使用以下应用服务定义
data "azurerm_resource_group" "rg" {
name = var.resource_group_name
}
# Creates our new App Service
resource "azurerm_app_service" "app" {
name = var.app_name
app_service_plan_id = var.app_service_plan_id
location = data.azurerm_resource_group.rg.location
resource_group_name = data.azurerm_resource_group.rg.name
client_affinity_enabled = false
enabled = true
https_only = true
app_settings = var.app_settings
site_config {
always_on = true
http2_enabled = true
use_32_bit_worker_process = false
scm_type = "LocalGit"
default_documents = var.default_documents
cors {
allowed_origins = var.cors_allowed_origins
support_credentials = var.cors_enabled
}
}
identity {
type = "SystemAssigned"
}
我正在像这样设置 keyvault 访问策略
resource "azurerm_key_vault_access_policy" "app" {
key_vault_id = var.key_vault_id
tenant_id = azurerm_app_service.app.identity[0].tenant_id
object_id = azurerm_app_service.app.identity[0].principal_id
secret_permissions = ["get", "list"]
}
但是 terraform 的 azure 提供程序会出现此错误
Error: "object_id": required field is not set
on ..\modules\app-service\main.tf line 68, in resource "azurerm_key_vault_access_policy" "app":
68: resource "azurerm_key_vault_access_policy" "app" {
Error: "tenant_id": required field is not set
on ..\modules\app-service\main.tf line 68, in resource "azurerm_key_vault_access_policy" "app":
68: resource "azurerm_key_vault_access_policy" "app" {
就好像身份 block 不提供tenant_id和principal_id属性
有什么想法吗?
最佳答案
问题证明,Azure 中的应用服务已关闭“SystemAssigned”,这导致计划和应用失败。修复 azure 服务解决了我们的问题。我们的问题可能也可以通过污染应用程序服务以及破坏和重新创建基础设施来解决。
关于azure - 无法在 terraform azure 提供程序中获取 SystemAssigned 身份属性,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59560286/