尝试 运行 Terraform Apply 时出错,Web 应用程序身份验证错误
Error while trying to run Terraform Apply , Web App Authentication Error
我在尝试 运行 Terraform Apply 时遇到以下错误。
Error: updating Authentication Settings for App Service "app-cont-sa-fe-predev-cus-bb2e": web.AppsClient#UpdateAuthSettings: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="Cannot execute the request for site app-cont-sa-fe-predev-cus-bb2e because the site is running on auth version v2." Details=[{"Message":"Cannot execute the request for site app-cont-sa-fe-predev-cus-bb2e because the site is running on auth version v2."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"04534","Message":"Cannot execute the request for site app-cont-sa-fe-predev-cus-bb2e because the site is running on auth version v2.","MessageTemplate":"Cannot execute the request for site {0} because the site is running on auth version {1}.","Parameters":["app-cont-sa-fe-predev-cus-bb2e","v2"]}}]
│
│ with azurerm_app_service.fe,
│ on resources.app.tf line 59, in resource "azurerm_app_service" "fe":
│ 59: resource "azurerm_app_service" "fe" {
任何人都可以告诉我我需要在下面的资源块中更改什么,这样我就不会收到错误消息。谢谢
resource "azurerm_app_service" "fe" {
location = module.resourcegroup.resource_group.location
resource_group_name = module.resourcegroup.resource_group.name
tags = module.resourcegroup.resource_group.tags
app_service_plan_id = azurerm_app_service_plan.default.id
name = module.names-web-app-fe.location.app_service.name_unique
identity { type = "SystemAssigned" }
auth_settings {
enabled = true
default_provider = "AzureActiveDirectory"
issuer = format("https://sts.windows.net/%s/", data.azurerm_client_config.default.tenant_id)
runtime_version = "~1"
token_store_enabled = true
unauthenticated_client_action = "RedirectToLoginPage"
additional_login_params = {
"response_type" = "code id_token",
"resource" = azuread_application.app-fe.application_id
}
active_directory {
client_id = azuread_application.app-fe.object_id
client_secret = azuread_application_password.fe-app-sp-secret.application_object_id
allowed_audiences = [format("https://%s.azurewebsites.net", module.names-web-app-fe.location.app_service.name_unique)]
}
}
site_config {
always_on = true
app_command_line = ""
default_documents = []
dotnet_framework_version = "v4.0"
ftps_state = "Disabled"
health_check_path = ""
http2_enabled = true
linux_fx_version = "STATICSITE|1.0"
local_mysql_enabled = false
managed_pipeline_mode = "Integrated"
min_tls_version = "1.2"
#pre_warmed_instance_count = 0
python_version = "3.4"
remote_debugging_enabled = false
remote_debugging_version = "VS2019"
use_32_bit_worker_process = false
websockets_enabled = false
windows_fx_version = ""
cors {
allowed_origins = []
support_credentials = false
}
}
app_settings = {
"WEBSITE_DNS_SERVER" = "168.63.129.16"
"WEBSITE_VNET_ROUTE_ALL" = "1"
}
}
我猜 Azure 端 wrt 身份验证发生了变化,因此我收到了这个错误。
Terraform 使用 Auth V1 Settings 而不是对 Web 应用程序使用 Auth V2 setting。目前只有 Azure CLI cmdlet and ARM Templates allow the auth_settings_v2 to be configured. This might be available in the upcoming version of azurerm provider i.e. v3.0.0 如 功能详情:应用的新数据源/资源服务和功能应用程序 .
至于您收到的错误,我尝试使用与您的代码类似的代码在 Azure 中创建应用服务,但在初始创建时它没有提供任何错误,但是在我进入门户并在身份验证设置下,我将身份验证设置升级到 v2。我在尝试从 terraform 更新应用程序时开始收到相同的错误,如下所示:
为了避免错误,如果您使用 Terraform 创建和管理 Web 应用程序,请不要升级 Web 身份验证设置。
我在尝试 运行 Terraform Apply 时遇到以下错误。
Error: updating Authentication Settings for App Service "app-cont-sa-fe-predev-cus-bb2e": web.AppsClient#UpdateAuthSettings: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="Cannot execute the request for site app-cont-sa-fe-predev-cus-bb2e because the site is running on auth version v2." Details=[{"Message":"Cannot execute the request for site app-cont-sa-fe-predev-cus-bb2e because the site is running on auth version v2."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"04534","Message":"Cannot execute the request for site app-cont-sa-fe-predev-cus-bb2e because the site is running on auth version v2.","MessageTemplate":"Cannot execute the request for site {0} because the site is running on auth version {1}.","Parameters":["app-cont-sa-fe-predev-cus-bb2e","v2"]}}]
│
│ with azurerm_app_service.fe,
│ on resources.app.tf line 59, in resource "azurerm_app_service" "fe":
│ 59: resource "azurerm_app_service" "fe" {
任何人都可以告诉我我需要在下面的资源块中更改什么,这样我就不会收到错误消息。谢谢
resource "azurerm_app_service" "fe" {
location = module.resourcegroup.resource_group.location
resource_group_name = module.resourcegroup.resource_group.name
tags = module.resourcegroup.resource_group.tags
app_service_plan_id = azurerm_app_service_plan.default.id
name = module.names-web-app-fe.location.app_service.name_unique
identity { type = "SystemAssigned" }
auth_settings {
enabled = true
default_provider = "AzureActiveDirectory"
issuer = format("https://sts.windows.net/%s/", data.azurerm_client_config.default.tenant_id)
runtime_version = "~1"
token_store_enabled = true
unauthenticated_client_action = "RedirectToLoginPage"
additional_login_params = {
"response_type" = "code id_token",
"resource" = azuread_application.app-fe.application_id
}
active_directory {
client_id = azuread_application.app-fe.object_id
client_secret = azuread_application_password.fe-app-sp-secret.application_object_id
allowed_audiences = [format("https://%s.azurewebsites.net", module.names-web-app-fe.location.app_service.name_unique)]
}
}
site_config {
always_on = true
app_command_line = ""
default_documents = []
dotnet_framework_version = "v4.0"
ftps_state = "Disabled"
health_check_path = ""
http2_enabled = true
linux_fx_version = "STATICSITE|1.0"
local_mysql_enabled = false
managed_pipeline_mode = "Integrated"
min_tls_version = "1.2"
#pre_warmed_instance_count = 0
python_version = "3.4"
remote_debugging_enabled = false
remote_debugging_version = "VS2019"
use_32_bit_worker_process = false
websockets_enabled = false
windows_fx_version = ""
cors {
allowed_origins = []
support_credentials = false
}
}
app_settings = {
"WEBSITE_DNS_SERVER" = "168.63.129.16"
"WEBSITE_VNET_ROUTE_ALL" = "1"
}
}
我猜 Azure 端 wrt 身份验证发生了变化,因此我收到了这个错误。
Terraform 使用 Auth V1 Settings 而不是对 Web 应用程序使用 Auth V2 setting。目前只有 Azure CLI cmdlet and ARM Templates allow the auth_settings_v2 to be configured. This might be available in the upcoming version of azurerm provider i.e. v3.0.0 如 功能详情:应用的新数据源/资源服务和功能应用程序 .
至于您收到的错误,我尝试使用与您的代码类似的代码在 Azure 中创建应用服务,但在初始创建时它没有提供任何错误,但是在我进入门户并在身份验证设置下,我将身份验证设置升级到 v2。我在尝试从 terraform 更新应用程序时开始收到相同的错误,如下所示:
为了避免错误,如果您使用 Terraform 创建和管理 Web 应用程序,请不要升级 Web 身份验证设置。