I'm reading that as a way to do it (note the 'or'...), not the only way to do it...
* or *set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT. While I can try it out for test purposes, I'm trying to avoid setting the values in environment variables. I appreciate your feedback. Shawn On Wednesday, March 15, 2023 at 12:23:58 PM UTC-4 Rowe, Walter P. (Fed) wrote: > Given how they are presented in all caps and it says "environment > variables" then you need to make them ENVIRONMENT variables (ie Linux env > vars) – not parameters to the task module. > > > Walter > -- > Walter Rowe, Division Chief > Infrastructure Services, OISM > Mobile: 202.355.4123 <(202)%20355-4123> > > On Mar 15, 2023, at 12:11 PM, Shawn Singh <[email protected]> wrote: > > I have a service principal for authentication. > > Based on this bullet: > > - To authenticate via service principal, pass subscription_id, > client_id, secret and tenant or set environment variables > AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT. > > > My takeaway is that I need to supply the subscription_id, client_id, > tenant, and secret to tell Ansible that I want to authenticate using > service principal. > > Since the module accepts subscription_id, client_id, tenant, and secret, > I'm passing the values to the module, figuring the module will attempt to > perform authentication using my service principal. > > I'm not getting an authentication failed type of message, so it seems that > the module isn't using the values I'm supplying. > To test this out, I tried to set auth_source to "credential_file", as I've > got the parameters required for service principal authentication stored in > the default location (~/.azure/credentials); however, it fails the same > way, so my guess is the module needs something so that when the constructor > gets called ... it can create the object; however, I don't see what I'm > missing. > > Thanks, > > Shawn > On Wednesday, March 15, 2023 at 11:04:23 AM UTC-4 Rowe, Walter P. (Fed) > wrote: > >> TypeError: ResourceManagementClient.__init__() missing 1 required >> positional argument: 'credential'. >> >> What kind of authentication have you configured? >> >> >> https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_resourcegroup_info_module.html#ansible-collections-azure-azcollection-azure-rm-resourcegroup-info-module >> >> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.ansible.com%2Fansible%2Flatest%2Fcollections%2Fazure%2Fazcollection%2Fazure_rm_resourcegroup_info_module.html%23ansible-collections-azure-azcollection-azure-rm-resourcegroup-info-module&data=05%7C01%7Cwalter.rowe%40nist.gov%7C1c26f1c913e84790886a08db256ff4c3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638144935000756704%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2Bc4%2B6g4dXnuF9pmJXgOiQ8QUqUwfuY7JW9mK7mQht10%3D&reserved=0> >> >> Walter >> -- >> Walter Rowe, Division Chief >> Infrastructure Services, OISM >> Mobile: 202.355.4123 <(202)%20355-4123> >> >> On Mar 15, 2023, at 10:53 AM, Shawn Singh <[email protected]> wrote: >> >> Hello, >> >> I have a playbook where I am calling my az commands via the command >> module. >> It works as expected. >> I'm trying to convert it to PoSH (different thread) and as I'm seeing >> some issues there, falling back to using specific Azure Modules. >> >> When I execute the following playbook, it fails. >> >> My intent is just to check for the existence of a resource group, >> authenticating using service principal. >> >> I've got more int he original playbook; however, trying to start small, >> so I've only coded a couple tasks. >> >> # get the subscription_id, client_id, tenant, secret >> >> - name: read secret >> >> include_vars: >> >> file: ../files/spsecret >> >> no_log: true >> >> # check if resource group exists, pass in the args retrieved in previous >> step for authentication >> >> - name: check if the rg already exists >> >> azure.azcollection.azure_rm_resourcegroup_info: >> >> name: "np-{{ custom_name }}-rg-east" >> >> subscription_id: "{{ sub_id }}" >> >> client_id: "{{ sp }}" >> >> secret: "{{ secret }}" >> >> tenant: "{{ tenant }}" >> >> register: rg_exists >> >> The full traceback is: >> >> Traceback (most recent call last): >> >> File >> "/Users/j8683/.ansible/tmp/ansible-tmp-1678891419.194826-50522-78867749364726/AnsiballZ_azure_rm_resourcegroup_info.py", >> >> line 107, in <module> >> >> _ansiballz_main() >> >> File >> "/Users/j8683/.ansible/tmp/ansible-tmp-1678891419.194826-50522-78867749364726/AnsiballZ_azure_rm_resourcegroup_info.py", >> >> line 99, in _ansiballz_main >> >> invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS) >> >> File >> "/Users/j8683/.ansible/tmp/ansible-tmp-1678891419.194826-50522-78867749364726/AnsiballZ_azure_rm_resourcegroup_info.py", >> >> line 47, in invoke_module >> >> >> runpy.run_module(mod_name='ansible_collections.azure.azcollection.plugins.modules.azure_rm_resourcegroup_info', >> >> init_globals=dict(_module_fqn='ansible_collections.azure.azcollection.plugins.modules.azure_rm_resourcegroup_info', >> >> _modlib_path=modlib_path), >> >> File >> "/opt/homebrew/Cellar/[email protected]/3.10.9/Frameworks/Python.framework/Versions/3.10/lib/python3.10/runpy.py", >> >> line 224, in run_module >> >> return _run_module_code(code, init_globals, run_name, mod_spec) >> >> File >> "/opt/homebrew/Cellar/[email protected]/3.10.9/Frameworks/Python.framework/Versions/3.10/lib/python3.10/runpy.py", >> >> line 96, in _run_module_code >> >> _run_code(code, mod_globals, init_globals, >> >> File >> "/opt/homebrew/Cellar/[email protected]/3.10.9/Frameworks/Python.framework/Versions/3.10/lib/python3.10/runpy.py", >> >> line 86, in _run_code >> >> exec(code, run_globals) >> >> File >> "/var/folders/51/76dtk91x4wq1lgdndd_ll6040000gn/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_52xvp3bz/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_resourcegroup_info.py", >> >> line 235, in <module> >> >> File >> "/var/folders/51/76dtk91x4wq1lgdndd_ll6040000gn/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_52xvp3bz/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_resourcegroup_info.py", >> >> line 231, in main >> >> File >> "/var/folders/51/76dtk91x4wq1lgdndd_ll6040000gn/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_52xvp3bz/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_resourcegroup_info.py", >> >> line 160, in __init__ >> >> File >> "/var/folders/51/76dtk91x4wq1lgdndd_ll6040000gn/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_52xvp3bz/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py", >> >> line 472, in __init__ >> >> File >> "/var/folders/51/76dtk91x4wq1lgdndd_ll6040000gn/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_52xvp3bz/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_resourcegroup_info.py", >> >> line 174, in exec_module >> >> File >> "/var/folders/51/76dtk91x4wq1lgdndd_ll6040000gn/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_52xvp3bz/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_resourcegroup_info.py", >> >> line 194, in get_item >> >> File >> "/var/folders/51/76dtk91x4wq1lgdndd_ll6040000gn/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_52xvp3bz/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py", >> >> line 1070, in rm_client >> >> File >> "/var/folders/51/76dtk91x4wq1lgdndd_ll6040000gn/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_52xvp3bz/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py", >> >> line 920, in get_mgmt_svc_client >> >> TypeError: ResourceManagementClient.__init__() missing 1 required >> positional argument: 'credential'. >> >> Not getting what is causing the error as I'm passing the parameters >> required for service principal auth. >> >> In addition, I tried having a az login task, removing the service >> principal stuff from the 'check if the rg already exists' task. The az >> login worked... but the task failed with the same error. >> >> This is my version of ansible and ansible-core: >> >> ansible 7.3.0 >> >> ansible-core 2.14.3 >> >> Here's more details about my environment: >> >> ansible [core 2.14.3] >> >> config file = None >> >> configured module search path = >> ['/Users/j8683/.ansible/plugins/modules', >> '/usr/share/ansible/plugins/modules'] >> >> ansible python module location = >> /Users/j8683/Library/Python/3.9/lib/python/site-packages/ansible >> >> ansible collection location = >> /Users/j8683/.ansible/collections:/usr/share/ansible/collections >> >> executable location = /Users/j8683/Library/Python/3.9/bin/ansible >> >> python version = 3.9.6 (default, Sep 26 2022, 11:37:49) [Clang 14.0.0 >> (clang-1400.0.29.202)] (/Library/Developer/CommandLineTools/usr/bin/python3) >> >> jinja version = 3.1.2 >> >> libyaml = True >> >> Thanks, >> >> Shawn >> >> >> >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/5adb2e0b-b12e-4775-bfae-7d00c8c3144an%40googlegroups.com >> >> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F5adb2e0b-b12e-4775-bfae-7d00c8c3144an%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C1c26f1c913e84790886a08db256ff4c3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638144935000756704%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=v4D1Fk%2B%2FSkq%2FdVIzumC%2BnZn3xdnPmg1Yt3DeJtmVk%2F4%3D&reserved=0> >> . >> >> >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/848506f1-26c8-4705-8fb7-ad5e3a1d8be4n%40googlegroups.com > > <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F848506f1-26c8-4705-8fb7-ad5e3a1d8be4n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C1c26f1c913e84790886a08db256ff4c3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638144935000756704%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=I%2BJQ9f21wOVdCjvGFEAfHWleoi7F8KpdZRaibWDmacs%3D&reserved=0> > . > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/261798a3-ae2e-411c-9a80-fecaf8880ac0n%40googlegroups.com.
