无法创建azurerm_private_endpoint,出现错误意外状态400(400错误请求),错误:SubscriptionNotRegisteredForFeature:

问题描述 投票:0回答:2

我正在尝试使用 terraform 创建专用端点并收到错误。 我可能会错过什么?我发现有趣的是同一个订阅拥有专用端点资源。

错误:创建私有端点(订阅:“***” 执行 CreateOrUpdate: 意外状态 400 (400 错误请求) 并出现错误: SubscriptionNotRegisteredForFeature: Subscription /subscriptions//resourceGroups//providers/Microsoft.Network/subscriptions/ 未注册功能 Microsoft.Network/AllowPrivateEndpoints 需要携带输出请求的操作。 │ │ 与 module.azurerm_private_endpoint.azurerm_private_endpoint.main, │ 在 ../../factory/private-endpoint/main.tf 第 1 行,资源“azurerm_private_endpoint”“main”中: │ 1: 资源“azurerm_private_endpoint”“main”{

主.tf

locals {
  team_name  = "devops"
  stack_name = "devops"

  location_abbreviations = { # map of location abbreviations according to naming conventions
    "southafricanorth" = "san"
    "westeurope"       = "euw"

  }
  resource_group_name = "${local.location_abbreviations[var.location]}-${var.environment}-${local.team_name}-rg-001"


  tags = { # list of tags
    env        = var.environment
    managed_by = "terraform"
    team       = local.team_name
  }
}


data "azurerm_client_config" "current" {}

data "terraform_remote_state" "platform" {
  backend = "azurerm"

  config = {
    subscription_id      = "********"
    resource_group_name  = "******"
    storage_account_name = "******"
    container_name       = "platform"
    key                  = "${var.environment}.tfstate"
  }
}


module "azurerm_resource_group" {
  source                  = "../../factory/resource-group"
  resource_group_name     = local.resource_group_name
  resource_group_location = var.location

}

module "azurerm_application_insights" {

  source                       = "../../factory/application-insights"
  app_insights_name            = "${local.location_abbreviations[var.location]}-${var.environment}-${local.team_name}-ai-001"
  location                     = var.location
  resource_group_name          = local.resource_group_name
  application_type             = "web"
  log_analytics_workspace_name = "${local.location_abbreviations[var.location]}-${var.environment}-${local.team_name}-logwkspace-001"
  tags                         = local.tags
  # Disable IP masking (captures the actual client IP address)
  disable_ip_masking = true
}

module "azurerm_private_endpoint" {
  source                                                    = "../../factory/private-endpoint"
  name                                                      = "${local.location_abbreviations[var.location]}-${var.environment}-lulapay-appInsight-endpoint-001"
  location                                                  = var.location
  resource_group_name                                       = local.resource_group_name
  subnet_id                                                 = data.terraform_remote_state.platform.outputs.private_endpoints_subnet_id
  private_service_connection_name                           = "app-insights-privatelink-dns-zones"
  private_service_connection_is_manual_connection           = false
  private_service_connection_private_connection_resource_id = module.azurerm_application_insights.id
  tags                                                      = local.tags
  private_dns_zone_group_name                               = "application-insights-private-dns-zones"
  private_dns_zone_group_name_private_dns_zone_ids          = [data.terraform_remote_state.platform.outputs.app_insights_privatelink_dns_zone_id]


}

# DNS A Record for Application Insights
resource "azurerm_private_dns_a_record" "example" {
  name                = "lulapay-app-insight-privatelink"
  zone_name           = split("/", trim(data.terraform_remote_state.platform.outputs.app_insights_privatelink_dns_zone_id, "/"))[7]
  resource_group_name = local.resource_group_name
  records             = [module.azurerm_private_endpoint.private_ip]
  ttl                 = 10
}

模块

resource "azurerm_private_endpoint" "main" {


  # define endpoint name based on app service name
  name                = var.name
  resource_group_name = var.resource_group_name
  location            = var.location
  subnet_id           = var.subnet_id
  tags                = var.tags
  
   private_dns_zone_group {
    name = var.private_dns_zone_group_name
    private_dns_zone_ids = var.private_dns_zone_group_name_private_dns_zone_ids
  }
  private_service_connection {
    name                           = var.private_service_connection_name
    private_connection_resource_id = var.private_service_connection_private_connection_resource_id
    is_manual_connection           = var.private_service_connection_is_manual_connection
    

  }
}

当检查该功能仍处于待处理状态时

$ az feature show --namespace Microsoft.Network --name AllowPrivateEndpoints

{
  "id": "/subscriptions/*********/providers/Microsoft.Features/providers/Microsoft.Network/features/AllowPrivateEndpoints",
  "name": "Microsoft.Network/AllowPrivateEndpoints",
  "properties": {
    "state": ***"Pending"***
  },
  "type": "Microsoft.Features/providers/features"
}
terraform terraform-provider-azure
2个回答
1
投票

使用 terraform 在订阅中注册 

Microsoft.Network
提供商。

阻止者提到意外状态 400(400 错误请求)并显示错误:SubscriptionNotRegisteredForFeature 当特定服务的提供者注册未在该订阅下重新注册时,会弹出。

既然提到了命令

$ az feature show --namespace Microsoft.Network --name AllowPrivateEndpoints

导致注册待定,它无法按预期工作。

当我使用

skip_provider_registration  =  true
时,它仍然显示错误,提示注册丢失

enter image description here

根据 terraform 的最新文档,我们可以注册未获得许可的所需提供者。这将重新注册提供商,而不会丢失任何相关权限。

我尝试使用 

Microsoft.Network
创建一个演示专用端点,并使用此配置启用与专用端点相关的功能,这将确保提供程序的注册部分并创建专用端点而不会出现任何问题。

配置:


provider "azurerm" {
  features {}
 skip_provider_registration = true
}

resource "azurerm_resource_provider_registration" "example" {
  name = "Microsoft.Network"

   feature {
    name       = "AllowPrivateEndpoints"
    registered = true
  }
}

resource "azurerm_resource_group" "example" {
  name     = "vinays-rg"
  location = "West Europe"
}

resource "azurerm_virtual_network" "example" {
  name                = "vinay-network"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  depends_on = [ azurerm_resource_provider_registration.example ]
}

resource "azurerm_subnet" "service" {
  name                 = "service"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.1.0/24"]
  private_link_service_network_policies_enabled = false
  
}

resource "azurerm_subnet" "endpoint" {
  name                 = "vinay-endpoint"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.2.0/24"]

}

resource "azurerm_public_ip" "example" {
  name                = "vinay-pip"
  sku                 = "Standard"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  allocation_method   = "Static"

  depends_on = [ azurerm_resource_provider_registration.example ]
}

resource "azurerm_lb" "example" {
  name                = "vinay-lb"
  sku                 = "Standard"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  frontend_ip_configuration {
    name                 = azurerm_public_ip.example.name
    public_ip_address_id = azurerm_public_ip.example.id
  }
}

resource "azurerm_private_link_service" "example" {
  name                = "cvvprivatelink"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  nat_ip_configuration {
    name      = azurerm_public_ip.example.name
    primary   = true
    subnet_id = azurerm_subnet.service.id
  }

  load_balancer_frontend_ip_configuration_ids = [
    azurerm_lb.example.frontend_ip_configuration[0].id,
  ]
}

resource "azurerm_private_endpoint" "example" {
  name                = "provk-endpoint"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  subnet_id           = azurerm_subnet.endpoint.id

  private_service_connection {
    name                           = "vinay-privateserviceconnection"
    private_connection_resource_id = azurerm_private_link_service.example.id
    is_manual_connection           = false
  }
}

注:

如果需要启用功能,请使用我分享的这个。如果您想重新注册 

Microsoft.Network
从该资源中删除功能块。

部署:

enter image description here

enter image description here

enter image description here 参考:

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_provider_registration

azurerm_private_endpoint |资源 | Hashicorp/azurerm |地形 | Terraform 注册表

0
投票

为了使其正常工作,我必须包含 Azure Monitor 专用链接范围。然后将专用端点链接到它,它就起作用了。

module "azurerm_application_insights" {

  source                       = "../../factory/application-insights"
  app_insights_name            = "${local.location_abbreviations[var.location]}-${var.environment}-${local.team_name}-ai-001"
  location                     = var.location
  resource_group_name          = local.resource_group_name
  application_type             = "web"
  log_analytics_workspace_name = "${local.location_abbreviations[var.location]}-${var.environment}-${local.team_name}-logwkspace-001"
  tags                         = local.tags
  # Disable IP masking (captures the actual client IP address)
  disable_ip_masking = true
}

resource "azurerm_monitor_private_link_scope" "lulapay-ampls" {
  name                = "${local.location_abbreviations[var.location]}-${var.environment}-${local.team_name}-ampls-endpoint-001"
  resource_group_name = local.resource_group_name
}

resource "azurerm_monitor_private_link_scoped_service" "lulapay-ampls-scoped" {
  name                = "${local.location_abbreviations[var.location]}-${var.environment}-${local.team_name}-amplsservice-001"
  resource_group_name = local.resource_group_name
  scope_name          = azurerm_monitor_private_link_scope.lulapay-ampls.name
  linked_resource_id  = module.azurerm_application_insights.id
}


module "azurerm_private_endpoint" {
  source                                                    = "../../factory/private-endpoint"
  name                                                      = "${local.location_abbreviations[var.location]}-${var.environment}-lulapay-appInsight-endpoint-001"
  location                                                  = var.location
  resource_group_name                                       = local.resource_group_name
  subnet_id                                                 = data.terraform_remote_state.platform.outputs.private_endpoints_subnet_id
  private_service_connection_name                           = "app-insights-privatelink-dns-zones"
  private_service_connection_is_manual_connection           = false
  private_service_connection_private_connection_resource_id = azurerm_monitor_private_link_scope.lulapay-ampls.id
  private_service_connection_subresource_names              = ["azuremonitor"]
  tags                                                      = local.tags
  private_dns_zone_group_name                               = "application-insights-private-dns-zones"
  private_dns_zone_group_name_private_dns_zone_ids          = [data.terraform_remote_state.platform.outputs.app_insights_privatelink_dns_zone_id]

}


resource "azurerm_private_dns_zone" "example" {
  name                = "privatelink.applicationinsights.azure.com"
  resource_group_name = "san-dev-lulapay-rg-001"
}

# DNS A Record for Application Insights
resource "azurerm_private_dns_a_record" "example" {
  name                = "lulapay-app-insight-privatelink"
  zone_name           = split("/", trim(azurerm_private_dns_zone.example.id, "/"))[7]
  resource_group_name = local.resource_group_name
  records             = [module.azurerm_private_endpoint.private_ip]
  ttl                 = 10
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.