In the past I had no issues with connecting to Azure with the AzureRM Terraform provider.
But since around the 10th of August I get, when running terraform plan:
❯ terraform plan
╷
│ Error: building account: getting authenticated object ID: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: AADSTS530003: Your device is required to be managed to access this resource.
│ Trace ID: XXXXXX-XXXXXX-XXXXXX
│ Correlation ID: XXXXXX-XXXXXX-XXXXXX-XXXXXX
│ Timestamp: 2022-08-30 07:55:24Z
│ To re-authenticate, please run:
│ az login --scope https://graph.microsoft.com//.default
│
│ with provider["registry.terraform.io/hashicorp/azurerm"],
│ on provider.tf line 1, in provider "azurerm":
│ 1: provider "azurerm" {
│
╵
Running the suggested az login --scope https://graph.microsoft.com//.default redirects to my default browser (Firefox):
Your sign-in was successful, but you can’t open this resource from this web browser. You might be able to access it from the Safari browser (ask your IT department for a list of approved mobile and desktop applications).
and actually IT doesnt support it on any browser or device :/.
This is the configuration of the provider:
provider "azurerm" {
features {}
subscription_id = "XXXXXX-XXXXXX-XXXXXX-XXXXXX"
skip_provider_registration = true
}
The azure-cli works just fine so far, no issues on commands such as:
az loginaz account showTerraform v1.0.8, AzureRM v2.93.1
Rolling back the Azure CLI to version 2.31.0 resolved the issue for now.
Apparently this is due to a breaking change in CLI version 2.37.0:
due to the deprecation of Azure Active Directory (Azure AD) Graph, the underlying Active Directory Graph API will be replaced by Microsoft Graph API in Azure CLI 2.37.0.