Error in function call - data.azurerm_client_config.current.object_id is ""

[mgibson85]

Hi,

I'm seeing an issue when running a previously working terraform plan

terraform plan data.azurerm_client_config.default: Reading... data.azurerm_client_config.default: Read complete after 0s [id=2022-05-25 06:46:07.818982 +0000 UTC] module.caf.data.azurerm_client_config.current: Reading... module.caf.data.azurerm_subscription.primary: Reading... module.caf.data.azurerm_client_config.current: Read complete after 0s [id=2022-05-25 06:46:08.4485897 +0000 UTC] module.caf.data.azurerm_subscription.primary: Read complete after 1s [id=/subscriptions/98952024-fc38-4f12-9934-9c8a9f46a943] ╷ │ Error: Error in function call │ │ on .terraform\modules\caf\locals.tf line 298, in locals: │ 298: object_id = coalesce(var.logged_user_objectId, var.logged_aad_app_objectId, try(data.azurerm_client_config.current.object_id, null), try(data.azuread_service_principal.logged_in_app.0.object_id, null)) │ ├──────────────── │ │ data.azuread_service_principal.logged_in_app is empty tuple │ │ data.azurerm_client_config.current.object_id is "" │ │ var.logged_aad_app_objectId is null │ │ var.logged_user_objectId is null │ │ Call to function "coalesce" failed: no non-null, non-empty-string arguments. ╵

I can confirm my session is logged in and can retrieve the account using az account show:

{ "environmentName": "AzureCloud", "homeTenantId": "########-bfe0-4f51-####-e96dd19548a1", "id": "########-fc38-4f12-####-9c8a9f46a943", "isDefault": true, "managedByTenants": [], "name": "Pay-As-You-Go", "state": "Enabled", "tenantId": "########-bfe0-4f51-####-e96dd19548a1", "user": { "name": "m365@######.onmicrosoft.com", "type": "user" } }

az version
{
"azure-cli": "2.37.0",
"azure-cli-core": "2.37.0",
"azure-cli-telemetry": "1.0.6",
"extensions": {}
}

terraform version
Terraform v1.2.1
on windows_amd64

• provider registry.terraform.io/aztfmod/azurecaf v1.2.17
• provider registry.terraform.io/hashicorp/azuread v1.4.0
• provider registry.terraform.io/hashicorp/azurerm v2.88.1
• provider registry.terraform.io/hashicorp/external v2.2.2
• provider registry.terraform.io/hashicorp/local v2.2.2
• provider registry.terraform.io/hashicorp/null v3.1.1
• provider registry.terraform.io/hashicorp/random v3.1.3
• provider registry.terraform.io/hashicorp/time v0.7.2
• provider registry.terraform.io/hashicorp/tls v3.3.0

Please advise

Thanks,

Mark.

[LaurentLesle]

There is a breaking change with az cli version 2.37.0. I have pushed a commit with the fix
aztfmod/rover@a3874df

A new preview rover will be available shortly - https://github.com/aztfmod/rover/runs/6595897772?check_suite_focus=true

[mgibson85]

Thank you, in this case I'm not using rover. I'm using the standalone module directly i.e.

module "caf" { source = "aztfmod/caf/azurerm" version = "~>5.5.0" }

[LaurentLesle]

hashicorp/terraform-provider-azurerm#16982

[LaurentLesle]

@mgibson85 I have opened an issue on the provider.
In the meantime you can add the following command before you execute terraform in an interactive run:

export TF_VAR_logged_user_objectId=$(az ad signed-in-user show --query id -o tsv --only-show-errors)

[mgibson85]

Thanks @LaurentLesle, I've tried the command but it still fails:

[LaurentLesle]

Do you have a variable called logged_user_objectId set in your root module? You need to add and pass it through the caf module

…

On Tue, 31 May 2022 at 17:32, mgibson85 ***@***.***> wrote: Thanks @LaurentLesle <https://github.com/LaurentLesle>, I've tried the command but it still fails: [image: image] <https://user-images.githubusercontent.com/12297674/171141980-4d20b779-f71c-4424-b202-7a9b6826fc13.png> — Reply to this email directly, view it on GitHub <#1173 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABD4AEEWZXXCL7QHJH6PNY3VMXMBBANCNFSM5W4Q5YQA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[mgibson85]

Thank you @LaurentLesle.

If anyone needs a working example:

main.tf:

terraform {
  required_providers {
  }
  required_version = ">= 0.15"
}

provider "azurerm" {
  features {
    key_vault {
      purge_soft_delete_on_destroy = var.provider_azurerm_features_keyvault.purge_soft_delete_on_destroy
    }
  }
}

provider "azurerm" {
  alias                      = "vhub"
  skip_provider_registration = true
  features {}
  subscription_id = data.azurerm_client_config.default.subscription_id
  tenant_id       = data.azurerm_client_config.default.tenant_id
}

data "azurerm_client_config" "default" {}

variable "global_settings" {
  default = {}
}

variable "resource_groups" {
  default = {}
}

variable "logged_user_objectId" {
  default = {}
}

variable "provider_azurerm_features_keyvault" {
  default = {
    purge_soft_delete_on_destroy = true
  }
}

module "caf" {
  source  = "aztfmod/caf/azurerm"
  version = ">=5.4.2"

  providers = {
    azurerm.vhub = azurerm.vhub
  }

  global_settings             = var.global_settings
  resource_groups             = var.resource_groups
  logged_user_objectId        = var.logged_user_objectId
}

terraform.auto.tfvars:

global_settings = {
  default_region = "region1"
  environment    = "dev"
  regions = {
    region1 = "northeurope"
  }
}

resource_groups = {
  region1 = {
    name   = "rg01"
    region = "region1"
  }
}

export TF_VAR_logged_user_objectId=$(az ad signed-in-user show --query id -o tsv --only-show-errors)

or (for powershell)

$env:TF_VAR_logged_user_objectId=$(az ad signed-in-user show --query id -o tsv --only-show-errors)

terraform init
terraform plan

output:

data.azurerm_client_config.default: Reading...
data.azurerm_client_config.default: Read complete after 0s [id=2022-06-03 09:56:17.1526044 +0000 UTC]
module.caf.data.azurerm_client_config.current: Reading...
module.caf.data.azurerm_subscription.primary: Reading...
module.caf.data.azurerm_client_config.current: Read complete after 0s [id=2022-06-03 09:56:18.3891044 +0000 UTC]
module.caf.data.azurerm_subscription.primary: Read complete after 1s [id=/subscriptions/a0a1db5d-####-####-abd4-d953b09bdb81]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.caf.random_string.prefix[0] will be created
  + resource "random_string" "prefix" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = false
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.caf.module.resource_groups["region1"].azurecaf_name.rg will be created
  + resource "azurecaf_name" "rg" {
      + clean_input   = true
      + id            = (known after apply)
      + name          = "rg01"
      + passthrough   = false
      + prefixes      = (known after apply)
      + random_length = 0
      + resource_type = "azurerm_resource_group"
      + result        = (known after apply)
      + results       = (known after apply)
      + separator     = "-"
      + use_slug      = true
    }

  # module.caf.module.resource_groups["region1"].azurerm_resource_group.rg will be created
  + resource "azurerm_resource_group" "rg" {
      + id       = (known after apply)
      + location = "northeurope"
      + name     = (known after apply)
    }

Plan: 3 to add, 0 to change, 0 to destroy.

[mgibson85]

HI @LaurentLesle, this issue appears to be fixed in the provider release 3.9.0 - hashicorp/terraform-provider-azurerm#16982.

What's needed for the CAF module to be updated?

[mgibson85]

Hi, can you provide a progress update on this fix?

[MrTolerant]

You need to use azure-cli version smaller than 2.37 , for example 2.36.0

brew uninstall azure-cli
pip3 install azure-cli==2.36.0

This problem because CAF module uses old azurerm provider version = "~> 2.99"
And azure-cli have breaking changes in version 2.37 that renames objectId --> id

You can check
az ad signed-in-user show --query objectId

@LaurentLesle Do you planned to upgrade azurerm provider to latest version in CAF module?

[mgibson85]

Many thanks for the response @MrTolerant , this is certainly the way I'm currently working.

I was curious when the update would take place to either remove the workaround of using TF_VAR_logged_user_objectId=$(az ad signed-in-user show --query id -o tsv --only-show-errors) or terraform plan -var logged_user_objectId=$(az ad signed-in-user show --query id -o tsv --only-show-errors) when using the latest version of azure-cli

[arnaudlh]

hi folks, the problem is fixed after azurerm 3.9. For your testing purposes, you can use the following update branch: int-azrm-3.7.0 which includes 3.9 (despite the name ;)) this should fix the issue for local consumption.