Fail early on mismatched environments/clouds (#3281)

Quoting the code comment: CLI authentication can only use the environment that the CLI is configured for. Fail early if that's not the one from config, to avoid obscure errors about missing subscriptions or endpoints later. Resolves #3274 Sample shell session: ``` ❯ pulumi config -s gov | rg environ azure-native:environment usgovernment ❯ az account show | rg environ "environmentName": "AzureCloud", ❯ PATH=$HOME/pulumi/pan/bin:$PATH pulumi up -s gov Previewing update (gov) Type Name Plan Info + pulumi:pulumi:Stack azn-3268-env-gov create 3 warnings └─ azure-native:resources:ResourceGroup resourceGroup 1 error Diagnostics: azure-native:resources:ResourceGroup (resourceGroup): error: The configured Azure environment 'usgovernment' does not match the determined environment 'public'. When authenticating using the Azure CLI, the configured environment needs to match the one shown by 'az account show'. You can change environments using 'az cloud set --name <environment>'. ```
pulumi · May 14, 2024 · b47bf2e · b47bf2e
1 parent 856e4e6
commit b47bf2e
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/provider/pkg/provider/auth.go b/provider/pkg/provider/auth.go
@@ -139,6 +139,15 @@ func (k *azureNativeProvider) getAuthConfig() (*authConfig, error) {
 		return nil, err
 	}
 
+	// CLI authentication can only use the environment that the CLI is configured for.
+	// Fail early if that's not the one from config, to avoid obscure errors about missing subscriptions or endpoints later.
+	if c.Environment != envName {
+		return nil, errors.Errorf(`The configured Azure environment '%s' does not match the determined environment '%s'.
+When authenticating using the Azure CLI, the configured environment needs to match the one shown by 'az account show'.
+You can change environments using 'az cloud set --name <environment>'.`,
+			envName, c.Environment)
+	}
+
 	return &authConfig{c, needCli}, nil
 }