通过Azure中的Terraform为VM实例创建托管系统标识
正在尝试使用Terraform为VM创建托管系统标识。正在出错,状态=404 Code=“MissingSubscription” 正在尝试为VM创建托管系统标识。以下是代码片段:通过Azure中的Terraform为VM实例创建托管系统标识,terraform,terraform-provider-azure,Terraform,Terraform Provider Azure,正在尝试使用Terraform为VM创建托管系统标识。正在出错,状态=404 Code=“MissingSubscription” 正在尝试为VM创建托管系统标识。以下是代码片段: ############################################################################### # Create Managed System Identity for VMs ######################################
###############################################################################
# Create Managed System Identity for VMs
###############################################################################
data "azurerm_subscription" "primary" {}
data "azurerm_builtin_role_definition" "contributor" {
name = "Contributor"
}
resource "azurerm_role_assignment" "contributor" {
name = "[${element(azurerm_virtual_machine.consul.*.id, count.index + 1)}]"
scope = "${var.subscription_id}"
#scope = "${data.azurerm_subscription.primary.id}"
principal_id = "${var.tenant_object_id}"
role_definition_id = "${var.subscription_id}${data.azurerm_builtin_role_definition.contributor.id}"
}
运行terraform apply
会产生以下错误:
错误:
Error: Error applying plan:
1 error(s) occurred:
* azurerm_role_assignment.contributor: 1 error(s) occurred:
* azurerm_role_assignment.contributor: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="MissingSubscription" Message="The request did not have a subscription or a valid tenant level resource provider."
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
我试图遵循这里描述的示例-,但如果我将范围更改回scope=“${data.azurerm_subscription.primary.id}”
,则会出现以下错误:
* azurerm_role_assignment.contributor: 1 error(s) occurred:
* azurerm_role_assignment.contributor: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=405 -- Original Error: autorest/azure: Service returned an error. Status=405 Code="" Message="The requested resource does not support http method 'PUT'."
这里有多个问题:
azurerm\u角色
的name
字段必须是GUID,在您的代码中它有方括号${data.azurerm\u内置角色定义.contributor.id}
###############################################################################
# Create Managed System Identity for VMs
###############################################################################
data "azurerm_subscription" "primary" {}
data "azurerm_builtin_role_definition" "contributor" {
name = "Contributor"
}
resource "azurerm_role_assignment" "contributor" {
name = "00000000-0000-0000-0000-000000000000"
scope = "${data.azurerm_subscription.primary.id}"
principal_id = "${var.tenant_object_id}"
role_definition_id = "${data.azurerm_builtin_role_definition.contributor.id}"
}
假设
tenant\u object\u id
变量确实是您的主要订阅中的现有服务主体id。非常感谢@J00MZ