具有以下应用服务定义
data "azurerm_resource_group" "rg" {
name = var.resource_group_name
}
# Creates our new App Service
resource "azurerm_app_service" "app" {
name = var.app_name
app_service_plan_id = var.app_service_plan_id
location = data.azurerm_resource_group.rg.location
resource_group_name = data.azurerm_resource_group.rg.name
client_affinity_enabled = false
enabled = true
https_only = true
app_settings = var.app_settings
site_config {
always_on = true
http2_enabled = true
use_32_bit_worker_process = false
scm_type = "LocalGit"
default_documents = var.default_documents
cors {
allowed_origins = var.cors_allowed_origins
support_credentials = var.cors_enabled
}
}
identity {
type = "SystemAssigned"
}
我正在像这样设置密钥库访问策略
resource "azurerm_key_vault_access_policy" "app" {
key_vault_id = var.key_vault_id
tenant_id = azurerm_app_service.app.identity[0].tenant_id
object_id = azurerm_app_service.app.identity[0].principal_id
secret_permissions = ["get", "list"]
}
但是Terraform的Azure提供程序却给出了此错误
Error: "object_id": required field is not set
on ..\modules\app-service\main.tf line 68, in resource "azurerm_key_vault_access_policy" "app":
68: resource "azurerm_key_vault_access_policy" "app" {
Error: "tenant_id": required field is not set
on ..\modules\app-service\main.tf line 68, in resource "azurerm_key_vault_access_policy" "app":
68: resource "azurerm_key_vault_access_policy" "app" {
好像身份块不提供tenant_id和principal_id属性
有什么想法吗?
答案 0 :(得分:1)
问题原来是,天蓝色的应用程序服务已关闭“ SystemAssigned”,这正在导致计划和申请失败。修复天蓝色的服务解决了我们的问题。我们的问题可能还可以通过保留应用程序服务以及销毁和重新创建基础结构来解决。
答案 1 :(得分:0)
应该是这样:
${azurerm_app_service.app.identity.0.tenant_id}
${azurerm_app_service.app.identity.0.principal_id}
https://www.terraform.io/docs/providers/azurerm/r/app_service.html#attributes-reference