Description
Terraform Version
Terraform v1.11.4
on linux_amd64Terraform Configuration Files
...terraform config...terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">3.0">3.0"
}
random = {
source = "hashicorp/random"
version = "
}
}
}
provider "azurerm" {
features {}
}
Debug Output
...debug output, or link to a gist...
Gist: https://gist.github.com/bl0000/8508d869b6e84ccdf5025e705e61a013
See below for the relevant error messages:
Terraform planned the following actions, but then encountered a problem:
# random_pet.rg_name will be created
+ resource "random_pet" "rg_name" {
+ id = (known after apply)
+ length = 2
+ prefix = "rg"
+ separator = "-"
}
Plan: 1 to add, 0 to change, 0 to destroy.
╷
│ Error: building account: could not acquire access token to parse claims: clientCredentialsToken: cannot request token: Post "https://login.microsoftonline.com/REDACTED-homeTenantID/oauth2/v2.0/token": POST https://login.microsoftonline.com/REDACTED-homeTenantID/oauth2/v2.0/token giving up after 1 attempt(s): Post "https://login.microsoftonline.com/REDACTED-homeTenantID/oauth2/v2.0/token": tls: failed to verify certificate: x509: certificate signed by unknown authority
│
│ with provider["registry.terraform.io/hashicorp/azurerm"],
│ on providers.tf line 14, in provider "azurerm":
│ 14: provider "azurerm" {
│
Expected Behavior
The hashicorp/terraform container should trust the certificate presented by login.microsoftonline.com. I have confirmed this is the same behaviour for hashicorp/terraform:latest.
Actual Behavior
tls: failed to verify certificate: x509: certificate signed by unknown authority
I have also run the container interactively and confirmed using busybox's wget, to confirm it's the container's CA store.
Steps to Reproduce
docker run -it
-v "$PWD":/workspace
-w /workspace
-e ARM_CLIENT_ID=REDACTED
-e ARM_CLIENT_SECRET=REDACTED
-e ARM_SUBSCRIPTION_ID=REDACTED
-e ARM_TENANT_ID=REDACTED
-e TF_LOG=trace
hashicorp/terraform:latest plan -out main.tfplan
Example Terraform file to test with:
main.tf
resource "random_pet" "rg_name" {
prefix = var.resource_group_name_prefix
}
resource "azurerm_resource_group" "rg" {
location = var.resource_group_location
name = random_pet.rg_name.id
}
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "4.26.0"
}
random = {
source = "hashicorp/random"
version = "~>3.1"
}
}
}
provider "azurerm" {
features {}
}
variable "resource_group_location" {
type = string
default = "eastus"
description = "Location of the resource group."
}
variable "resource_group_name_prefix" {
type = string
default = "rg"
description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
}
output "resource_group_name" {
value = azurerm_resource_group.rg.name
}
Additional Context
No response
References
No response
Generative AI / LLM assisted development?
No response