我们使用 Azure 作为 Terraform 代码的后端。下面是代码。
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.40.0"
}
}
backend "azurerm" {
resource_group_name = "test"
storage_account_name = "test"
container_name = "test"
key = "test.tfstate"
tenant_id = "abc"
}
}
provider "azurerm" {
features {}
alias = "new-new"
subscription_id = var.another_subscription
}
provider "azurerm" {
features {}
}
我已使用以下命令以服务主体用户身份登录:
az login --service-principal -t tenant-id-here -u object-id-of-sp -p client-secret-of-sp
当我terraform init这样做时,会出现以下错误:
Initializing the backend...
╷
│ Error: Error building ARM Config: Authenticating using the Azure CLI is only supported as a User (not a Service Principal).
│
│ To authenticate to Azure using a Service Principal, you can use the separate 'Authenticate using a Service Principal'
│ auth method - instructions for which can be found here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret
│
│ Alternatively you can authenticate using the Azure CLI by using a User Account.
我还尝试在使用
Aza登录后存储后端配置文件Service Principal,但仍然遇到相同的错误。要解决此问题,您需要在Terraform 配置块中提供服务主体的
client_id、client_secret、subscription_id和tenant_idbackend地形初始化
一旦我运行了
terraform init,它就可以工作,并且.tfstate文件也被复制到 ,storage account如下所示。