时间戳

首页 > 解决方案 > 使用 terraform 配置程序“local-exec”运行 shell 脚本在 Azure DevOps 中返回权限被拒绝返回权限被拒绝

azure - 使用 terraform 配置程序“local-exec”运行 shell 脚本在 Azure DevOps 中返回权限被拒绝返回权限被拒绝

问题描述

我正在尝试使用带有 null_resource 和 local-exec 的 pat 令牌来提供数据块。这是代码块:

resource "null_resource" "databricks_token" {
  triggers = {
    workspace = azurerm_databricks_workspace.databricks.id
    key_vault_access = azurerm_key_vault_access_policy.terraform.id
  }
  provisioner "local-exec" {
    command = "${path.cwd}/generate-pat-token.sh"
    environment = {
      RESOURCE_GROUP = var.resource_group_name
      DATABRICKS_WORKSPACE_RESOURCE_ID = azurerm_databricks_workspace.databricks.id
      KEY_VAULT = azurerm_key_vault.databricks_token.name
      SECRET_NAME = "DATABRICKS-TOKEN"
      DATABRICKS_ENDPOINT = "https://westeurope.azuredatabricks.net"
    }
  }
}

但是,我收到以下错误:

2020-02-26T19:41:51.9455473Z [0m[1mnull_resource.databricks_token: Provisioning with 'local-exec'...[0m[0m
2020-02-26T19:41:51.9458257Z [0m[0mnull_resource.databricks_token (local-exec): Executing: ["/bin/sh" "-c" "/home/vsts/work/r1/a/_Infrastructure/Infrastructure/ei-project/devtest/generate-pat-token.sh"]
2020-02-26T19:41:51.9480441Z [0m[0mnull_resource.databricks_token (local-exec): /bin/sh: 1: /home/vsts/work/r1/a/_Infrastructure/Infrastructure/ei-project/devtest/generate-pat-token.sh: Permission denied
2020-02-26T19:41:51.9481502Z [0m[0m
2020-02-26T19:41:52.0386092Z [31m
2020-02-26T19:41:52.0399075Z [1m[31mError: [0m[0m[1mError running command '/home/vsts/work/r1/a/_Infrastructure/Infrastructure/ei-project/devtest/generate-pat-token.sh': exit status 126. Output: /bin/sh: 1: /home/vsts/work/r1/a/_Infrastructure/Infrastructure/ei-project/devtest/generate-pat-token.sh: Permission denied
2020-02-26T19:41:52.0401076Z [0m
2020-02-26T19:41:52.0401373Z 
2020-02-26T19:41:52.0401978Z [0m[0m[0m

旁注,这是 Azure DevOps

知道如何解决权限被拒绝的问题吗?

标签: azureazure-devopsshterraformazure-databricks

解决方案

此问题的根源在于 Azure DevOps 如何存储工件和存储库。这是他们文档中的一个片段,解释了为什么会发生这种情况。

https://docs.microsoft.com/en-us/azure/devops/pipelines/artifacts/build-artifacts?view=azure-devops&tabs=yaml#download-to-debug

在 TIPS 部分下,您将看到以下内容:

  • 构建工件存储在 Windows 文件系统上,这会导致所有 UNIX 权限丢失,包括执行位。从 Azure Pipelines 或 TFS 下载项目后,你可能需要恢复正确的 UNIX 权限。

这意味着您下载的文件(在本例中为您的 shell 脚本)已擦除所有 unix 权限。为了解决这个问题,我添加了一个步骤,在执行 shell 脚本之前首先在 shell 脚本上设置适当的权限。请参阅下面的示例,其中我已将修复添加到您提供的代码中。

resource "null_resource" "databricks_token" {
  triggers = {
    workspace = azurerm_databricks_workspace.databricks.id
    key_vault_access = azurerm_key_vault_access_policy.terraform.id
  }
  provisioner "local-exec" {
    command = "chmod +x ${path.cwd}/generate-pat-token.sh; ${path.cwd}/generate-pat-token.sh"
    environment = {
      RESOURCE_GROUP = var.resource_group_name
      DATABRICKS_WORKSPACE_RESOURCE_ID = azurerm_databricks_workspace.databricks.id
      KEY_VAULT = azurerm_key_vault.databricks_token.name
      SECRET_NAME = "DATABRICKS-TOKEN"
      DATABRICKS_ENDPOINT = "https://westeurope.azuredatabricks.net"
    }
  }
}

命令部分将首先设置 shell 脚本的执行权限,然后执行它。

推荐阅读