Fatal编程技术网
  • azure-devops/
  • Azure devops Terraform计划在Azure Devops中失败

Azure devops Terraform计划在Azure Devops中失败

azure-devops terraform

Azure devops Terraform计划在Azure Devops中失败,azure-devops,terraform,terraform-provider-azure,azure-devops-pipelines,Azure Devops,Terraform,Terraform Provider Azure,Azure Devops Pipelines,我正在尝试使用terraform在Azure中构建infra。我正在通过Azure DevOps实现自动化,我们的组织中还没有任务,我正在运行CLI脚本来获取它,虽然我可以一直运行到terraform init,但无法运行terraform plan。如前所述,我正在使用服务主体进行身份验证。我正在跟踪以完成设置 这是我的管道 - task: AzureCLI@1 displayName: Terraform init inputs: azureSubscription: Sub

我正在尝试使用terraform在Azure中构建infra。我正在通过Azure DevOps实现自动化,我们的组织中还没有任务,我正在运行CLI脚本来获取它,虽然我可以一直运行到terraform init,但无法运行terraform plan。如前所述,我正在使用服务主体进行身份验证。我正在跟踪以完成设置

这是我的管道

- task: AzureCLI@1
  displayName: Terraform init
  inputs:
    azureSubscription: Subscription
    scriptLocation: inlineScript
    inlineScript: |
      set -eux  # fail on error
      terraform init \
        -backend-config=storage_account_name=$(storageAccountName) \
        -backend-config=container_name=$(container_name) \
        -backend-config=key=$(key)/terraform.tfstate \
        -backend-config=sas_token=$(artifactsLocationSasToken) \
        -backend-config=subscription_id="$(ARM_SUBSCRIPTION_ID)" \
        -backend-config=tenant_id="$(ARM_TENANT_ID)" \
        -backend-config=client_id="$(ARM_CLIENT_ID)" \
        -backend-config=client_secret="$(ARM_CLIENT_SECRET)" 
    addSpnToEnvironment: true
    workingDirectory: $(System.DefaultWorkingDirectory)/Modules

- bash: |
    set -eu  # fail on error
    terraform plan -out=tfplan -input=false -detailed-exitcode
   
  displayName: Terraform apply
  workingDirectory: $(System.DefaultWorkingDirectory)/Modules
在tf文件中,我有非常基本的内容要尝试

provider "azurerm" {
  version     = ">= 2.61.0"
  features {}
}

data "azurerm_resource_group" "main" {
  name = var.resource_group_name
}

terraform {
  backend "azurerm" {
 }
}
我得到了这个错误

生成AzureRM客户端时出错:从Azure获取订阅(***) CLI:从Azure解析json结果时出错CLI:等待时出错 Azure CLI:退出状态1:错误:请运行“az登录”以安装 帐户

已更新

- task: AzureCLI@2
  inputs:
    azureSubscription: $(scConn)
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    inlineScript: |
      $sasToken = (az storage container generate-sas --account-name $(storageAccountName) --name $(container_name) --permissions rwdl --expiry $(date -u -d "30 minutes" +%Y-%m-%dT%H:%MZ))
      Write-Host($sasToken) Write-Output("##vso[task.setvariable variable=artifactsLocationSasToken;]$sasToken")

- task: AzureCLI@1
  displayName: Terraform credentials
  inputs:
    azureSubscription: $(scConn)
    scriptLocation: inlineScript
    inlineScript: |
      set -eu  # fail on error
      echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$(servicePrincipalId)"
      echo "##vso[task.setvariable variable=ARM_CLIENT_SECRET;issecret=true]$(servicePrincipalKey)"
      echo "##vso[task.setvariable variable=ARM_SUBSCRIPTION_ID]$(subscriptionId)"
      echo "##vso[task.setvariable variable=ARM_TENANT_ID]$(tenantId)"
    addSpnToEnvironment: true

- task: AzureCLI@1
  displayName: Terraform init
  inputs:
    azureSubscription: $(scConn)
    scriptLocation: inlineScript
    inlineScript: |
      set -eux  # fail on error
      terraform init \
        -backend-config=storage_account_name=$(storageAccountName) \
        -backend-config=container_name=$(container_name) \
        -backend-config=key=$(key)/terraform.tfstate \
        -backend-config=sas_token=$(artifactsLocationSasToken) \
        -backend-config=subscription_id="$(ARM_SUBSCRIPTION_ID)" \
        -backend-config=tenant_id="$(ARM_TENANT_ID)" \
        -backend-config=client_id="$(ARM_CLIENT_ID)" \
        -backend-config=client_secret="$(ARM_CLIENT_SECRET)" 
    addSpnToEnvironment: true
    workingDirectory: $(System.DefaultWorkingDirectory)/Modules
生成AzureRM客户端时出错:从Azure CLI获取订阅(***):从Azure CLI解析json结果时出错:等待Azure CLI时出错:退出状态1:错误:请运行“az登录”到安装帐户

此问题的根本原因是Azure CLI最终将运行az account clear命令。因此,当前Azure CLI任务中的az登录信息将不会保留

您需要在terraform plan命令之前添加其他命令(az login命令)以登录

您可以在Azure CLI任务中启用参数:
addSpnToEnvironment:true
,并将登录信息设置为管道变量。然后您可以在az login命令中使用这些信息

以下是一个例子:

- task: AzureCLI@1
  displayName: Terraform init
  inputs:
    azureSubscription: Subscription
    scriptType: bash
    scriptLocation: inlineScript
    inlineScript: |
      set -eux  # fail on error
     echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$servicePrincipalId" 
     echo "##vso[task.setvariable variable=ARM_CLIENT_SECRET]$servicePrincipalKey"
     echo "##vso[task.setvariable variable=ARM_TENANT_ID]$tenantId"

      terraform init \
        -backend-config=storage_account_name=$(storageAccountName) \
        -backend-config=container_name=$(container_name) \
        -backend-config=key=$(key)/terraform.tfstate \
        -backend-config=sas_token=$(artifactsLocationSasToken) \
        -backend-config=subscription_id="$(ARM_SUBSCRIPTION_ID)" \
        -backend-config=tenant_id="$(ARM_TENANT_ID)" \
        -backend-config=client_id="$(ARM_CLIENT_ID)" \
        -backend-config=client_secret="$(ARM_CLIENT_SECRET)" 
    addSpnToEnvironment: true
    workingDirectory: $(System.DefaultWorkingDirectory)/Modules

- bash: |
    set -eu  # fail on error
    az login --service-principal --username $(ARM_CLIENT_ID) --password $(ARM_CLIENT_SECRET)  --tenant $(ARM_TENANT_ID)
    terraform plan -out=tfplan -input=false -detailed-exitcode
   
  displayName: Terraform apply
  workingDirectory: $(System.DefaultWorkingDirectory)/Modules
这张票有更新吗?请随时告诉我答案是否可以解决此问题。我已将az登录添加到管道->错误生成AzureRM客户端:仅支持作为用户(而不是服务主体)使用Azure CLI进行身份验证bash:| set-eu#错误登录失败——服务主体——用户名$(ARM_CLIENT_ID)——密码$(ARM_CLIENT_SECRET)——租户$(ARM_tenant_ID)terraform plan-out=tfplan-input=false——详细的exitcode显示名称:terraform应用工作目录:$(System.DefaultWorkingDirectory)/ModulesHi@threeleggedrabbit。您是否添加了
echo“##vso[task.setvariable=ARM_CLIENT_ID]……
以在azure cli任务中设置变量?您是否可以与我们共享当前的YAML示例?是的,我添加了ARM_CLIENT_ID。更新了问题