hashicorp
Terraform init hangs with 'Building the Container Client from an Access Token (using user credentials)' error
Terraform Version
Terraform v1.6.4
on darwin_amd64
Terraform Configuration Files
required_version = ">= 1.5.2"
backend "azurerm" {
resource_group_name = "rg-terraform"
storage_account_name = "tfstateterraform"
container_name = "tfstate"
key = "dev.terraform.tfstate"
}
Debug Output
2023-11-23T12:09:02.594+0100 [TRACE] Meta.Backend: backend has not previously been initialized in this working directory
2023-11-23T12:09:02.594+0100 [DEBUG] New state was assigned lineage
2023-11-23T12:09:02.594+0100 [TRACE] Meta.Backend: moving from default local state only to "azurerm" backend
2023-11-23T12:09:02.595+0100 [DEBUG] checking for provisioner in "."
2023-11-23T12:09:02.600+0100 [DEBUG] checking for provisioner in "/usr/local/bin"
2023-11-23T12:09:02.601+0100 [TRACE] backend/local: state manager for workspace "default" will:
- read initial snapshot from terraform.tfstate
- write new snapshots to terraform.tfstate
- create any backup at terraform.tfstate.backup
2023-11-23T12:09:02.601+0100 [TRACE] statemgr.Filesystem: reading initial snapshot from terraform.tfstate
2023-11-23T12:09:02.601+0100 [TRACE] statemgr.Filesystem: snapshot file has nil snapshot, but that's okay
2023-11-23T12:09:02.601+0100 [TRACE] statemgr.Filesystem: read nil snapshot
2023-11-23T12:09:02.601+0100 [TRACE] Meta.Backend: ignoring local "default" workspace because its state is empty
2023-11-23T12:09:02.601+0100 [INFO] Testing if Service Principal / Client Certificate is applicable for Authentication..
2023-11-23T12:09:02.601+0100 [INFO] Testing if Multi Tenant Service Principal / Client Secret is applicable for Authentication..
2023-11-23T12:09:02.601+0100 [INFO] Testing if Service Principal / Client Secret is applicable for Authentication..
2023-11-23T12:09:02.601+0100 [INFO] Using Service Principal / Client Secret for Authentication
2023-11-23T12:09:02.601+0100 [INFO] Getting OAuth config for endpoint https://login.microsoftonline.com/ with tenant
2023-11-23T12:09:02.601+0100 [DEBUG] Obtaining an MSAL / Microsoft Graph token for Resource Manager..
2023-11-23T12:09:02.602+0100 [DEBUG] New state was assigned lineage
2023-11-23T12:09:02.602+0100 [DEBUG] Building the Container Client from an Access Token (using user credentials)
Expected Behavior
Terraform init should have (run as before) and modules, plugins should have been downloaded. Terraform state file should have been created and (as before) in the given storage account.
Actual Behavior
Terraform init hangs.
Steps to Reproduce
terraform init
Additional Context
No response
References
No response
I'm having the exact same issue. Running TF_LOG=trace terraform init gives me the same output. Did you find a way around this @blzsadam? Very frustrating because this prevents us from moving forward with the project... I am authenticated through ARM secrets set in my environmment
Edit: Turns out the ARM secrets were expired. No idea why this was not returned as feedback....
Hi @blzsadam ,
Does your storage account have private endpoints? If yes, can you/terraform execution environment resolve the DNS records & fetch blobs from that container?
Same thing happened for me. The problem was expired client secret. I was on terraform 1.5.1. I upgraded to terraform 1.11.4 and now I actually get a proper error:
Initializing the backend...
Upgrading modules...
╷
│ Error: retrieving Storage Account (Subscription: ""
│ Resource Group Name: "
│ Storage Account Name: ""): authorizing request: clientCredentialsToken: received HTTP status 401 with response: {"error":"invalid_client","error_description":": Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app ''.
