【发布时间】:2020-08-09 06:27:35
【问题描述】:
在 azure 中:尝试为逻辑应用系统分配托管标识的角色以启动/停止虚拟机时,我收到以下错误消息:
Error: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="PrincipalNotFound" Message="Principal xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx does not exist in the directory xxxxx-x-x-x-xxxx."
我的假设是,模板输出时我没有得到正确的 id
"[reference(resourceId('Microsoft.Logic/workflows/', 'scheduledvmdown'), '2019-05-01', 'Full').Identity.tenantId]"
应将 terraform 模板部署输出用作角色分配 principal_id 的输入。
我使用 terraform 来部署逻辑应用模板,如下所示:
resource "azurerm_template_deployment" "myterraformscheduledvmdown" {
name = "scheduledvmdown"
resource_group_name = "j14t23resources"
template_body = <<DEPLOY
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
...
"resources": [
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2019-05-01",
"name": "scheduledvmdown",
"location": "westus2",
"identity": {
"type": "SystemAssigned"
},
"properties":
...
],
"outputs": {
"appid": {
"type": "string",
"value": "[reference(resourceId('Microsoft.Logic/workflows/', 'scheduledvmdown'), '2019-05-01', 'Full').Identity.tenantId]"
...
DEPLOY
parameters = {
}
deployment_mode = "Incremental"
}
output "appid" {
value = "${lookup(azurerm_template_deployment.myterraformscheduledvmdown.outputs, "appid")}"
}
resource "azurerm_role_assignment" "scheduletovmdown" {
scope = azurerm_linux_virtual_machine.myterraformvm.id
role_definition_name = "Virtual Machine Contributor"
principal_id = azurerm_template_deployment.myterraformscheduledvmdown.outputs["appid"]
}
【问题讨论】:
标签: azure terraform azure-resource-manager