Terraform 将存储共享添加到Azure存储帐户时出错

Terraform 将存储共享添加到Azure存储帐户时出错,terraform,terraform-provider-azure,Terraform,Terraform Provider Azure,在添加azurerm\u存储\u共享后,运行terraform apply时出现以下错误 Error: Error checking for existence of existing Storage Share "fileshare" (Account "sttestforaddingfileshare" / Resource Group "resources"): shares.Client#GetProperties: Failu

在添加
azurerm\u存储\u共享
后,运行
terraform apply
时出现以下错误

Error: Error checking for existence of existing Storage Share "fileshare"
(Account "sttestforaddingfileshare" / Resource Group "resources"):
shares.Client#GetProperties: Failure responding to request: StatusCode=403
-- Original Error: autorest/azure: Service returned an error. 
Status=403 Code="AuthorizationFailure" 
Message="This request is not authorized to perform this operation.
\nRequestId:188ae38b-e01a-000b-35b3-a32ea2000000
\nTime:2020-10-16T11:55:16.7337008Z"
我认为原因很可能是Terraform试图列出存储帐户中的现有文件共享,直接访问存储帐户的REST API,而不是Azure资源管理器的REST API

它失败了,因为存在不包含运行在其上的主机terraform的IP的防火墙规则。当我将笔记本电脑的IP添加到防火墙规则中时,它就起作用了。但这不是我们想要的行为

你知道有什么解决办法吗?感谢您的帮助

我的TF配置如下:

provider "azurerm" {
  version     = "= 2.32.0"
  features {}
}
 
resource "azurerm_resource_group" "rg" {
  name     = "resources"
  location = var.location
}

resource "azurerm_virtual_network" "vnet" {
  name                = "vnet"
  location            = var.location
  resource_group_name = azurerm_resource_group.rg.name
  address_space       = ["10.0.0.0/16"]
}

resource "azurerm_subnet" "snet" {
  name                 = "snet"
  resource_group_name  = azurerm_resource_group.rg.name
  virtual_network_name = azurerm_virtual_network.vnet.name
  address_prefixes     = ["10.0.1.0/24"]
  
  service_endpoints = [ "Microsoft.Storage" ]
}

resource "azurerm_storage_account" "storage" {
  name                     = "sttestforaddingfileshare"
  resource_group_name      = azurerm_resource_group.rg.name

  location                 = var.location
  account_tier             = "Standard"
  account_replication_type = "LRS"

  network_rules {
    default_action             = "Deny"
    virtual_network_subnet_ids = [ azurerm_subnet.snet.id ]
    bypass = [ "None" ]
  }
}

resource "azurerm_storage_share" "file_share" {
    name                 = "fileshare"
    storage_account_name = azurerm_storage_account.storage.name
    quota                = 100
}
您可以使用该资源定义网络规则,并删除直接在
azurerm\u storage\u帐户
资源上定义的网络规则块

此外,您还可以使用az CLI而不是单独的资源“azurerm\u存储\u共享”来创建文件共享。

经过我的验证后

PS D:\Terraform> .\terraform.exe -v
Terraform v0.13.4
+ provider registry.terraform.io/hashicorp/azurerm v2.32.0
地形应用
地形销毁
时,它起作用

resource "azurerm_storage_account" "storage" {
  name                     = "nnnstore1"
  resource_group_name      = azurerm_resource_group.rg.name

  location                 = var.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
  
provisioner "local-exec" {
    command =<<EOT
    az storage share create `
    --account-name ${azurerm_storage_account.storage.name} `
    --account-key ${azurerm_storage_account.storage.primary_access_key} `
    --name ${var.myshare} `
    --quota 100   
    EOT

    interpreter = [ "Powershell", "-c"]
  }

}
   


resource "azurerm_storage_account_network_rules" "test" {
  resource_group_name  = azurerm_resource_group.rg.name
  storage_account_name = azurerm_storage_account.storage.name

  default_action             = "Deny"
  virtual_network_subnet_ids = [azurerm_subnet.snet.id]
  bypass                     = ["None"]
}
资源“azurerm\u存储”帐户“存储”{
name=“nnnstore1”
resource\u group\u name=azurerm\u resource\u group.rg.name
位置=变量位置
账户_tier=“标准”
帐户\u复制\u type=“LRS”
供应人“本地执行官”{

command=我最近在尝试为容器组创建存储共享时遇到了这个问题。它的代码与您的代码几乎相同,但有额外的容器组

我在将堆栈作为新组件部署时遇到了这个问题,通过部署除存储共享组件及其所有引用之外的所有内容,绕过了这个错误

然后,当这项工作完成后,我引入了存储共享,并毫无问题地重新部署了它


糟糕的解决方案,但它已重新部署。

你好,Nancy,非常感谢您的回答。您的解决方案看起来很方便,但出现了一个异常。要重新运行本地exec provisioner(例如,增加配额大小),您需要污染存储帐户。这将导致重新创建存储帐户。