通过Azure中的Terraform为VM实例创建托管系统标识_Terraform_Terraform Provider Azure

通过Azure中的Terraform为VM实例创建托管系统标识

terraform

通过Azure中的Terraform为VM实例创建托管系统标识,terraform,terraform-provider-azure,Terraform,Terraform Provider Azure,正在尝试使用Terraform为VM创建托管系统标识。正在出错，状态=404 Code=“MissingSubscription” 正在尝试为VM创建托管系统标识。以下是代码片段： ############################################################################### # Create Managed System Identity for VMs ######################################

正在尝试使用Terraform为VM创建托管系统标识。正在出错，状态=404 Code=“MissingSubscription”

正在尝试为VM创建托管系统标识。以下是代码片段：

###############################################################################
# Create Managed System Identity for VMs
###############################################################################

data "azurerm_subscription" "primary" {}

 data "azurerm_builtin_role_definition" "contributor" {
   name = "Contributor"
 }

resource "azurerm_role_assignment" "contributor" {
  name                = "[${element(azurerm_virtual_machine.consul.*.id, count.index + 1)}]"
  scope              = "${var.subscription_id}"
 #scope              = "${data.azurerm_subscription.primary.id}"
  principal_id       = "${var.tenant_object_id}"
  role_definition_id = "${var.subscription_id}${data.azurerm_builtin_role_definition.contributor.id}"
  }

运行

terraform apply

会产生以下错误：

错误：

Error: Error applying plan:

1 error(s) occurred:

* azurerm_role_assignment.contributor: 1 error(s) occurred:

* azurerm_role_assignment.contributor: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="MissingSubscription" Message="The request did not have a subscription or a valid tenant level resource provider."

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

我试图遵循这里描述的示例-，但如果我将范围更改回

scope=“${data.azurerm_subscription.primary.id}”

，则会出现以下错误：

* azurerm_role_assignment.contributor: 1 error(s) occurred:

* azurerm_role_assignment.contributor: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=405 -- Original Error: autorest/azure: Service returned an error. Status=405 Code="" Message="The requested resource does not support http method 'PUT'."

这里有多个问题：

资源分配的

azurerm\u角色

的

name

字段必须是GUID，在您的代码中它有方括号

角色定义id必须具有单个表达式求值，例如仅

${data.azurerm\u内置角色定义.contributor.id}

创建此示例的正确方法是：

###############################################################################
# Create Managed System Identity for VMs
###############################################################################

data "azurerm_subscription" "primary" {}

data "azurerm_builtin_role_definition" "contributor" {
  name = "Contributor"
}

resource "azurerm_role_assignment" "contributor" {
  name               = "00000000-0000-0000-0000-000000000000"
  scope              = "${data.azurerm_subscription.primary.id}"
  principal_id       = "${var.tenant_object_id}"
  role_definition_id = "${data.azurerm_builtin_role_definition.contributor.id}"
}

假设

tenant\u object\u id

变量确实是您的主要订阅中的现有服务主体id。

非常感谢@J00MZ