使用terraform provisioner运行shell脚本；“本地执行官”；返回Azure DevOps中被拒绝的权限返回被拒绝的权限_Azure_Azure Devops_Sh_Terraform_Azure Databricks

使用terraform provisioner运行shell脚本；“本地执行官”；返回Azure DevOps中被拒绝的权限返回被拒绝的权限

azure azure-devops terraform

使用terraform provisioner运行shell脚本；“本地执行官”；返回Azure DevOps中被拒绝的权限返回被拒绝的权限,azure,azure-devops,sh,terraform,azure-databricks,Azure,Azure Devops,Sh,Terraform,Azure Databricks,我正在尝试为databricks提供一个pat令牌，该令牌具有null_资源和本地exec。这是代码块： resource "null_resource" "databricks_token" { triggers = { workspace = azurerm_databricks_workspace.databricks.id key_vault_access = azurerm_key_vault_access_policy.terraform.id } pr

我正在尝试为databricks提供一个pat令牌，该令牌具有null_资源和本地exec。这是代码块：

resource "null_resource" "databricks_token" {
  triggers = {
    workspace = azurerm_databricks_workspace.databricks.id
    key_vault_access = azurerm_key_vault_access_policy.terraform.id
  }
  provisioner "local-exec" {
    command = "${path.cwd}/generate-pat-token.sh"
    environment = {
      RESOURCE_GROUP = var.resource_group_name
      DATABRICKS_WORKSPACE_RESOURCE_ID = azurerm_databricks_workspace.databricks.id
      KEY_VAULT = azurerm_key_vault.databricks_token.name
      SECRET_NAME = "DATABRICKS-TOKEN"
      DATABRICKS_ENDPOINT = "https://westeurope.azuredatabricks.net"
    }
  }
}

但是，我得到以下错误：

2020-02-26T19:41:51.9455473Z [0m[1mnull_resource.databricks_token: Provisioning with 'local-exec'...[0m[0m
2020-02-26T19:41:51.9458257Z [0m[0mnull_resource.databricks_token (local-exec): Executing: ["/bin/sh" "-c" "/home/vsts/work/r1/a/_Infrastructure/Infrastructure/ei-project/devtest/generate-pat-token.sh"]
2020-02-26T19:41:51.9480441Z [0m[0mnull_resource.databricks_token (local-exec): /bin/sh: 1: /home/vsts/work/r1/a/_Infrastructure/Infrastructure/ei-project/devtest/generate-pat-token.sh: Permission denied
2020-02-26T19:41:51.9481502Z [0m[0m
2020-02-26T19:41:52.0386092Z [31m
2020-02-26T19:41:52.0399075Z [1m[31mError: [0m[0m[1mError running command '/home/vsts/work/r1/a/_Infrastructure/Infrastructure/ei-project/devtest/generate-pat-token.sh': exit status 126. Output: /bin/sh: 1: /home/vsts/work/r1/a/_Infrastructure/Infrastructure/ei-project/devtest/generate-pat-token.sh: Permission denied
2020-02-26T19:41:52.0401076Z [0m
2020-02-26T19:41:52.0401373Z 
2020-02-26T19:41:52.0401978Z [0m[0m[0m

附带说明，这是Azure DevOps的

知道如何解决权限被拒绝的问题吗？

这个问题的根源在于Azure DevOps如何存储工件和存储库。下面是他们文档中的一个片段，解释了为什么会发生这种情况

在“提示”部分下，您将看到以下内容：

生成工件存储在Windows文件系统上，这会导致所有UNIX权限（包括执行位）丢失。从Azure管道或TFS下载工件后，您可能需要恢复正确的UNIX权限

这意味着您下载的文件（在本例中是您的shell脚本）具有所有unix权限。为了解决这个问题，我添加了一个步骤，在执行shell脚本之前，首先对shell脚本设置适当的权限。请参见下面的示例，其中我已将修复程序添加到您提供的代码中

resource "null_resource" "databricks_token" {
  triggers = {
    workspace = azurerm_databricks_workspace.databricks.id
    key_vault_access = azurerm_key_vault_access_policy.terraform.id
  }
  provisioner "local-exec" {
    command = "chmod +x ${path.cwd}/generate-pat-token.sh; ${path.cwd}/generate-pat-token.sh"
    environment = {
      RESOURCE_GROUP = var.resource_group_name
      DATABRICKS_WORKSPACE_RESOURCE_ID = azurerm_databricks_workspace.databricks.id
      KEY_VAULT = azurerm_key_vault.databricks_token.name
      SECRET_NAME = "DATABRICKS-TOKEN"
      DATABRICKS_ENDPOINT = "https://westeurope.azuredatabricks.net"
    }
  }
}

命令部分将首先设置shell脚本的执行权限，然后执行它。

您的意思是通过Azure DevOps运行

.sh

脚本吗？如果在本地运行此脚本会怎么样？你也会得到同样的结果吗？这将有助于缩小问题是否与Azure DevOps相关的范围。在

生成pat令牌.sh

中有什么内容？您是在设置Databricks工作区，还是正在创建Databricks pat令牌？