将一个资源的变量传递给另一个

Question

我正在通过 Terraform 创建一个 Azure 应用服务资源和一个应用注册资源（以及应用服务和其他与此问题无关的资源，因为它们工作正常）。

resource "azurerm_app_service" "app" {
  name                = var.app_service_name
  location            = var.resource_group_location
  resource_group_name = azurerm_resource_group.rg.name
  app_service_plan_id = azurerm_app_service_plan.plan-app.id

  app_settings = {
    "AzureAd:ClientId" = azuread_application.appregistration.application_id
  }

  site_config {
    ftps_state = var.app_service_ftps_state
  }
}

resource "azuread_application" "appregistration" {
  display_name                   = azurerm_app_service.app.name
  owners                         = [data.azuread_client_config.current.object_id]
  sign_in_audience               = "AzureADMyOrg"
  fallback_public_client_enabled = true

  web {
    homepage_url  = var.appreg_web_homepage_url
    logout_url    = var.appreg_web_logout_url
    redirect_uris = [var.appreg_web_homepage_url, var.appreg_web_redirect_uri]

    implicit_grant {
      access_token_issuance_enabled = true
      id_token_issuance_enabled     = true
    }
  }
}

output "appreg_application_id" {
  value = azuread_application.appregistration.application_id
}

我需要在应用服务资源的app_settings块中添加应用注册客户端/应用ID。

上面的配置我得到的错误是：

{"@level":"error","@message":"Error: Cycle: azuread_application.appregistration, azurerm_app_service.app","@module":"terraform.ui","@timestamp":"2021-09-15T10:54:31.753401Z","diagnostic":{"severity":"error","summary":"Cycle: azuread_application.appregistration, azurerm_app_service.app","detail":""},"type":"diagnostic"}

请注意，输出变量正确显示应用程序 ID。

Answer 1

你有一个循环错误，因为你有两个资源相互引用。 Terraform builds a directed acyclical graph 确定创建（或销毁）资源的顺序，其中一个资源或数据源的信息通常会流入另一个资源或数据源，从而确定此顺序。

在您的情况下，您的 azuread_application.appregistration 资源引用了 azurerm_app_service.app.name 参数，而 azurerm_app_service.app 资源需要 azuread_application.appregistration.application_id 属性。

我对 Azure 知之甚少，但对我来说，azurerm_app_service resource 似乎需要在 azuread_application resource 之前创建，所以我希望链接指向那个方向。

因为您已经将azurerm_app_service.app.name 参数设置为var.app_service_name，所以您可以直接将var.app_service_name 传递给azuread_application.appregistration.display_name 以达到相同的结果但打破循环错误。

resource "azurerm_app_service" "app" {
  name                = var.app_service_name
  location            = var.resource_group_location
  resource_group_name = azurerm_resource_group.rg.name
  app_service_plan_id = azurerm_app_service_plan.plan-app.id

  app_settings = {
    "AzureAd:ClientId" = azuread_application.appregistration.application_id
  }

  site_config {
    ftps_state = var.app_service_ftps_state
  }
}

resource "azuread_application" "appregistration" {
  display_name                   = var.app_service_name
  owners                         = [data.azuread_client_config.current.object_id]
  sign_in_audience               = "AzureADMyOrg"
  fallback_public_client_enabled = true

  web {
    homepage_url  = var.appreg_web_homepage_url
    logout_url    = var.appreg_web_logout_url
    redirect_uris = [var.appreg_web_homepage_url, var.appreg_web_redirect_uri]

    implicit_grant {
      access_token_issuance_enabled = true
      id_token_issuance_enabled     = true
    }
  }
}

output "appreg_application_id" {
  value = azuread_application.appregistration.application_id
}