Terraform 将存储共享添加到Azure存储帐户时出错
在添加Terraform 将存储共享添加到Azure存储帐户时出错,terraform,terraform-provider-azure,Terraform,Terraform Provider Azure,在添加azurerm\u存储\u共享后,运行terraform apply时出现以下错误 Error: Error checking for existence of existing Storage Share "fileshare" (Account "sttestforaddingfileshare" / Resource Group "resources"): shares.Client#GetProperties: Failu
azurerm\u存储\u共享后,运行terraform apply
时出现以下错误
Error: Error checking for existence of existing Storage Share "fileshare"
(Account "sttestforaddingfileshare" / Resource Group "resources"):
shares.Client#GetProperties: Failure responding to request: StatusCode=403
-- Original Error: autorest/azure: Service returned an error.
Status=403 Code="AuthorizationFailure"
Message="This request is not authorized to perform this operation.
\nRequestId:188ae38b-e01a-000b-35b3-a32ea2000000
\nTime:2020-10-16T11:55:16.7337008Z"
我认为原因很可能是Terraform试图列出存储帐户中的现有文件共享,直接访问存储帐户的REST API,而不是Azure资源管理器的REST API
它失败了,因为存在不包含运行在其上的主机terraform的IP的防火墙规则。当我将笔记本电脑的IP添加到防火墙规则中时,它就起作用了。但这不是我们想要的行为
你知道有什么解决办法吗?感谢您的帮助
我的TF配置如下:
provider "azurerm" {
version = "= 2.32.0"
features {}
}
resource "azurerm_resource_group" "rg" {
name = "resources"
location = var.location
}
resource "azurerm_virtual_network" "vnet" {
name = "vnet"
location = var.location
resource_group_name = azurerm_resource_group.rg.name
address_space = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "snet" {
name = "snet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.1.0/24"]
service_endpoints = [ "Microsoft.Storage" ]
}
resource "azurerm_storage_account" "storage" {
name = "sttestforaddingfileshare"
resource_group_name = azurerm_resource_group.rg.name
location = var.location
account_tier = "Standard"
account_replication_type = "LRS"
network_rules {
default_action = "Deny"
virtual_network_subnet_ids = [ azurerm_subnet.snet.id ]
bypass = [ "None" ]
}
}
resource "azurerm_storage_share" "file_share" {
name = "fileshare"
storage_account_name = azurerm_storage_account.storage.name
quota = 100
}
您可以使用该资源定义网络规则,并删除直接在azurerm\u storage\u帐户
资源上定义的网络规则块
此外,您还可以使用az CLI而不是单独的资源“azurerm\u存储\u共享”来创建文件共享。
经过我的验证后
PS D:\Terraform> .\terraform.exe -v
Terraform v0.13.4
+ provider registry.terraform.io/hashicorp/azurerm v2.32.0
当地形应用
和地形销毁
时,它起作用
resource "azurerm_storage_account" "storage" {
name = "nnnstore1"
resource_group_name = azurerm_resource_group.rg.name
location = var.location
account_tier = "Standard"
account_replication_type = "LRS"
provisioner "local-exec" {
command =<<EOT
az storage share create `
--account-name ${azurerm_storage_account.storage.name} `
--account-key ${azurerm_storage_account.storage.primary_access_key} `
--name ${var.myshare} `
--quota 100
EOT
interpreter = [ "Powershell", "-c"]
}
}
resource "azurerm_storage_account_network_rules" "test" {
resource_group_name = azurerm_resource_group.rg.name
storage_account_name = azurerm_storage_account.storage.name
default_action = "Deny"
virtual_network_subnet_ids = [azurerm_subnet.snet.id]
bypass = ["None"]
}
资源“azurerm\u存储”帐户“存储”{
name=“nnnstore1”
resource\u group\u name=azurerm\u resource\u group.rg.name
位置=变量位置
账户_tier=“标准”
帐户\u复制\u type=“LRS”
供应人“本地执行官”{
command=我最近在尝试为容器组创建存储共享时遇到了这个问题。它的代码与您的代码几乎相同,但有额外的容器组
我在将堆栈作为新组件部署时遇到了这个问题,通过部署除存储共享组件及其所有引用之外的所有内容,绕过了这个错误
然后,当这项工作完成后,我引入了存储共享,并毫无问题地重新部署了它
糟糕的解决方案,但它已重新部署。你好,Nancy,非常感谢您的回答。您的解决方案看起来很方便,但出现了一个异常。要重新运行本地exec provisioner(例如,增加配额大小),您需要污染存储帐户。这将导致重新创建存储帐户。