'could not configure AzureCli Authorizer: could not parse Azure CLI version' error in Terraform

May 22, 2022 · 2 mins read · Post a comment

As I continue on my Terraform issues resolving journey, I want to share yet another not quite common TF issue.


  • Terraform

The error

While I was playing around with the azuread provider and testing the azure CLI authentication using the following code for instance:

## requirements.tf
terraform {
  required_providers {
    azuread = {
      source  = "hashicorp/azuread"
      version = "= 2.22.0"

## provider.tf
provider "azuread" {
  tenant_id = "<some_tenant_id>"

## data.tf
data "azuread_client_config" "current" {}

## azure.tf
resource "azuread_group" "devcoops" {
  display_name     = "devcoops"
  owners           = [data.azuread_client_config.current.object_id]
  security_enabled = true

What I’ve received as part of the output was:

│ Error: could not configure AzureCli Authorizer: could not parse Azure CLI version: unmarshaling the output of Azure CLI: invalid character 'D' looking for beginning of value 
│   with provider["registry.terraform.io/hashicorp/azuread"], 
│   on provider.tf line 1, in provider "azuread": 
│    1: provider "azuread" {


I really couldn’t wrap up my mind around what could be the underlying cause as the az login authentication was successful. I did update the Azure CLI to the latest version though and the user/system environment variables were set already (I’m working on a Windows 10 machine BTW). The invalid character D might be referring to the terraform path env var which is set to D:\<some_terraform_dir>.

Now, back to the solution:

  1. I had installed the 386 version of Terraform sigh. Next thing I did was download and install the amd64 version instead and the error was simply gone.
  2. If that doesn’t work, or you can’t or don’t want to use az cli for some reason, try to follow the official Terraform Authenticating to Azure Active Directory docs.


Two things I’ve learned:

  1. The Azure CLI auth is always executed last.
  2. You can disable the az CLI auth by adding use_cli = false as part of the provider “azuread” {} block.

As per usual, if you could think of any alternative solution, please do let me know in the comment section below. On a side note, follow our official channel on Telegram.