @caller=/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-azurerm/vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server/server.go:489 tf_req_id=501f2e90-6358-6c3b-9f53-bddf22291942 tf_rpc=ReadDataSource @module=sdk.proto tf_data_source_type=azurerm_key_vault_secret tf_proto_version=5 tf_provider_addr=provider timestamp=2022-04-07T10:21:54.826-0600
2022-04-07T10:21:54.826-0600 [ERROR] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineSSHPublic" error: making Read request on Azure KeyVault Secret AdminAccounts-MachineSSHPublic: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: efafe097-6965-4a33-b1c8-9b0eb6675200\r\nCorrelation ID: 651a4826-0103-49a9-9856-f75dddee6004\r\nTimestamp: 2022-04-07 16:17:54Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:54Z","trace_id":"efafe097-6965-4a33-b1c8-9b0eb6675200","correlation_id":"651a4826-0103-49a9-9856-f75dddee6004","error_uri":"https://login.microsoftonline.us/error?code=500011"}
2022-04-07T10:21:54.826-0600 [TRACE] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineSSHPublic": visit complete, with errors
2022-04-07T10:21:54.826-0600 [TRACE] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineSSHPublic": dynamic subgraph encountered errors: making Read request on Azure KeyVault Secret AdminAccounts-MachineSSHPublic: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: efafe097-6965-4a33-b1c8-9b0eb6675200\r\nCorrelation ID: 651a4826-0103-49a9-9856-f75dddee6004\r\nTimestamp: 2022-04-07 16:17:54Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:54Z","trace_id":"efafe097-6965-4a33-b1c8-9b0eb6675200","correlation_id":"651a4826-0103-49a9-9856-f75dddee6004","error_uri":"https://login.microsoftonline.us/error?code=500011"}
2022-04-07T10:21:54.826-0600 [ERROR] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineSSHPublic" error: making Read request on Azure KeyVault Secret AdminAccounts-MachineSSHPublic: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: efafe097-6965-4a33-b1c8-9b0eb6675200\r\nCorrelation ID: 651a4826-0103-49a9-9856-f75dddee6004\r\nTimestamp: 2022-04-07 16:17:54Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:54Z","trace_id":"efafe097-6965-4a33-b1c8-9b0eb6675200","correlation_id":"651a4826-0103-49a9-9856-f75dddee6004","error_uri":"https://login.microsoftonline.us/error?code=500011"}
2022-04-07T10:21:54.826-0600 [TRACE] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineSSHPublic": visit complete, with errors
2022-04-07T10:21:54.826-0600 [TRACE] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineSSHPublic (expand)": dynamic subgraph encountered errors: making Read request on Azure KeyVault Secret AdminAccounts-MachineSSHPublic: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: efafe097-6965-4a33-b1c8-9b0eb6675200\r\nCorrelation ID: 651a4826-0103-49a9-9856-f75dddee6004\r\nTimestamp: 2022-04-07 16:17:54Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:54Z","trace_id":"efafe097-6965-4a33-b1c8-9b0eb6675200","correlation_id":"651a4826-0103-49a9-9856-f75dddee6004","error_uri":"https://login.microsoftonline.us/error?code=500011"}
2022-04-07T10:21:54.826-0600 [ERROR] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineSSHPublic (expand)" error: making Read request on Azure KeyVault Secret AdminAccounts-MachineSSHPublic: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: efafe097-6965-4a33-b1c8-9b0eb6675200\r\nCorrelation ID: 651a4826-0103-49a9-9856-f75dddee6004\r\nTimestamp: 2022-04-07 16:17:54Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:54Z","trace_id":"efafe097-6965-4a33-b1c8-9b0eb6675200","correlation_id":"651a4826-0103-49a9-9856-f75dddee6004","error_uri":"https://login.microsoftonline.us/error?code=500011"}
2022-04-07T10:21:54.826-0600 [TRACE] vertex "data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineSSHPublic (expand)": visit complete, with errors
2022-04-07T10:21:54.826-0600 [TRACE] dag/walk: upstream of "provider[\"registry.terraform.io/hashicorp/azurerm\"] (close)" errored, so skipping
2022-04-07T10:21:54.826-0600 [TRACE] dag/walk: upstream of "root" errored, so skipping
2022-04-07T10:21:54.827-0600 [TRACE] LoadSchemas: retrieving schema for provider type "registry.terraform.io/hashicorp/azurerm"
2022-04-07T10:21:54.830-0600 [INFO] backend/local: plan operation completed
â•·
│ Error: Failed to decode resource from state
│
│ Error decoding "azurerm_backup_protected_vm.backups_dnsproxy" from previous state: unsupported attribute "tags"
╵
â•·
│ Error: making Read request on Azure KeyVault Secret AdminAccounts-MachineAdminUsername: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: e2edb45b-db3e-460a-87be-3ad146675200\r\nCorrelation ID: 8709a1a1-3279-49a8-b91f-39ea398b9b79\r\nTimestamp: 2022-04-07 16:17:53Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:53Z","trace_id":"e2edb45b-db3e-460a-87be-3ad146675200","correlation_id":"8709a1a1-3279-49a8-b91f-39ea398b9b79","error_uri":"https://login.microsoftonline.us/error?code=500011"}
│
│ with data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminUsername,
│ on variables.tf line 145, in data "azurerm_key_vault_secret" "AZKV-Global-AdminAccounts-MachineAdminUsername":
│ 145: data "azurerm_key_vault_secret" "AZKV-Global-AdminAccounts-MachineAdminUsername" {
│
╵
â•·
│ Error: making Read request on Azure KeyVault Secret AdminAccounts-MachineAdminPassword: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: b8e9d945-2b79-4600-96ae-cbd1b2995c00\r\nCorrelation ID: 2b9fb223-7961-4db1-8c2c-bf5dc0252458\r\nTimestamp: 2022-04-07 16:17:54Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:54Z","trace_id":"b8e9d945-2b79-4600-96ae-cbd1b2995c00","correlation_id":"2b9fb223-7961-4db1-8c2c-bf5dc0252458","error_uri":"https://login.microsoftonline.us/error?code=500011"}
│
│ with data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineAdminPassword,
│ on variables.tf line 150, in data "azurerm_key_vault_secret" "AZKV-Global-AdminAccounts-MachineAdminPassword":
│ 150: data "azurerm_key_vault_secret" "AZKV-Global-AdminAccounts-MachineAdminPassword" {
│
╵
â•·
│ Error: making Read request on Azure KeyVault Secret AdminAccounts-MachineSSHPublic: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: obtaining token: clientCredentialsToken: received HTTP status 400 with response: {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://vault.microsoftazure.us was not found in the tenant named [REDACTED-TenantName]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: efafe097-6965-4a33-b1c8-9b0eb6675200\r\nCorrelation ID: 651a4826-0103-49a9-9856-f75dddee6004\r\nTimestamp: 2022-04-07 16:17:54Z","error_codes":[500011],"timestamp":"2022-04-07 16:17:54Z","trace_id":"efafe097-6965-4a33-b1c8-9b0eb6675200","correlation_id":"651a4826-0103-49a9-9856-f75dddee6004","error_uri":"https://login.microsoftonline.us/error?code=500011"}
│
│ with data.azurerm_key_vault_secret.AZKV-Global-AdminAccounts-MachineSSHPublic,
│ on variables.tf line 155, in data "azurerm_key_vault_secret" "AZKV-Global-AdminAccounts-MachineSSHPublic":
│ 155: data "azurerm_key_vault_secret" "AZKV-Global-AdminAccounts-MachineSSHPublic" {
│
╵
Expected Behaviour
Pull and create variable for the secret
Actual Behaviour
Request fails by trying to access an invalid URL https://vault.microsoftazure.us. This URL is not in our state, definition files, or azure account. It should also be noted that the apply/plan hangs for 10-60 minutes before failing. It should also be noted this exact code works fine with 2.99.0
Steps to Reproduce
Run terraform plan or terraform apply
Important Factoids
We are in Azure Government
References
No response
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 5
- Comments: 18 (5 by maintainers)
Commits related to this issue
- REBASE: Update to Hamilton v0.44.0 and go-azure-helpers v0.21.0. Closes #16291 — committed to hashicorp/terraform-provider-azurerm by manicminer 2 years ago
- Update to Hamilton v0.44.0 and go-azure-helpers v0.28.0. Closes #16291 — committed to hashicorp/terraform-provider-azurerm by manicminer 2 years ago
You can get a token from https://vault.usgovcloudapi.net also which matches the normal azure gov api end point replacements
{ “accessToken”: “[REDACTED]”, “expiresOn”: “2022-04-08 12:42:43.000000”, “subscription”: “12160f2c-3952-419c-a854-c8d76d988909”, “tenant”: “0b50b1fa-3c16-4c29-a5cb-d4bb4d1db625”, “tokenType”: “Bearer” }
I can confirm this is working for me in azure gov now