所以我试图将 Terraform 连接到 Azure Gov,但似乎没有读取代码中的环境。或者我只是在这方面有所帮助,我们将不胜感激。
这是代码,非常基本的只是试图让它连接并在状态文件中存储一些东西。
terraform {
backend "azurerm" {
#resource_group_name = "terraform-test"
storage_account_name = "terraformstate01"
container_name = "tstate01"
key = "terraform.tfstate"
access_key = "ACCESS_KEY_GOES_HERE"
}
}
# Configure the Azure provider
provider "azurerm" {
# The "feature" block is required for AzureRM provider 2.x.
# If you are using version 1.x, the "features" block is not allowed.
version = "2.76.0"
environment = "usgovernment"
features {}
}
resource "azurerm_resource_group" "state-demo-secure" {
name = "state-demo"
location = "usgovvirginia"
}
这里还附上了我在运行 Terraform init 时遇到的错误。
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: containers.Client#ListBlobs: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthenticationFailed" Message="Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\nRequestId:c5022f4e-c01e-0002-51f4-74a3d7000000\nTime:2021-07-09T18:55:41.1228617Z"```
答案 0 :(得分:0)
正如 Ken W MSFT 在评论部分提到的,您需要在调用 .tf 文件之前设置云环境,而不是在 azurerm 提供程序中调用它。
如果是公共的,则不需要这样做,但是当您尝试使用私有的专有云时,您需要在使用该云之前使用 azure CLI 或 azure powershell 根据需要设置环境。
CLI 命令:
$ az cloud set --name AzureChinaCloud|AzureGermanCloud|AzureUSGovernment
Powershell 命令:
Connect-AzAccount -EnvironmentName AzureChinaCloud|AzureGermanCloud|AzureUSGovernment
参考:
Azure Provider: Authenticating via the Azure CLI | Guides | hashicorp/azurerm | Terraform Registry