Introduction
Prerequisites (if applicable)
- Azure Cloud services
- Bash scripts
- Storage accounts
- Agents
Overview
Running custom scripts inside agents can be challenging. Agent pools have their own set of API tokens which allow agents to communicate with HCP Terraform, scoped to an organization. These tokens are not valid for direct usage in the HCP Terraform API and are only used by agents. Although a user may have appropriate Azure environment variables and variables sets assigned in the workspace for authentication, directly running custom scripts in the agent will not work.
Procedures
-
Identify where the script is running from and verify it has executable permissions
- Correct user permissions so agent can run the script. The HCP Terraform Agent runs as the non-root tfc-agent user within the container, so permissions need to be explicitly modified for the Docker socket.
- Once it is confirmed that all permissions are set, authentication must be done again using az login inside of script or azure account key if accessing storage tables or any resources from Azure.
- Command inside script:
-
az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID
-