使用 Terraform 获取与 Azure 应用程序注册相关的错误
Getting Error related to Azure App Registration using Terraform
我正在尝试使用 Terraform 进行 Azure AD 应用程序注册
我的代码如下
locals {
app_roles = {
application-administrator = {
display_name = "Application administrator"
description = "Application administrators have the ability to administer the application."
allowed_member_types = ["User", "Application"]
}
BusinessAdmin = {
display_name = "BusinessAdmin"
description = "Business Administrator"
allowed_member_types = ["User"]
}
mulesoft-integration = {
display_name = "Mulesoft Integration"
description = "Allows MuleSoft Integration to talk to the APIs."
allowed_member_types = ["Application"]
}
}
oauth2_permissions = {
read-and-write = {
user_consent_description = "read-and-write"
admin_consent_display_name = "Read and write data"
admin_consent_description = "Allows the app to read and write data"
user_consent_display_name = "Allows the app to read and write data"
type = "User"
}
}
}
data "azuread_application_published_app_ids" "well_known" {}
data "azuread_service_principal" "msgraph" {
application_id = data.azuread_application_published_app_ids.well_known.result.MicrosoftGraph
}
resource "random_uuid" "prodstats" {}
resource "azuread_application" "app_prodstats" {
display_name = format("app-%s-%s", var.project.name, var.project.environment.name)
owners = [data.azuread_client_config.default.object_id]
identifier_uris = [format("https://contoso.onmicrosoft.com/%s-%s", var.project.name, var.project.environment.name)]
api {
oauth2_permission_scope {
admin_consent_description = "Allows the app to read and write data"
admin_consent_display_name = local.oauth2_permissions.read-and-write.admin_consent_display_name
enabled = true
id = random_uuid.prodstats.result
type = "User"
value = "read-and-write"
}
}
dynamic "app_role" {
for_each = local.app_roles
content {
allowed_member_types = app_role.value.allowed_member_types
description = app_role.value.description
display_name = app_role.value.display_name
enabled = true
id = app_role.value.id
value = app_role.key
}
}
web {
logout_url = format("https://app-%s-%s", var.project.name, var.project.environment.name)
redirect_uris = []
implicit_grant {
access_token_issuance_enabled = true
id_token_issuance_enabled = true
}
}
required_resource_access {
resource_app_id = data.azuread_application_published_app_ids.well_known.result.MicrosoftGraph
resource_access {
id = data.azuread_service_principal.msgraph.app_role_ids["User.Read.All"]
type = "Role"
}
}
}
我收到与 id 相关的错误:
Error: Unsupported attribute
│
│ on resources.appreg.tf line 27, in resource "azuread_application" "app_prodstats":
│ 27: id = app_role.value.id
│ ├────────────────
│ │ app_role.value is object with 3 attributes
│
│ This object does not have an attribute named "id".
╵
╷
│ Error: Unsupported attribute
│
│ on resources.appreg.tf line 27, in resource "azuread_application" "app_prodstats":
│ 27: id = app_role.value.id
│ ├────────────────
│ │ app_role.value is object with 3 attributes
│
│ This object does not have an attribute named "id".
╵
╷
│ Error: Unsupported attribute
│
│ on resources.appreg.tf line 27, in resource "azuread_application" "app_prodstats":
│ 27: id = app_role.value.id
│ ├────────────────
│ │ app_role.value is object with 3 attributes
│
│ This object does not have an attribute named "id".
╵
即使我给出 id = app_role.value.app_role_ids,我也会得到 app_role_ids 不是正确属性的错误。
知道我应该在 app_role 中输入什么吗?
如果我输入 id = random_uuid.prod.result,我得到的错误是它是重复的 ID
│ 错误:检查重复应用程序角色/OAuth2.0 权限范围:验证失败:找到重复 ID:“635bfe4c-29a5-4497-925b-2a9af3bf84a3”│ │ with azuread_application.app_prodstats,│ on resources.appreg.tf 第 5 行,在资源“azuread_application”“app_prodstats”中:│ 5: 资源“azuread_application”“app_prodstats”{
来自TF docs, the random_uuid
ID can be random_uuid:
resource "random_uuid" "id" {
for_each = local.app_roles
}
然后
dynamic "app_role" {
for_each = local.app_roles
content {
allowed_member_types = app_role.value.allowed_member_types
description = app_role.value.description
display_name = app_role.value.display_name
enabled = true
id = random_uuid.id[each.key].result
value = app_role.key
}
}
我正在尝试使用 Terraform 进行 Azure AD 应用程序注册
我的代码如下
locals {
app_roles = {
application-administrator = {
display_name = "Application administrator"
description = "Application administrators have the ability to administer the application."
allowed_member_types = ["User", "Application"]
}
BusinessAdmin = {
display_name = "BusinessAdmin"
description = "Business Administrator"
allowed_member_types = ["User"]
}
mulesoft-integration = {
display_name = "Mulesoft Integration"
description = "Allows MuleSoft Integration to talk to the APIs."
allowed_member_types = ["Application"]
}
}
oauth2_permissions = {
read-and-write = {
user_consent_description = "read-and-write"
admin_consent_display_name = "Read and write data"
admin_consent_description = "Allows the app to read and write data"
user_consent_display_name = "Allows the app to read and write data"
type = "User"
}
}
}
data "azuread_application_published_app_ids" "well_known" {}
data "azuread_service_principal" "msgraph" {
application_id = data.azuread_application_published_app_ids.well_known.result.MicrosoftGraph
}
resource "random_uuid" "prodstats" {}
resource "azuread_application" "app_prodstats" {
display_name = format("app-%s-%s", var.project.name, var.project.environment.name)
owners = [data.azuread_client_config.default.object_id]
identifier_uris = [format("https://contoso.onmicrosoft.com/%s-%s", var.project.name, var.project.environment.name)]
api {
oauth2_permission_scope {
admin_consent_description = "Allows the app to read and write data"
admin_consent_display_name = local.oauth2_permissions.read-and-write.admin_consent_display_name
enabled = true
id = random_uuid.prodstats.result
type = "User"
value = "read-and-write"
}
}
dynamic "app_role" {
for_each = local.app_roles
content {
allowed_member_types = app_role.value.allowed_member_types
description = app_role.value.description
display_name = app_role.value.display_name
enabled = true
id = app_role.value.id
value = app_role.key
}
}
web {
logout_url = format("https://app-%s-%s", var.project.name, var.project.environment.name)
redirect_uris = []
implicit_grant {
access_token_issuance_enabled = true
id_token_issuance_enabled = true
}
}
required_resource_access {
resource_app_id = data.azuread_application_published_app_ids.well_known.result.MicrosoftGraph
resource_access {
id = data.azuread_service_principal.msgraph.app_role_ids["User.Read.All"]
type = "Role"
}
}
}
我收到与 id 相关的错误:
Error: Unsupported attribute
│
│ on resources.appreg.tf line 27, in resource "azuread_application" "app_prodstats":
│ 27: id = app_role.value.id
│ ├────────────────
│ │ app_role.value is object with 3 attributes
│
│ This object does not have an attribute named "id".
╵
╷
│ Error: Unsupported attribute
│
│ on resources.appreg.tf line 27, in resource "azuread_application" "app_prodstats":
│ 27: id = app_role.value.id
│ ├────────────────
│ │ app_role.value is object with 3 attributes
│
│ This object does not have an attribute named "id".
╵
╷
│ Error: Unsupported attribute
│
│ on resources.appreg.tf line 27, in resource "azuread_application" "app_prodstats":
│ 27: id = app_role.value.id
│ ├────────────────
│ │ app_role.value is object with 3 attributes
│
│ This object does not have an attribute named "id".
╵
即使我给出 id = app_role.value.app_role_ids,我也会得到 app_role_ids 不是正确属性的错误。 知道我应该在 app_role 中输入什么吗?
如果我输入 id = random_uuid.prod.result,我得到的错误是它是重复的 ID
│ 错误:检查重复应用程序角色/OAuth2.0 权限范围:验证失败:找到重复 ID:“635bfe4c-29a5-4497-925b-2a9af3bf84a3”│ │ with azuread_application.app_prodstats,│ on resources.appreg.tf 第 5 行,在资源“azuread_application”“app_prodstats”中:│ 5: 资源“azuread_application”“app_prodstats”{
来自TF docs, the random_uuid
ID can be random_uuid:
resource "random_uuid" "id" {
for_each = local.app_roles
}
然后
dynamic "app_role" {
for_each = local.app_roles
content {
allowed_member_types = app_role.value.allowed_member_types
description = app_role.value.description
display_name = app_role.value.display_name
enabled = true
id = random_uuid.id[each.key].result
value = app_role.key
}
}