Skip to content
This repository was archived by the owner on Jul 26, 2024. It is now read-only.

Rover CAF foundation plan fails with authorization error #46

Closed
manavibanerjee opened this issue Jun 19, 2020 · 2 comments
Closed

Rover CAF foundation plan fails with authorization error #46

manavibanerjee opened this issue Jun 19, 2020 · 2 comments
Assignees
@arnaudlh
Labels
question Further information is requested

Comments

@manavibanerjee
Copy link

Describe the bug
Following the steps in https://github.com/Azure/caf-terraform-landingzones/blob/master/documentation/getting_started/getting_started.md.
Rover is downloaded and integrated with VS code. Rover logs in to correct subscription (my internal Azure sub).
launchpad /tf/launchpads/launchpad_opensource_light apply --> selected westeurope
While doing the rover /tf/caf/landingzones/landingzone_caf_foundations plan --> error comes for authentication

To Reproduce
2020-06-19T02:08:23.888Z [DEBUG] plugin.terraform-provider-azurerm_v2.8.0_x5: X-Ms-Keyvault-Region: westeurope
2020-06-19T02:08:23.888Z [DEBUG] plugin.terraform-provider-azurerm_v2.8.0_x5: X-Ms-Keyvault-Service-Version: 1.1.6.0
2020-06-19T02:08:23.888Z [DEBUG] plugin.terraform-provider-azurerm_v2.8.0_x5: X-Ms-Request-Id: 50ee2acc-5233-4d4e-b672-acc306b7fe2d
2020-06-19T02:08:23.888Z [DEBUG] plugin.terraform-provider-azurerm_v2.8.0_x5: X-Powered-By: ASP.NET
2020-06-19T02:08:23.888Z [DEBUG] plugin.terraform-provider-azurerm_v2.8.0_x5:
2020-06-19T02:08:23.888Z [DEBUG] plugin.terraform-provider-azurerm_v2.8.0_x5: {"value":"72f988bf-86f1-41af-91ab-2d7cd011db47","contentType":"","id":"https://rvsvs-kv-level0-b0k1rfjf.vault.azure.net/secrets/launchpad-tenant-id/e2ca2cc7f3ee421ab5fb160c18b409b1","attributes":{"enabled":true,"created":1592562911,"updated":1592562911,"recoveryLevel":"Purgeable"},"tags":{}}
2020/06/19 02:08:23 [TRACE] : eval: *terraform.EvalWriteState
2020/06/19 02:08:23 [TRACE] EvalWriteState: recording 10 dependencies for azurerm_key_vault_secret.launchpad_tenant_id
2020/06/19 02:08:23 [TRACE] EvalWriteState: writing current state object for azurerm_key_vault_secret.launchpad_tenant_id
2020/06/19 02:08:23 [TRACE] [walkRefresh] Exiting eval tree: azurerm_key_vault_secret.launchpad_tenant_id
2020/06/19 02:08:23 [TRACE] vertex "azurerm_key_vault_secret.launchpad_tenant_id": visit complete
2020/06/19 02:08:23 [TRACE] vertex "azurerm_key_vault_secret.launchpad_tenant_id": dynamic subgraph completed successfully
2020/06/19 02:08:23 [TRACE] vertex "azurerm_key_vault_secret.launchpad_tenant_id": visit complete
2020/06/19 02:08:23 [TRACE] dag/walk: upstream of "provider.azurerm (close)" errored, so skipping
2020/06/19 02:08:23 [TRACE] dag/walk: upstream of "root" errored, so skipping
2020/06/19 02:08:23 [TRACE] statemgr.Filesystem: removing lock metadata file /home/vscode/.terraform.cache/tfstates/level0/.launchpad_opensource_light.tfstate.lock.info
2020/06/19 02:08:23 [TRACE] statemgr.Filesystem: unlocking /home/vscode/.terraform.cache/tfstates/level0/launchpad_opensource_light.tfstate using fcntl flock
Error: Error reading queue properties for AzureRM Storage Account "rvsvsstdiagykpwt2idndntq": queues.Client#GetServiceProperties: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthenticationFailed" Message="Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\nRequestId:68da4bbe-3003-0056-2b26-4654c0000000\nTime:2020-06-19T10:44:57.3884742Z"

2020-06-19T02:08:23.930Z [DEBUG] plugin: plugin process exited: path=/home/vscode/.terraform.cache/plugins/linux_amd64/terraform-provider-azurerm_v2.8.0_x5 pid=4970
2020-06-19T02:08:23.931Z [DEBUG] plugin: plugin exited
Error on or near line 459: Error running terraform plan; exiting with status 2000

Screenshots
image

Configuration (please complete the following information):

  • Version of the rover[e.g. 22]: aztfmod/rover:2005.1510
  • Version of the landing zone[e.g. 11]:

Additional context
While I am in my correct subscription and have generated service principle by using az ad sp create-for-rbac, where does the authentication fail?
@manavibanerjee manavibanerjee added the bug Something isn't working label Jun 19, 2020
@arnaudlh
Copy link
Member

Hi Manavi, is seems to be related to aztfmod/rover#6 (and docker/for-win#4526) - it sometimes happen if you are running Docker on Windows that clock with the container get unsync, you can get the issue typing date and verifying the clock. If thats the case you can sudo hwclock -s if you are running WSL2, or simply restart Docker if you are on Docker on Hyper-V.

@arnaudlh arnaudlh self-assigned this Jun 22, 2020
@arnaudlh arnaudlh added question Further information is requested and removed bug Something isn't working labels Jun 22, 2020
@arnaudlh arnaudlh closed this as completed Jul 9, 2020
@patpicos
Copy link
Contributor

if you are running in WSL, this might be better

sudo apt install ntpdate
sudo ntpdate -sb time.nist.gov

add add a crontab entry as root to run the update hourly

0 * * * * ntpdate time.windows.com

@arnaudlh arnaudlh mentioned this issue Oct 8, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@arnaudlh arnaudlh

Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@arnaudlh @patpicos @manavibanerjee