gpt4 book ai didi

azure - 如何将 Azure 用户分配的托管标识添加到 Terraform 中的 Azure AD 组?

转载 作者:行者123 更新时间:2023-12-02 23:23:22 25 4
gpt4 key购买 nike

我正在尝试将用户分配的托管身份分配给 AAD 组。我有以下 Terraform 代码:​​

resource "azurerm_user_assigned_identity" "myid" {
name = "my_identity"
resource_group_name = azurerm_resource_group.somerg.name
location = azurerm_resource_group.somerg.location
}

data "azuread_group" "existinggroup" {
display_name = "existing_group"
security_enabled = true
}

resource "azuread_group_member" "mygrpmember" {
group_object_id = data.azuread_group.existinggroup.id
member_object_id = azurerm_user_assigned_identity.myid.id
}

计划操作期间,我收到以下错误:

Error: Value must be a valid UUID

当我将上述代码最后一行中的 myid.id 更改为 myid.principal_id 时,我在 apply 操作期间收到错误:

Error: Could not retrieve member principal object "4e83cd6b-d984-4484-8fb2-3ae6e1667ef9"
ODataId was nil

当我尝试使用myid.client_id时,我在apply期间得到了这个:

Error: Could not retrieve principal object "838c2662-5fe2-484c-bb52-f70994fa1d8b"
DirectoryObjects.BaseClient.Get(): Get "https://graph.microsoft.com/v1.0/5989ece0-f90e-40bf-9c79-1a7beccdb861/directoryObjects/838c2662-5fe2-484c-bb52-f70994fa1d8b": GET https://graph.microsoft.com/v1.0/5989ece0-f90e-40bf-9c79-1a7beccdb861/directoryObjects/838c2662-5fe2-484c-bb52-f70994fa1d8b giving up after 9 attempt(s)

我做错了什么?

最佳答案

如果您仅提供 myid.principal_id ,它将起作用。请使用最新版本,即 terraform 版本 v1.1.0azureread 版本 v2.13.0azurerm版本v2.89.0:

enter image description here

我在我的环境中测试了相同的代码,如下所示:

provider "azuread"{}

provider "azurerm"{
features {}
}
data "azurerm_resource_group" "somerg"{
name = "ansuman-resourcegroup"
}
resource "azurerm_user_assigned_identity" "myid" {
name = "ansuman-identity"
resource_group_name = data.azurerm_resource_group.somerg.name
location = data.azurerm_resource_group.somerg.location
}

data "azuread_group" "existinggroup" {
display_name = "TestQA"
security_enabled = true
}

resource "azuread_group_member" "mygrpmember" {
group_object_id = data.azuread_group.existinggroup.id
member_object_id = azurerm_user_assigned_identity.myid.principal_id
}

输出:

enter image description here

enter image description here

关于azure - 如何将 Azure 用户分配的托管标识添加到 Terraform 中的 Azure AD 组?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/70369099/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com