在Azure中创建服务主体后尝试使用terraform plan或terraform apply时,Terraform会出现以下错误:
provider.azurerm:找不到有效(未到期)的Azure CLI Auth Tokens。请运行
az login。
通过az ad sp create-for-rbac在Azure中创建服务主体。
将服务主体配置作为提供程序块添加到.tf文件中:
provider "azurerm" {
alias = "tf_bootstrap"
client_id = "55708466-3686-xxxx-xxxx-xxxxxxxxxxxx"
client_secret = "88352837-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
tenant_id = "129a861e-a703-xxxx-xxxx-xxxxxxxxxxxx"
subscription_id = "c2e9d518-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
resource "azurerm_resource_group" "dev" {
name = "dev-rg"
location = "East US"
}
尝试运行terraform plan。
答案 0 :(得分:1)
如果在provider block中使用alias密钥,如问题所示,则必须在每个数据或资源块中指定provider密钥。
例如:
// When a provider alias has been defined.
resource "azurerm_resource_group" "dev" {
provider = "azurerm.tf_bootstrap"
name = "dev-rg"
location = "East US"
}
如果您错过了某个资源或数据块的provider,则该块上的身份验证失败。
但请注意,对于不在原始提供程序块中指定alias密钥也是有效的。在这种情况下,不再需要在每个资源和数据块中指定provider密钥; provider密钥可以省略。
// When a provider alias has not been defined.
resource "azurerm_resource_group" "dev" {
name = "dev-rg"
location = "East US"
}