1.25.0 breaks usage of Proxy

[steffencircle]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Hi,

i have updated the provider to version 1.25.0 and i am no longer able to authenticate against Azure via our Corporate Proxy.
Up until today terraform and the provider honored an environment variable like
export HTTPS_PROXY=http://<username>:<password>@proxy:8080
and everything was working as expected.
With 1.25.0 and the same variable set, a simple "terraform plan" gets me nothing but this:

* provider.azurerm: Unable to list provider registration status, it is possible that this is due to invalid credentials or the service principal does not have permission to use the Resource Manager API, Azure error: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/OUR_ID/providers?api-version=2016-02-01: StatusCode=0 -- Original Error: adal: Failed to execute the refresh request. Error = 'Post https://login.microsoftonline.com/OUR_ID/oauth2/token?api-version=1.0: dial tcp: lookup login.microsoftonline.com on [IP_OF_OUR_DNS_SERVER]:53: no such host'

This is kind of dramatic for us.

The terraform version is "Terraform v0.11.13", which works fine with the proxy as i can download new providers from hashicorp

[ljmsc]

I have the same problem. Workaround for now is version 1.24.0

provider "azurerm" {
  ...
  version         = "<=1.24.0"
}

[tombuildsstuff]

hi @lw81 @ljmsc

Thanks for opening this issue.

I've spent a while trying to reproduce this but I'm struggling (since all of my requests are going via a Proxy) - would either of you be able to run Terraform with the following Environment Variables (TF_LOG=1 TF_LOG_PATH=debug.log) set and post the generated log somewhere?

Out of interest does this happen with the Environment variables in lower-case? e.g. http_proxy=http://localhost:8888 https_proxy=http://localhost:8888 terraform plan. In addition which authentication mechanism are you using with Terraform?

Thanks!

[steffencircle]

I am not in the office over the Easter holidays but I will see what I can do and will try to post the debug logs .

I am using upper-case HTTPS_PROXY env var for the proxy.
Authentication is done via a SPN and the values are set via env vars as well (ARM_TENANT_ID,...)

[steffencircle]

Ha,

while trying to generate the log for you i also tested authentication via "az login" and that works successfully !
So the issue is really only when using a Service Principal Name.

Either when using the environment variables (ARM_CLIENT_ID, ...) or when specifying the credentials explicitly in the provider config it both produces the "no such host" error message.

Hope that helps to fix it.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!