尝试运行 Terraform Apply 时出错，Web 应用程序身份验证错误

Question

我在尝试运行 Terraform Apply 时收到以下错误。

\n

Error: updating Authentication Settings for App Service "app-cont-sa-fe-predev-cus-bb2e": web.AppsClient#UpdateAuthSettings: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="Cannot execute the request for site app-cont-sa-fe-predev-cus-bb2e because the site is running on auth version v2." Details=[{"Message":"Cannot execute the request for site app-cont-sa-fe-predev-cus-bb2e because the site is running on auth version v2."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"04534","Message":"Cannot execute the request for site app-cont-sa-fe-predev-cus-bb2e because the site is running on auth version v2.","MessageTemplate":"Cannot execute the request for site {0} because the site is running on auth version {1}.","Parameters":["app-cont-sa-fe-predev-cus-bb2e","v2"]}}]\n    \xe2\x94\x82 \n    \xe2\x94\x82   with azurerm_app_service.fe,\n    \xe2\x94\x82   on resources.app.tf line 59, in resource "azurerm_app_service" "fe":\n    \xe2\x94\x82   59: resource "azurerm_app_service" "fe" {\n

\n

谁能告诉我需要在下面的资源块中更改什么，这样我就不会收到错误。谢谢

\n

resource "azurerm_app_service" "fe" {\n  location            = module.resourcegroup.resource_group.location\n  resource_group_name = module.resourcegroup.resource_group.name\n  tags                = module.resourcegroup.resource_group.tags\n  app_service_plan_id = azurerm_app_service_plan.default.id\n  name                = module.names-web-app-fe.location.app_service.name_unique\n  identity { type = "SystemAssigned" }\n  auth_settings {\n    enabled                       = true\n    default_provider              = "AzureActiveDirectory"\n    issuer                        = format("https://sts.windows.net/%s/", data.azurerm_client_config.default.tenant_id)\n    runtime_version               = "~1"\n    token_store_enabled           = true\n    unauthenticated_client_action = "RedirectToLoginPage"\n    additional_login_params = {\n      "response_type" = "code id_token",\n      "resource"      = azuread_application.app-fe.application_id\n    }\n    active_directory {\n      client_id         = azuread_application.app-fe.object_id\n      client_secret     = azuread_application_password.fe-app-sp-secret.application_object_id\n      allowed_audiences = [format("https://%s.azurewebsites.net", module.names-web-app-fe.location.app_service.name_unique)]\n    }\n  }\n  site_config {\n    always_on                = true\n    app_command_line         = ""\n    default_documents        = []\n    dotnet_framework_version = "v4.0"\n    ftps_state               = "Disabled"\n    health_check_path        = ""\n    http2_enabled            = true\n    linux_fx_version         = "STATICSITE|1.0"\n    local_mysql_enabled      = false\n    managed_pipeline_mode    = "Integrated"\n    min_tls_version          = "1.2"\n    #pre_warmed_instance_count = 0\n    python_version            = "3.4"\n    remote_debugging_enabled  = false\n    remote_debugging_version  = "VS2019"\n    use_32_bit_worker_process = false\n    websockets_enabled        = false\n    windows_fx_version        = ""\n    cors {\n      allowed_origins     = []\n      support_credentials = false\n    }\n  }\n  app_settings = {\n    "WEBSITE_DNS_SERVER"     = "168.63.129.16"\n    "WEBSITE_VNET_ROUTE_ALL" = "1"\n  }\n}\n

\n

我猜想 Azure 端 wrt 身份验证发生了变化，因此我收到此错误。

\n

Answer 1

Terraform使用Auth V1 Settings而不是用于Auth V2 settingWeb 应用程序。目前仅Azure CLI cmdlet允许ARM Templates配置auth_settings_v2。这可能在功能详细信息：应用程序服务和功能应用程序的新数据源/资源upcoming version of azurerm provider i.e. v3.0.0中提到。

至于您遇到的错误，我尝试使用与您类似的代码在Azure中创建应用程序服务，它在初始创建中没有提供任何错误，但在我进入门户并在身份验证设置下后，我升级了身份验证设置到 v2 。我在尝试从 terraform 更新应用程序时开始收到相同的错误，如下所示：

为了避免该错误，如果您使用 terraform 创建和管理 Web 应用程序，请不要升级 Web 身份验证设置。