Terraform 计划错误:无法为 Azure 资源管理器 API 构建授权者

问题描述 投票:0回答:1

我在运行 terraform plan 时遇到错误。错误信息如下:

Planning failed. Terraform encountered an error while generating this plan.
╷
│ Error: unable to build authorizer for Resource Manager API: could not configure AzureCli Authorizer: obtaining subscription ID: obtaining account details: running Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account.
│ 
│   with provider["registry.terraform.io/hashicorp/azurerm"],
│   on providers.tf line 17, in provider "azurerm":
│   17: provider "azurerm" {

这是我的 Provider.tf 文件:-

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=4.4.0"
    }
    azapi = {
      source  = "Azure/azapi"
      version = "1.9.0"
    }
  }
}

provider "azurerm" {
  storage_use_azuread = true
  features {}
}

这是我的 github 操作 

workflow-call
文件,我在其中定义了所有需要的环境变量。

name: Terraform Plan

on:
  workflow_call:
    inputs:
      environment:
        required: true
        description: Environment used to config Github environments
        type: string
      location:
        required: true
        description: The azure region location to deploy the resources
        type: string
      terraform_version:
        required: true
        description: The Terraform version to use
        type: string
        default: "1.6.6"
      terraform_directory:
        required: true
        description: The path to the terraform code relative to the root directory
        type: string
        default: ./terraform/selfhosted-dp-appsvc
      terraform_workspace:
        required: true
        description: Terraform workspace to use
        type: string
        default: dev-default
      terraform_plan_output:
        required: true
        description: Name of the terraform plan output
        type: string
      terraform_apply:
        required: false
        description: Whether to apply terraform play or not
        type: boolean
        default: false

env:
  TF_VAR_location: ${{ inputs.location }}
  TF_VAR_env: ${{ inputs.environment }}
  ARM_CLIENT_ID: ${{ secrets.AARM_CLIENT_ID_NON_PROD }}
  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET_NON_PROD }}
  ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID_NON_PROD }}
  ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID_NON_PROD}}
  ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY_NON_PROD }}

jobs:
  terraform:
    name: terraform
    runs-on: uhg-runner
    environment: ${{ inputs.environment }}

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Setup Terraform
        uses: uhg-actions/setup-terraform@v2
        with:
          terraform_version: ${{ inputs.terraform_version }}

      - name: Terraform init
        working-directory: ${{ inputs.terraform_directory }}
        run: terraform init -reconfigure -backend-config=${{ inputs.environment }}/backend.config

      - name: Terraform workspace
        working-directory: ${{ inputs.terraform_directory }}
        run: terraform workspace new ${{ inputs.terraform_workspace }} || terraform workspace select ${{ inputs.terraform_workspace }}

      - name: Terraform Validate
        working-directory: ${{ inputs.terraform_directory }}
        run: terraform validate

      - name: Terraform plan
        working-directory: ${{ inputs.terraform_directory }}
        run: terraform plan -input=false -var-file=${{ inputs.environment }}/terraform.tfvars -out=${{ inputs.terraform_plan_output }}

      - name: Terraform Apply
        if: ${{ inputs.terraform_apply }}
        working-directory: ${{ inputs.terraform_directory }}
        run: terraform apply -input=false ${{ inputs.terraform_plan_output }}

这是我的 github 操作文件:

name: AZ CONTAINER APP IAC pipeline

on:
  workflow_dispatch:
    inputs:
      environment:
        type: environment
        description: 'Environment to deploy'
        required: true
        default: 'non-prod'
         
permissions:
  contents: read
  pull-requests: write

jobs:
  deployment-cgw-az-containerapp-centralus:
    name: AZ CONATINER APP deployment [CentralUS]
    uses: ./.github/workflows/azure-tf.yaml
    with:
      environment: ${{ github.event.inputs.environment || 'non-prod' }}
      terraform_version: "1.6.6"
      terraform_workspace: ${{ github.event.inputs.environment }}-az-container-app
      terraform_directory: ./terraform/containerapp
      location: centralus
      terraform_plan_output: ${{ github.event.inputs.environment }}-az-container-app-centralus-tfplan
      terraform_apply: true
    secrets: inherit
terraform github-actions terraform-provider-azure azure-rm
1个回答
0
投票

使用 terraform 时为 Azure 资源管理器 API 构建授权方。

您好vikash sharma,似乎您已经找到了解决问题的方法,我正在强调该方法,请随时添加您的输入或解决方法,因为它可能会帮助其他有类似问题的人。

您提到的阻止程序是由于 Azure CLI (

az
) 未登录而必须进行身份验证。

正如 GuiFalourd 所建议的,由于开头额外的“A”而导致的拼写错误可能会导致错误,因为 Terraform 可能无法获取正确的客户端 ID。

更新线路

ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID_NON_PROD }}

确保所有其他环境变量(

ARM_CLIENT_SECRET
ARM_TENANT_ID
ARM_SUBSCRIPTION_ID
ARM_ACCESS_KEY
)均已准确命名并与您的机密配置匹配。

参考:

https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure

https://dev.to/willvelida/deploying-to-azure-with-terraform-and-github-actions-5191

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.