Terraform Azure 提供程序 - 容器的 Azure 公共访问级别

【问题标题】:Terraform Azure provider - Azure Public access level for containersTerraform Azure 提供程序 - 容器的 Azure 公共访问级别
【发布时间】:2020-09-10 08:00:49
【问题描述】:

我正在尝试将 container_access_type 值从“private”更改,但我不断收到错误消息。

我可以从 Azure UI 执行此操作。 Terraform 代码中可能缺少某些内容。

请帮忙,谢谢。

provider "azurerm" {
version = "=2.25.0"
features {}
}

resource "azurerm_resource_group" "storage" {
  name     = "tfstorageresourcegroup"
  location = "North Europe"
}

resource "azurerm_storage_account" "account" {
  name = "${azurerm_resource_group.storage.name}"
  location = "${azurerm_resource_group.storage.location}"
  account_tier = "Standard"
  resource_group_name = "${azurerm_resource_group.storage.name}"
  account_replication_type = "LRS"
  enable_https_traffic_only = true
  allow_blob_public_access = true
}


resource "azurerm_storage_container" "container" {
    name = "tftestcontainer"
    storage_account_name = "${azurerm_storage_account.account.name}"
    container_access_type = "container"
}

resource "azurerm_storage_blob" "blob" {
    name = "tftestblob"
    storage_account_name = "${azurerm_storage_account.account.name}"
    storage_container_name = "${azurerm_storage_container.container.name}"
    type = "Page"
    size = "5120"
}

错误:更新容器的访问控制时出错 “tftestcontainer”(存储帐户“tfstorageresourcegroup”/资源 组“tfstorageresourcegroup”):containers.Client#SetAccessControl: 发送请求失败:StatusCode=409 – 原始错误: autorest/azure:服务返回错误。状态= Code=“PublicAccessNotPermitted” Message=“公共访问不可用 允许在此存储上 帐户。\nRequestId:80d021ca-501e-009f-4aa6-86a404000000\nTime:2020-09-09T12:38:47.5769058Z”

【问题讨论】:

  • 代码没问题,你的Azure账号权限是多少?
  • 我应该可以在帐户中做任何事情。
  • 那么你的Azure账号的权限是什么?是吗?
  • 会员。我在哪里可以查看我在帐户中的权限?
  • 在 Azure 门户中找到您的 Azure 帐户,查看角色分配。

标签: azure containers terraform-provider-azure


【解决方案1】:

这可能是开放的issue

因此,如果您的存储帐户中有network_rules

采取网络规则依赖于容器,意思是先创建容器,然后应用网络规则。 非工作示例代码:

resource "azurerm_storage_account" "terraform_storage" {
  name = var.storage_account_name
  resource_group_name = var.rg_name
  location = var.region
  account_tier = "Standard"
  account_replication_type = "GRS"
  account_kind = "Storage"

  network_rules {
    default_action = "Deny"
    virtual_network_subnet_ids = [data.azurerm_subnet.publicsubnet.id]
  }
}

# Create container
resource "azurerm_storage_container" "filestore" {
  name                  = "filestore"
  storage_account_name  = azurerm_storage_account.sa.name
  container_access_type = "private"
}

工作示例代码:

# Storage account
resource "azurerm_storage_account" "sa" {
  name                = local.storage_account_name
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location

  account_kind             = var.storage_account_kind
  account_tier             = var.storage_account_tier
  account_replication_type = var.storage_account_replication_type

  enable_https_traffic_only = "true"

  tags = local.tags
}

# Create container
resource "azurerm_storage_container" "filestore" {
  name                  = "filestore"
  storage_account_name  = azurerm_storage_account.sa.name
  container_access_type = "private"
}

# SA Network rules
resource "azurerm_storage_account_network_rules" "netrules" {
  resource_group_name  = azurerm_resource_group.rg.name
  storage_account_name = azurerm_storage_account.sa.name

  default_action = "Deny"
  bypass = [
    "Metrics",
    "Logging",
    "AzureServices"
  ]

  depends_on = [
    azurerm_storage_container.filestore,
  ]
}

Reference

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 2021-03-29
    • 1970-01-01
    • 2020-08-31
    • 2023-01-19
    • 2018-03-30
    • 2013-12-31
    • 2020-04-05
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode