HTTPUnauthorized

arsh · November 19, 2023, 10:29am

Hello,

I have created a gitlab pipeline following the document “terraspace.cloud/docs/ci/gitlab/push/.” I have added the following variables in the Gitlab
ARM_SUBSCRIPTION_ID, ARM_CLIENT_ID, ARM_CLIENT_SECRET, ARM_TENANT_ID and ARM_LOCATION
but my pipeline failing with the following error
terraspace plan vnet: Exception Armrest::Error: #Net::HTTPUnauthorized:0x00007f215e9a5ca0
Error running: terraspace plan vnet Fix the error above or check logs for the error.

Adding my .gitlab-ci.yaml file

image: ruby:latest

stages:
  - up dev
# ...


before_script: |
  # install terraform
  git clone https://github.com/tfutils/tfenv.git ~/.tfenv
  echo 'export PATH="$HOME/.tfenv/bin:$PATH"' >> ~/.bash_profile
  export PATH="$HOME/.tfenv/bin:$PATH"
  tfenv install latest
  tfenv use latest
  terraform --version
  # install terraspace
  bundle
  bundle exec terraspace new shim
  echo 'export PATH="/usr/local/bin:$PATH' >> ~/.bash_profile
  export PATH="/usr/local/bin:$PATH"
  bundle update terraspace

up_dev:
  stage: up dev
  rules:
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "main"'
  script:
- TF_ENV="lab" terraspace all plan

I think it is because the pipeline is not able to fetch the credentials. Also, I have added gem "terraspace_plugin_azurerm" in the Gemfile. Any help will be much appreciated. Thanks

syepes · December 20, 2023, 3:57pm

I am also seeing this issue just with a fresh demo stack. Any idea whats the issue?

❯ terraspace up demo
Building .terraspace-cache/eastus/dev/stacks/demo
Current directory: .terraspace-cache/eastus/dev/stacks/demo
Creating Resource Group dev-eastus...
Exception Armrest::Error: #<Net::HTTPUnauthorized:0x00000001073f1d78>
/Users/XX/.brew/lib/ruby/gems/3.2.0/gems/armrest-0.1.3/lib/armrest/api/base.rb:43:in `request'
/Users/XX/.brew/lib/ruby/gems/3.2.0/gems/armrest-0.1.3/lib/armrest/api/base.rb:18:in `block (2 levels) in <class:Base>'
/Users/XX/.brew/lib/ruby/gems/3.2.0/gems/armrest-0.1.3/lib/armrest/services/resource_group.rb:20:in `create_or_update'

tung · December 20, 2023, 4:46pm

Seems like a permission issue. When you get a chance, wondering if you can try:

Thanks!

syepes · December 20, 2023, 4:56pm

Looks like its because I have not defined a ARM_CLIENT_ID (Service Principal), is there a way to auth without this?

When I use terraform / terragrunt I just need to use az login it it has all the necessary rights. Can this also be done?

tung · December 20, 2023, 5:21pm

Glad you were able to auth.

I see. Remembering this now. It was a doozy. Some history.

feat: Azure MSI authentication support · Issue #6 · boltops-tools/terraspace_plugin_azurerm · GitHub
Armrest v0.1.3 CLI Auth is now not working anymore · Issue #3 · boltops-tools/armrest · GitHub

Kind of remember that it was a doozy to get it working. One of the reasons had to write armest was for the CLI auth.

Then at some some point, upstream Azure changes broke the CLI auth Unsure when will take another look. Will consider PRs. Of course, no sweat either way. Thanks!

syepes · December 20, 2023, 9:54pm

Sent a PR with a possible fix https://github.com/boltops-tools/armrest/pull/4

tung · December 21, 2023, 2:47pm

Handled by https://github.com/boltops-tools/armrest/pull/5 Released in armrest 0.2.0