You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
2024-04-29T10:17:54.072-0500 [INFO] Terraform version: 1.8.2
2024-04-29T10:17:54.072-0500 [DEBUG] using github.com/hashicorp/go-tfe v1.51.0
2024-04-29T10:17:54.072-0500 [DEBUG] using github.com/hashicorp/hcl/v2 v2.20.0
2024-04-29T10:17:54.072-0500 [DEBUG] using github.com/hashicorp/terraform-svchost v0.1.1
2024-04-29T10:17:54.072-0500 [DEBUG] using github.com/zclconf/go-cty v1.14.3
2024-04-29T10:17:54.072-0500 [INFO] Go runtime version: go1.22.1
...
Terraform v1.8.2
on linux_amd64
+ provider registry.terraform.io/hashicorp/azurerm v3.101.0
+ provider registry.terraform.io/hashicorp/null v3.2.2
+ provider registry.terraform.io/hashicorp/random v3.6.1
Terraform Configuration Files
terraform {
required_version = ">= 0.14"
backend "azurerm" {
resource_group_name = "rg-tfstate" # Can be passed via `-backend-config=`"resource_group_name=<resource group name>"` in the `init` command.
storage_account_name = "<storag-account-name" # Can be passed via `-backend-config=`"storage_account_name=<storage account name>"` in the `init` command.
container_name = "tfstate" # Can be passed via `-backend-config=`"container_name=<container name>"` in the `init` command.
key = "prod.terraform.tfstate" # Can be passed via `-backend-config=`"key=<blob key name>"` in the `init` command.
use_azuread_auth = true # Can also be set via `ARM_USE_AZUREAD` environment variable.
metadata_host="management.usgovcloudapi.net"
}
}
provider "azurerm" {
metadata_host="management.usgovcloudapi.net"
skip_provider_registration = true
features {}
}
Terraform should be utilizing the endpoints associated to the metadata_host value which indicates a custom cloud environment is being used. In this case, should be using login.microsoftonline.us and blob.core.usgovcloudapi.net
Actual Behavior
Terraform defaulted to the public endpoints for login and storage, ignoring the metadata_host value. This is similar to behavior seen in the azurerm and azuread providers that @manicminer fixed in v3.99.0
az cloud show -n AzureUSGovernment > myCustomCloud.json
## Edit myCustomCloud.json replacing the name:
Before: "name": "AzureUSGovernment"
After: "name": "myCustomCloud"
az cloud register -n MyCustomCloud --cloud-config @<path to file>/myCustomCloud.json
az cloud set -n MyCustomCloud
az login <--use-device-code>
Configure azurerm provider and backend block for azure using metadata_host="management.usgovcloudapi.net" as above
terraform init
Thanks for this submission! Changes to the AzureRM backend are managed by the AzureRM Provider maintainer team, who have been alerted.
If you are viewing this issue and would like to indicate your interest, please use the 👍 reaction on the issue description to upvote this issue. We also welcome additional use case descriptions. Thanks again!
@daveinci Thanks for reporting this. The Azure backend needs to be updated to the latest SDKs to take advantage of various bugfixes including those for custom clouds. I'm working on this at the moment and this should be fixed in an upcoming minor Terraform release.
Terraform Version
Terraform Configuration Files
Debug Output
https://gist.github.com/daveinci/de6cc4e24c4fe6f2998e3ce6ccf9ce8e
Expected Behavior
Terraform should be utilizing the endpoints associated to the metadata_host value which indicates a custom cloud environment is being used. In this case, should be using login.microsoftonline.us and blob.core.usgovcloudapi.net
Actual Behavior
Terraform defaulted to the public endpoints for login and storage, ignoring the metadata_host value. This is similar to behavior seen in the azurerm and azuread providers that @manicminer fixed in v3.99.0
hashicorp/terraform-provider-azurerm#25546
hashicorp/terraform-provider-azuread#1353
Steps to Reproduce
Additional Context
No response
References
hashicorp/terraform-provider-azurerm#25546
hashicorp/terraform-provider-azuread#1353
The text was updated successfully, but these errors were encountered: