-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Read a refresh token from accessTokens.json #39
Conversation
Looks good to me 👍 . I'm happy to see you also honored the AZURE_CONFIG_DIR environment variable. |
I validated the change by rebuilding the |
@tombuildsstuff or @katbyte any feedback here? |
Any ETA on getting this merged? |
Thanks for this PR - apologies for the delayed response here! Whilst we appreciate this contribution unfortunately we're unable to use this approach since it won't consistently work in all circumstances (the tokens in the accessTokens.json` will contain an access token, but there's no guarantee it contains a valid refresh token) - as such this'd lead to harder to diagnose errors for users. We have a fix planned which will resolve this, however this requires some external coordination to achieve and unfortunately we're unable to give a timeframe for that. Whilst this PR would resolve the error when the Azure CLI contains a refresh token as mentioned above unfortunately that's not the case in all circumstances - as such whilst I'd like to thank you for this contribution I'm going to close this PR for the moment. Thanks! |
So many people are frustrated by the cryptic error of the missing refresh token that it's hard for me to see how fixing this in 99% of Azure CLI users would make it harder to diagnose. |
Imagine demonstrating Terraform to senior executives in your organization for potential adoption, only to have it crash with a cryptic error partway through, and the only explanation you can provide is that it is a known, solvable error which the vendor has ignored for nine months, has no ETA on a fix for and outright rejected a community provided (partial) solution. I am sure there are greater factors at play here but it is indeed a frustrating scenario. |
I'm very disappointed to see this closed, as this is causing me issues on pretty much a daily basis with several of Azure's long-provisioning-time resources (e.g. APIM). I really hope this gets fixed soon. @tombuildsstuff Can you give any details of any issues or PRs which have been raised in other repos as part of fixing #22? |
@tombuildsstuff where can we track progress on that planned fix? |
I agree with all the latest comments, it is rather difficult to manage cryptic errors such as this one. AKS alongside of previously mentioned HDI cluster is one of the resources that is taking a long time to create. I wonder if that error occurs with any other long-running jobs or is it down to creation of a single resource only? Also, does anyone have a working workaround? |
As @choovick said:
I've found that to be alright as a workaround, just a massive pain. |
Another (very ugly) workaround is to expire all of your access tokens before starting Terraform. The az cli will refresh the token without the login flow and get a new 1 hour access token: $tokens = Get-Content $Home\.azure\accessTokens.json | ConvertFrom-Json
foreach ($token in $tokens) { $token.expiresOn = "1970-01-01 00:00:00.000000" }
$tokens | ConvertTo-json | Set-Content $Home\.azure\accessTokens.json
`` |
btw, this looks fixed : hashicorp/terraform-provider-azurerm#2602 (comment) |
Resolves #22.
When Azure CLI authentication is used, there's no refresh token returned from the CLI. Because of that, long-running operations tend to fail.
As a workaround, try reading the refresh token from
~/.azure/accessTokens.json
(or whatever other Azure folder is configured) and finding the refresh token by access token.