I'm reading that as a way to do it (note the 'or'...), not the only way to do it...
* or *set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT. While I can try it out for test purposes, I'm trying to avoid setting the values in environment variables. I appreciate your feedback. Shawn On Wednesday, March 15, 2023 at 12:23:58 PM UTC-4 Rowe, Walter P. (Fed) wrote: > Given how they are presented in all caps and it says "environment > variables" then you need to make them ENVIRONMENT variables (ie Linux env > vars) – not parameters to the task module. > > > Walter > -- > Walter Rowe, Division Chief > Infrastructure Services, OISM > Mobile: 202.355.4123 <(202)%20355-4123> > > On Mar 15, 2023, at 12:11 PM, Shawn Singh <callm...@gmail.com> wrote: > > I have a service principal for authentication. > > Based on this bullet: > > - To authenticate via service principal, pass subscription_id, > client_id, secret and tenant or set environment variables > AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT. > > > My takeaway is that I need to supply the subscription_id, client_id, > tenant, and secret to tell Ansible that I want to authenticate using > service principal. > > Since the module accepts subscription_id, client_id, tenant, and secret, > I'm passing the values to the module, figuring the module will attempt to > perform authentication using my service principal. > > I'm not getting an authentication failed type of message, so it seems that > the module isn't using the values I'm supplying. > To test this out, I tried to set auth_source to "credential_file", as I've > got the parameters required for service principal authentication stored in > the default location (~/.azure/credentials); however, it fails the same > way, so my guess is the module needs something so that when the constructor > gets called ... it can create the object; however, I don't see what I'm > missing. > > Thanks, > > Shawn > On Wednesday, March 15, 2023 at 11:04:23 AM UTC-4 Rowe, Walter P. (Fed) > wrote: > >> TypeError: ResourceManagementClient.__init__() missing 1 required >> positional argument: 'credential'. >> >> What kind of authentication have you configured? >> >> >> https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_resourcegroup_info_module.html#ansible-collections-azure-azcollection-azure-rm-resourcegroup-info-module >> >> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.ansible.com%2Fansible%2Flatest%2Fcollections%2Fazure%2Fazcollection%2Fazure_rm_resourcegroup_info_module.html%23ansible-collections-azure-azcollection-azure-rm-resourcegroup-info-module&data=05%7C01%7Cwalter.rowe%40nist.gov%7C1c26f1c913e84790886a08db256ff4c3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638144935000756704%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2Bc4%2B6g4dXnuF9pmJXgOiQ8QUqUwfuY7JW9mK7mQht10%3D&reserved=0> >> >> Walter >> -- >> Walter Rowe, Division Chief >> Infrastructure Services, OISM >> Mobile: 202.355.4123 <(202)%20355-4123> >> >> On Mar 15, 2023, at 10:53 AM, Shawn Singh <callm...@gmail.com> wrote: >> >> Hello, >> >> I have a playbook where I am calling my az commands via the command >> module. >> It works as expected. >> I'm trying to convert it to PoSH (different thread) and as I'm seeing >> some issues there, falling back to using specific Azure Modules. >> >> When I execute the following playbook, it fails. >> >> My intent is just to check for the existence of a resource group, >> authenticating using service principal. >> >> I've got more int he original playbook; however, trying to start small, >> so I've only coded a couple tasks. >> >> # get the subscription_id, client_id, tenant, secret >> >> - name: read secret >> >> include_vars: >> >> file: ../files/spsecret >> >> no_log: true >> >> # check if resource group exists, pass in the args retrieved in previous >> step for authentication >> >> - name: check if the rg already exists >> >> azure.azcollection.azure_rm_resourcegroup_info: >> >> name: "np-{{ custom_name }}-rg-east" >> >> subscription_id: "{{ sub_id }}" >> >> client_id: "{{ sp }}" >> >> secret: "{{ secret }}" >> >> tenant: "{{ tenant }}" >> >> register: rg_exists >> >> The full traceback is: >> >> Traceback (most recent call last): >> >> File >> "/Users/j8683/.ansible/tmp/ansible-tmp-1678891419.194826-50522-78867749364726/AnsiballZ_azure_rm_resourcegroup_info.py", >> >> line 107, in <module> >> >> _ansiballz_main() >> >> File >> "/Users/j8683/.ansible/tmp/ansible-tmp-1678891419.194826-50522-78867749364726/AnsiballZ_azure_rm_resourcegroup_info.py", >> >> line 99, in _ansiballz_main >> >> invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS) >> >> File >> "/Users/j8683/.ansible/tmp/ansible-tmp-1678891419.194826-50522-78867749364726/AnsiballZ_azure_rm_resourcegroup_info.py", >> >> line 47, in invoke_module >> >> >> runpy.run_module(mod_name='ansible_collections.azure.azcollection.plugins.modules.azure_rm_resourcegroup_info', >> >> init_globals=dict(_module_fqn='ansible_collections.azure.azcollection.plugins.modules.azure_rm_resourcegroup_info', >> >> _modlib_path=modlib_path), >> >> File >> "/opt/homebrew/Cellar/pyt...@3.10/3.10.9/Frameworks/Python.framework/Versions/3.10/lib/python3.10/runpy.py", >> >> line 224, in run_module >> >> return _run_module_code(code, init_globals, run_name, mod_spec) >> >> File >> "/opt/homebrew/Cellar/pyt...@3.10/3.10.9/Frameworks/Python.framework/Versions/3.10/lib/python3.10/runpy.py", >> >> line 96, in _run_module_code >> >> _run_code(code, mod_globals, init_globals, >> >> File >> "/opt/homebrew/Cellar/pyt...@3.10/3.10.9/Frameworks/Python.framework/Versions/3.10/lib/python3.10/runpy.py", >> >> line 86, in _run_code >> >> exec(code, run_globals) >> >> File >> "/var/folders/51/76dtk91x4wq1lgdndd_ll6040000gn/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_52xvp3bz/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_resourcegroup_info.py", >> >> line 235, in <module> >> >> File >> "/var/folders/51/76dtk91x4wq1lgdndd_ll6040000gn/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_52xvp3bz/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_resourcegroup_info.py", >> >> line 231, in main >> >> File >> "/var/folders/51/76dtk91x4wq1lgdndd_ll6040000gn/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_52xvp3bz/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_resourcegroup_info.py", >> >> line 160, in __init__ >> >> File >> "/var/folders/51/76dtk91x4wq1lgdndd_ll6040000gn/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_52xvp3bz/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py", >> >> line 472, in __init__ >> >> File >> "/var/folders/51/76dtk91x4wq1lgdndd_ll6040000gn/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_52xvp3bz/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_resourcegroup_info.py", >> >> line 174, in exec_module >> >> File >> "/var/folders/51/76dtk91x4wq1lgdndd_ll6040000gn/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_52xvp3bz/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_resourcegroup_info.py", >> >> line 194, in get_item >> >> File >> "/var/folders/51/76dtk91x4wq1lgdndd_ll6040000gn/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_52xvp3bz/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py", >> >> line 1070, in rm_client >> >> File >> "/var/folders/51/76dtk91x4wq1lgdndd_ll6040000gn/T/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload_52xvp3bz/ansible_azure.azcollection.azure_rm_resourcegroup_info_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py", >> >> line 920, in get_mgmt_svc_client >> >> TypeError: ResourceManagementClient.__init__() missing 1 required >> positional argument: 'credential'. >> >> Not getting what is causing the error as I'm passing the parameters >> required for service principal auth. >> >> In addition, I tried having a az login task, removing the service >> principal stuff from the 'check if the rg already exists' task. The az >> login worked... but the task failed with the same error. >> >> This is my version of ansible and ansible-core: >> >> ansible 7.3.0 >> >> ansible-core 2.14.3 >> >> Here's more details about my environment: >> >> ansible [core 2.14.3] >> >> config file = None >> >> configured module search path = >> ['/Users/j8683/.ansible/plugins/modules', >> '/usr/share/ansible/plugins/modules'] >> >> ansible python module location = >> /Users/j8683/Library/Python/3.9/lib/python/site-packages/ansible >> >> ansible collection location = >> /Users/j8683/.ansible/collections:/usr/share/ansible/collections >> >> executable location = /Users/j8683/Library/Python/3.9/bin/ansible >> >> python version = 3.9.6 (default, Sep 26 2022, 11:37:49) [Clang 14.0.0 >> (clang-1400.0.29.202)] (/Library/Developer/CommandLineTools/usr/bin/python3) >> >> jinja version = 3.1.2 >> >> libyaml = True >> >> Thanks, >> >> Shawn >> >> >> >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ansible-proje...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/5adb2e0b-b12e-4775-bfae-7d00c8c3144an%40googlegroups.com >> >> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F5adb2e0b-b12e-4775-bfae-7d00c8c3144an%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C1c26f1c913e84790886a08db256ff4c3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638144935000756704%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=v4D1Fk%2B%2FSkq%2FdVIzumC%2BnZn3xdnPmg1Yt3DeJtmVk%2F4%3D&reserved=0> >> . >> >> >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible-proje...@googlegroups.com. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/848506f1-26c8-4705-8fb7-ad5e3a1d8be4n%40googlegroups.com > > <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F848506f1-26c8-4705-8fb7-ad5e3a1d8be4n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C1c26f1c913e84790886a08db256ff4c3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638144935000756704%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=I%2BJQ9f21wOVdCjvGFEAfHWleoi7F8KpdZRaibWDmacs%3D&reserved=0> > . > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/261798a3-ae2e-411c-9a80-fecaf8880ac0n%40googlegroups.com.
