Could someone explain why my GitHub Actions workflow fails during the terraform plan step? I have the following job configuration but it throws “Error: No valid credential sources for the AzureRM provider found.” The documentation states that setting the ARM_CLIENT_ID and ARM_CLIENT_SECRET environment variables should be sufficient for service principal authentication but it seems to ignore them when running inside the container.
jobs:
plan:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3 - name: Setup Terraform
uses: hashicorp/setup-terraform@v2 - name: Init
run: terraform init - name: Plan
run: terraform plan
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
I am using the azuread and azurerm providers version 3.0. Is there a specific permission scope I am missing on the service principal or is the env var injection timing wrong?