我正在使用terraform创建以下Web应用程序:
resource "azurerm_app_service" "api-webapp" {
count = "${var.api_name_count}"
name = "${var.projectname}-${element(var.api_names, count.index)}-api-${var.stagename}"
depends_on = ["azurerm_app_service_plan.appservice-plan"]
resource_group_name = "${azurerm_resource_group.stage-resource-group.name}"
app_service_plan_id = "${azurerm_app_service_plan.appservice-plan.id}"
location = "${var.location}"
site_config {
}
app_settings {
}
}
这将导致3个Web应用程序。 现在,我正在创建一个密钥库,我想为其授予Web应用访问权限:
resource "azurerm_key_vault_access_policy" "keyvault_policies_apis" {
key_vault_id = "${azurerm_key_vault.keyvault.id}"
count = "${var.api_name_count}"
tenant_id = "${var.tenant_id}"
object_id = "${azurerm_app_service.api-webapp.*.identity.0.principal_id}"
key_permissions = [
"get"
]
secret_permissions = [
"get",
"list"
]
certificate_permissions = [
"get",
"getissuers",
"list",
"listissuers"
]
}
应聘者告诉我,"${azurerm_app_service.api-webapp.*.identity.0.principal_id}"是不可能的:
资源'azurerm_app_service.api-webapp'没有变量'azurerm_app_service.api-webapp。*。identity.0.principal_id'的属性'identity.0.principal_id'
如何访问网络应用程序的principal_id?
谢谢
答案 0 :(得分:0)
您正在将"${azurerm_app_service.api-webapp.*.identity.0.principal_id}"作为所有object_id资源的列表传递给azurerm_app_service。
您必须使用element从其中获取一个元素,并且将当前计数作为索引,如下所示:
object_id = "${element(azurerm_app_service.api-webapp.*.identity.0.principal_id, count.index)}"