无法使用使用 Terraform 创建的存储帐户的主访问密钥和辅助访问密钥答案

【问题标题】：Unable to use the primary access key and secondary access key of a storage account created using Terraform无法使用使用 Terraform 创建的存储帐户的主访问密钥和辅助访问密钥
【发布时间】：2019-07-17 07:29:47
【问题描述】：

在经过多次徒劳的调查和分析后，我发布了这篇文章，我正在编写 Terraform 代码来创建一个服务结构集群，这样做的先决条件是首先创建一个 VM 规模集和一个存储帐户。

以下是我创建 VM 规模集和安装服务结构扩展的代码：

resource "azurerm_virtual_machine_scale_set" "sf_scale_set_app" {
  count               = "${var.is_sf_cluster_required}"
  name                = "app"
  location            = "${var.location}"
  resource_group_name = "${azurerm_resource_group.fusion.name}"

  automatic_os_upgrade = true
  upgrade_policy_mode  = "Automatic"
  health_probe_id = "${azurerm_lb_probe.sf_lb_probe_gateway_app.id}"

  sku {
    name     = "${var.sf_scale_set_app_config["name"]}"
    tier     = "${var.sf_scale_set_app_config["tier"]}"
    capacity = "${var.sf_scale_set_app_config["capacity"]}"
  }

  storage_profile_image_reference {
    publisher = "Canonical"
    offer     = "UbuntuServer"
    sku       = "16.04"
    version   = "6.0.12"
  }

  storage_profile_os_disk {
    name              = ""
    caching           = "ReadWrite"
    create_option     = "FromImage"
    managed_disk_type = "Standard_LRS"
  }

  os_profile_secrets = [
    {
      source_vault_id = "${var.sf_vault_id}"

      vault_certificates = [
        {
          certificate_url   = "${var.sf_vault_url}"
          certificate_store = "My"
        },
      ]
    },
  ]

  storage_profile_data_disk {
    lun           = 0
    caching       = "ReadWrite"
    create_option = "Empty"
    disk_size_gb  = 40
  }

  os_profile {
    computer_name_prefix = "app"
    admin_username       = "someuser"
    custom_data          = "${data.template_file.cloud_init_config_app.rendered}"
  }

  os_profile_linux_config {
    disable_password_authentication = true

    ssh_keys {
      path     = "/home/someuser/.ssh/authorized_keys"
      key_data = "${file("sshkeys/someuser.pub")}"
    }
  }

  network_profile {
    name    = "sf-vm-net-profile-${terraform.workspace}"
    primary = true

    ip_configuration {
      name                                   = "sf-ip-config-app-${terraform.workspace}"
      primary                                = true
      subnet_id                              = "${azurerm_subnet.sf_vnet_subnet.id}"
      load_balancer_backend_address_pool_ids = ["${azurerm_lb_backend_address_pool.sf_lb_be_app.id}"]
      load_balancer_inbound_nat_rules_ids    = ["${element(azurerm_lb_nat_pool.sf_nat_app.*.id, count.index)}"]
    }
  }

  extension {
    name                 = "sf-scale-set-extension-${terraform.workspace}"
    publisher            = "Microsoft.Azure.ServiceFabric"
    type                 = "ServiceFabricLinuxNode"
    type_handler_version = "1.0"
    settings             = "{  \"certificate\": { \"thumbprint\": \"${var.cert_thumbprint}\", \"x509StoreName\": \"My\" } , \"clusterEndpoint\": \"${azurerm_service_fabric_cluster.sf_service.cluster_endpoint}\", \"nodeTypeRef\": \"app\", \"durabilityLevel\": \"${var.sf_reliability}\",\"nicPrefixOverride\": \"${azurerm_subnet.sf_vnet_subnet.address_prefix}\",\"enableParallelJobs\": \"true\"}"
    protected_settings   = "{\"StorageAccountKey1\": \"${azurerm_storage_account.sf_storage.primary_access_key}\", \"StorageAccountKey2\": \"${azurerm_storage_account.sf_storage.secondary_access_key}\"}"
  }

data "template_file" "cloud_init_config_app" {
  count    = "${var.is_sf_cluster_required}"
  template = "${file("customscripts/cloud_init.sh")}"

  vars {
    azure_tenant_id     = "771c9c47-7f24-44dc-958e-34f8713a8394"
    azure_client_id     = "${var.client_id}"
    azure_client_secret = "${var.client_secret}"
  }
}

在扩展部分的受保护设置下，我引用了使用以下代码创建的存储帐户的主密钥和辅助密钥：

resource "azurerm_storage_account" "sf_storage" {
  count                    = "${var.is_sf_cluster_required}"
  name                     = "${replace(replace(lower(terraform.workspace), "-", ""), " ", "")}-sf-diag-${substr(random_id.server.hex,0,4)}"
  resource_group_name      = "${azurerm_resource_group.fusion.name}"
  location                 = "${azurerm_resource_group.fusion.location}"
  account_tier             = "Standard"
  account_kind             = "StorageV2"
  account_replication_type = "LRS"
}

变量：var.is_sf_cluster_required 设置为 1，当我尝试运行 Terraform 时，每次都会收到以下错误：

------------------------------------------------------------------------

Error: Error running plan: 2 error(s) occurred:

* azurerm_virtual_machine_scale_set.sf_scale_set_app: 1 error(s) occurred:

* azurerm_virtual_machine_scale_set.sf_scale_set_app: Resource 'azurerm_storage_account.sf_storage' not found for variable 'azurerm_storage_account.sf_storage.primary_access_key'

我不明白为什么 Terraform 无法找到资源：azurerm_storage_account.sf_storage 虽然它应该使用存储帐户创建代码块来创建它。

我真的很感激这里的任何帮助。

【问题讨论】：

不确定，也许您可以尝试使用Explicit Dependencies，这取决于azurerm_virtual_machine_scale_set 中的存储帐户。此外，您可以检查您的 terraform 代码的格式。
@CharlesXu 非常感谢您的回复。我找到了实际问题，将在下面添加答案。

标签： azure azure-storage terraform terraform-provider-azure

【解决方案1】：

我发现了实际问题，它与存储帐户的名称有关。存储帐户不应包含任何特殊字符，并且在上面的代码中，我在名称中使用了“-”。此外，允许的字符数也有限制。从

更改存储帐户名称

 name= "${replace(replace(lower(terraform.workspace), "-", ""), " ", "")}-sf-diag-${substr(random_id.server.hex,0,4)}"

到：

 name= "sfdiag${substr(random_id.server.hex,0,4)}"

解决了这个问题，但它也揭示了一个事实，即 Terraform for Azure 提供程序中的异常处理需要一些工作。我将为此打开另一个 Github 错误。

【讨论】：