Terraform 部署 azure 函数导致“无法下载 ZIP FILE.txt”

Question

我正在尝试使用 terraform 部署 azure 函数，但我一直只得到一个名为“FAILED TO DOWNLOAD ZIP FILE.txt”的文件，而不是实际部署的函数。

如果我粘贴从 azure 提取的实际 SAS blob 字符串（来自以前部署的存储帐户），它可以工作，但 terraform 脚本失败。 zip 文件似乎已正确部署到 blob。

我在这里复制粘贴了这个例子：http://vgaltes.com/post/deploying-azure-functions-using-terraform/

我是 terraform 的新手，所以这里可能缺少一些明显的东西......

 resource "azurerm_resource_group" "rg" {
 name = "myName"
 location = "northEurope"
}

resource "random_string" "storage_name" {
 length = 16
 special = false
 upper = false
}
resource "random_string" "function_name" {
 length = 16
 special = false
 upper = false
}
resource "random_string" "app_service_plan_name" {
 length = 16
 special = false
}

resource "azurerm_storage_account" "storage" {
 name = "${random_string.storage_name.result}"
 resource_group_name = "${azurerm_resource_group.rg.name}"
 location = "${azurerm_resource_group.rg.location}"
 account_tier = "Standard"
 account_replication_type = "LRS"
}
resource "azurerm_storage_container" "storage_container" {
 name = "func"
 resource_group_name = "${azurerm_resource_group.rg.name}"
 storage_account_name = "${azurerm_storage_account.storage.name}"
 container_access_type = "blob"
}

resource "azurerm_storage_blob" "storage_blob" {
 name = "HelloWorld.zip"
 resource_group_name = "${azurerm_resource_group.rg.name}"
 storage_account_name = "${azurerm_storage_account.storage.name}"
 storage_container_name = "${azurerm_storage_container.storage_container.name}"
 type = "block"
 source = "./../FunctionAppZip/HelloWorld.zip"
}
data "azurerm_storage_account_sas" "storage_sas" {
 connection_string = "${azurerm_storage_account.storage.primary_connection_string}"
 https_only = false
resource_types {
 service = false
 container = false
 object = true
 }
services {
 blob = true
 queue = true
 table = true
 file = true
 }
start = "2019–05–21"
 expiry = "2029–05–21"
permissions {
 read = true
 write = true
 delete = true
 list = true
 add = true
 create = true
 update = true
 process = true
 }
}

resource "azurerm_app_service_plan" "plan" {
 name = "${random_string.app_service_plan_name.result}"
 location = "${azurerm_resource_group.rg.location}"
 resource_group_name = "${azurerm_resource_group.rg.name}"
 kind = "functionapp"
sku {
 tier = "Dynamic"
 size = "Y1"
 }
}

resource "azurerm_function_app" "function" {
  name = "${random_string.storage_name.result}"
  location = "${azurerm_resource_group.rg.location}"
  resource_group_name = "${azurerm_resource_group.rg.name}"
  app_service_plan_id = "${azurerm_app_service_plan.plan.id}"
  storage_connection_string = "${azurerm_storage_account.storage.primary_connection_string}"
  app_settings {
    FUNCTIONS_WORKER_RUNTIME = "dotnet"
    FUNCTION_APP_EDIT_MODE = "readwrite"
    https_only = false
    HASH = "${base64sha256(file("./../FunctionAppZip/HelloWorld.zip"))}"
    WEBSITE_RUN_FROM_PACKAGE = 1    
    WEBSITE_USE_ZIP = "https://${azurerm_storage_account.storage.name}.blob.core.windows.net/${azurerm_storage_container.storage_container.name}/${azurerm_storage_blob.storage_blob.name}${data.azurerm_storage_account_sas.storage_sas.sas}"
  }
}

当我下载 azure 函数内容时，它只是一个名为“FAILED TO DOWNLOAD ZIP FILE.txt”的文件

包含这个：

% Total % Received % Xferd 平均速度 时间 时间 时间 当前 下载上传总花费的剩余速度

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (22) The requested URL returned error: 403 Server failed to authenticate the request。确保 Authorization 标头的值格式正确，包括签名。

任何建议我做错了什么？

Answer 1

我遇到了同样的问题 - 您的 WEBSITE_USE_ZIP 值 https://${azurerm_storage_account.storage.name}.blob.core.windows.net/${azurerm_storage_container.storage_container.name}/${azurerm_storage_blob.storage_blob.name}${data.azurerm_storage_account_sas.storage_sas.sas} 中的值是阻止函数应用访问源代码压缩包的值。如果您在控制台门户中生成访问 URL，它将起作用。但由于某种原因 - 我还没有解决 - 由于签名字段格式错误，terraform 模板生成的值不会授予访问权限。