Error Fetching subscriptionID from VM metadata service for Managed Identity authentication - azure

[citrixguyblog]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

When filing a bug, please include the following headings if possible. Any
example text in this template can be deleted.

Overview of the Issue

I am trying to execute a Packer build for Azure with a configured Service Principal. For an unknown reason it is always trying to use a Managed Identity. I don't see any issue with my packer template, I am providing the necessary details for "client_id" and "client_secret". The variables are specified and values are correct. Has anyone seen this kind of behaviour before?

Reproduction Steps

This is happening with every build.
I tried several packer versions & azure plugins but it doesn't make a difference.

Packer version

Packer v1.10.0

packer-plugin-azure_v2.0.2_x5.0_windows_amd64
packer-plugin-azure_v2.0.1_x5.0_windows_amd64
packer-plugin-azure_v1.4.5_x5.0_windows_amd64

Simplified Packer Template

source "azure-arm" "test" {

#Azure Info
subscription_id = "${var.subscription_id}"
client_id = "${var.AZURE_CLIENT_ID}"
client_secret = "${var.AZURE_CLIENT_SECRET}"
cloud_environment_name = "Public" # China, Germany, or USGovernment

#Packer Azure
build_resource_group_name = "rg-test # Resource Group needs to exist before!!
managed_image_name = "${var.managed_image_name}-${formatdate("YYYY-MM-DD-hhmm",timestamp())}"
managed_image_resource_group_name = "rg-test"
managed_image_storage_account_type = "Premium_LRS" # Standard_LRS

Operating system and Environment details

Windows 11, Local

Log Fragments and crash.log files

==> Some builds didn't complete successfully and had errors: 2024/01/10 09:40:04 machine readable: azure-arm.avd,error []string{"error fetching subscriptionID from VM metadata service for Managed Identity authentication: Get \"http://169.254.169.254/metadata/instance/compute?api-version=2017-08-01&format=json\": dial tcp 169.254.169.254:80: connectex: A socket operation was attempted to an unreachable network."} 2024/01/10 09:40:04 ui error: --> azure-arm.avd: error fetching subscriptionID from VM metadata service for Managed Identity authentication: Get "http://169.254.169.254/metadata/instance/compute?api-version=2017-08-01&format=json": dial tcp 169.254.169.254:80: connectex: A socket operation was attempted to an unreachable network.

[citrixguyblog]

I found a workaround to be able to run the packer build.
There is an issue with the environment variable which is specifying the subscription id.
If the subscription is hardcoded in the template everything is working.

Is there any other way to pass the env var? I don't have issues with other variables. Thats weird.

$SubscriptionID = "f3b2289d-601b-4b8b-8e22-8c930f7a829f"  
[System.Environment]::SetEnvironmentVariable('AZURE_SUBSCRIPTION_ID',"$SubscriptionID ",[System.EnvironmentVariableTarget]::User)

Packer Template

variable "AZURE_SUBSCRIPTION_ID" {
  type    = string
  default = "${env("AZURE_SUBSCRIPTION_ID")}"
}

subscription_id      = "${var.AZURE_SUBSCRIPTION_ID}" 

[srinadhbh]

@citrixguyblog did you find any solution. I came across the same issue and couldn't find any solution.

[citrixguyblog]

@srinadhbh Is it working when you specify the subscription id without a variable? I didn't have the time to investigate this further.