terraform-provider-azure - 通过 Terraform 与特定服务主体的 Azure DevOps 服务连接
问题描述
我使用 Terraform 在我的 Azure 订阅中创建了服务主体和应用注册:
resource "azuread_application" "terraform_app" {
display_name = "testbed"
}
resource "azuread_service_principal" "terraform" {
application_id = azuread_application.terraform_app.application_id
app_role_assignment_required = false
tags = ["HideApp", "WindowsAzureActiveDirectoryIntegratedApp"]
}
我还为应用注册创建了一个证书:
resource "azurerm_key_vault_certificate" "terraform_application" {
name = "terraform-application"
key_vault_id = azurerm_key_vault.terraform_key_vault.id
# ...
}
我想在这里使用这个服务主体或一个新的:
resource "azuredevops_serviceendpoint_azurerm" "devops" {
project_id = "HARD_CODED_ID"
service_endpoint_name = "ARM: ${data.azurerm_subscription.current.display_name}"
azurerm_spn_tenantid = data.azurerm_subscription.current.tenant_id
azurerm_subscription_id = data.azurerm_subscription.current.id
azurerm_subscription_name = data.azurerm_subscription.current.display_name
credentials {
serviceprincipalid = azuread_service_principal.terraform.id
serviceprincipalkey = "?????"
}
}
如何使用现有证书或创建用于azuredevops_serviceendpoint_azurerm.credentials块的 SP 密钥?
解决方案
我知道了。我犯了一个我没有注意到的巨大错字:
resource "azuread_application_password" "terraform_app" {
application_object_id = azuread_application.terraform_app.object_id
display_name = "primary"
}
resource "azuredevops_serviceendpoint_azurerm" "devops" {
project_id = "HARD_CODED_ID"
service_endpoint_name = "ARM: ${data.azurerm_subscription.current.display_name}"
description = "Terraform Service Connection for infrastructure work"
azurerm_spn_tenantid = data.azurerm_subscription.current.tenant_id
azurerm_subscription_id = data.azurerm_subscription.current.subscription_id
azurerm_subscription_name = data.azurerm_subscription.current.display_name
credentials {
serviceprincipalid = azuread_service_principal.terraform.object_id
serviceprincipalkey = azuread_application_password.terraform_app.value
}
}
推荐阅读
- java - Querydsl InvalidDataAccessApiUsageException when using CaseBuilder
- javascript - how to get the position of an element in unordered list
- jquery - 使用 jQuery 和 CSS3 的带有进度条的多步表单不起作用
- python - 如何在 Sklearn 的随机森林分类器中将训练模型用于另一个数据集?
- python - 在 Python 中将多页 TIFF 作为单独的图像导入
- javascript - 将嵌套的 JSON 作为树动态显示为带有切换的列表
- python - Invalid JSON payload received. Unknown name at 'requests[1].paste_data.data': Cannot find field
- java - Spring Data Cassandra 找不到实体类
- string - 在 Perl vol 2 中查找两个 Unicode 字符串之间差异的快速方法
- angularjs - 如何在 Visual Studio Code 中调试 AngularJS 应用程序