azure-pipelines-tasks-terraform
azure-pipelines-tasks-terraform copied to clipboard
Published
20 hours ago •
jason-johnson
jason-johnson
Apply -auto-approve does't work with TFC from ADO
Describe the bug Trying to apply a saved plan from ADO Pipeline, the plan shows in the dashboard, but when we apply it, it still asks for approval in the dashboard.
To Reproduce Steps to reproduce the behavior:
- Setup pipeline as
- Execute pipeline
- The UI says the current user doesn't have permissions to apply, but used the same token locally and it works.
Error message:
Please review the following changes before continuing:
This plan was not auto-applied because the user who started the run does not have the permission to apply.
Choosing "Confirm & apply" below will execute the above changes.
Please [review the plan output ](https://app.terraform.io/app/OrigamiRisk/workspaces/terraform-workspace-admin-portal-koba/runs/run-RTAsnPmEK7zqKD6e)before proceeding.
- task: JasonBJohnson.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-cli.TerraformCLI@1
displayName: "Terraform Apply"
inputs:
command: apply
workingDirectory: "$(System.DefaultWorkingDirectory)/environments/${{ parameters.directory }}"
environmentServiceName: ''
commandOptions: "tfplan"
env:
TF_TOKEN_app_terraform_io: $(TF_TOKEN)
TF_CLOUD_ORGANIZATION: 'MyOrg'
Expected behavior Just like running cli locally, it should auto approve the plan.
Pipeline Logs
2025-05-09T11:27:04.616Z [INFO] Terraform version: 1.10.5
2025-05-09T11:27:04.616Z [DEBUG] using github.com/hashicorp/go-tfe v1.70.0
2025-05-09T11:27:04.616Z [DEBUG] using github.com/hashicorp/hcl/v2 v2.23.0
2025-05-09T11:27:04.616Z [DEBUG] using github.com/hashicorp/terraform-svchost v0.1.1
2025-05-09T11:27:04.616Z [DEBUG] using github.com/zclconf/go-cty v1.16.2
2025-05-09T11:27:04.616Z [INFO] Go runtime version: go1.23.3
2025-05-09T11:27:04.616Z [INFO] CLI args: []string{"terraform", "apply", "-auto-approve", "tfplan"}
2025-05-09T11:27:04.616Z [DEBUG] Attempting to open CLI config file: /home/vsts/.terraformrc
2025-05-09T11:27:04.616Z [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2025-05-09T11:27:04.616Z [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2025-05-09T11:27:04.616Z [DEBUG] ignoring non-existing provider search directory /home/vsts/.terraform.d/plugins
2025-05-09T11:27:04.616Z [DEBUG] ignoring non-existing provider search directory /home/vsts/.local/share/terraform/plugins
2025-05-09T11:27:04.616Z [DEBUG] ignoring non-existing provider search directory /usr/local/share/terraform/plugins
2025-05-09T11:27:04.616Z [DEBUG] ignoring non-existing provider search directory /usr/share/terraform/plugins
2025-05-09T11:27:04.616Z [INFO] CLI command args: []string{"apply", "-auto-approve", "tfplan"}
2025-05-09T11:27:04.621Z [DEBUG] Service discovery for app.terraform.io at https://app.terraform.io/.well-known/terraform.json
2025-05-09T11:27:05.375Z [DEBUG] Service discovery for app.terraform.io aliased as localterraform.com
2025-05-09T11:27:08.112Z [DEBUG] checking for provisioner in "."
2025-05-09T11:27:08.112Z [DEBUG] checking for provisioner in "/opt/hostedtoolcache/terraform/1.10.5/x64"
2025-05-09T11:27:08.281Z [INFO] cloud: starting Apply operation
Running apply in HCP Terraform. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the apply running remotely.
Preparing the remote apply...
To view this run in a browser, visit:
https://app.terraform.io/app/myorg/myworkspace/runs/run-runid
Agent Configuration
- OS: Ubuntu
- Hosted
- Terraform 1.10.5.
- AzureCLI version used: hosted
Additional context Looks like somehow TFC recognizes ADO as different agent? Hard to tell, TF_DEBUG has not a lot of info.
