我有 2 个帐户。帐户 1 和帐户 2。 我跑
az login
然后
az account set --subscription "account-1-subscription-id
然后
az account show
然后显示我指向帐户 1 接下来我就跑
terraform plan
及其目标帐户 2
我使用相同的命令提示符来运行 az login、az account set...、terrform init、terraform plan 等
我通过 Azure CLI 向 azurerm 提供商进行身份验证
这就是我设置提供商的方式
provider "azurerm" {
features {
resource_group {
prevent_deletion_if_contains_resources = false
}
}
subscription_id = var.subscription_id
client_id = var.client_id
client_secret = var.client_secret
tenant_id = var.tenant_id
}
即使用我的变量文件中的订阅 ID 变量,如下所示:
variable "subscription_id" {
default = "account-1-subscription-id"
description = "the subscription ID we are creating azure resources in."
}
我尝试卸载并重新安装 terraform,从帐户 2 的订阅中完全删除我的访问权限,更新 AZ CLI,运行“Remove-Item -Recurse -Force .terraform”,terraform init -reconfigure。
我和你有同样的问题。 就我而言,我有两个 Azure 服务主体,另一个已注销,但
terraform我的后端块看起来像这样......
terraform {
backend "azurerm" {
subscription_id = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
storage_account_name = "terraformdevstate"
resource_group_name = "cc-dev-rg-tor"
container_name = "tfstate-devops-dev"
key = "dev-test"
}
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>3.80"
}
azuread = {
source = "hashicorp/azuread"
version = "~>2.4"
}
}
required_version = "~> 1.5"
}
我认为
terraformError: Failed to get existing workspaces: Error retrieving keys for Storage Account "terraformdevstate": storage.AccountsClient#ListKeys: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '6cb8xxxx-xxxx-xxxx-xxxx-70c35b6cxxxx' with object id '6cb8xxxx-xxxx-xxxx-xxxx-70c35b6cxxxx' does not have authorization to perform action
即使我注销第一个 SP 并登录到第二个 SP terraform 也想使用第一个 SP 来部署基础设施。
不确定这是 Terraform 还是 Azure CLI 出现问题。