我正试图将container_access_type值从"private"更改为"private(私有(",但一直出现错误。
我可以从Azure UI执行此操作。Terraform代码中可能缺少某些内容。
请协助,谢谢。
provider "azurerm" {
version = "=2.25.0"
features {}
}
resource "azurerm_resource_group" "storage" {
name = "tfstorageresourcegroup"
location = "North Europe"
}
resource "azurerm_storage_account" "account" {
name = "${azurerm_resource_group.storage.name}"
location = "${azurerm_resource_group.storage.location}"
account_tier = "Standard"
resource_group_name = "${azurerm_resource_group.storage.name}"
account_replication_type = "LRS"
enable_https_traffic_only = true
allow_blob_public_access = true
}
resource "azurerm_storage_container" "container" {
name = "tftestcontainer"
storage_account_name = "${azurerm_storage_account.account.name}"
container_access_type = "container"
}
resource "azurerm_storage_blob" "blob" {
name = "tftestblob"
storage_account_name = "${azurerm_storage_account.account.name}"
storage_container_name = "${azurerm_storage_container.container.name}"
type = "Page"
size = "5120"
}
错误:更新容器的访问控制时出错"tftestcontainer"(存储帐户"tfstorageresourcegroup"/Resources组"tfstorageresourcegroup"(:容器。客户端#SetAccessControl:发送请求失败:StatusCode=409–原始错误:autorest/azure:服务返回了一个错误。状态=Code="PublicAccessNotPermitted"Message="不允许公共访问允许在此存储器上账户\nRequestId:80d021ca-501e-009f-4aa6-86a44000000\n时间:2020-09-09T12:38:47.5769058Z">
这可能是一个悬而未决的问题。
因此,如果您的存储帐户中有network_rules。
采取网络规则取决于容器,也就是说,先创建容器,然后应用网络规则。非工作样本代码:
resource "azurerm_storage_account" "terraform_storage" {
name = var.storage_account_name
resource_group_name = var.rg_name
location = var.region
account_tier = "Standard"
account_replication_type = "GRS"
account_kind = "Storage"
network_rules {
default_action = "Deny"
virtual_network_subnet_ids = [data.azurerm_subnet.publicsubnet.id]
}
}
# Create container
resource "azurerm_storage_container" "filestore" {
name = "filestore"
storage_account_name = azurerm_storage_account.sa.name
container_access_type = "private"
}
工作样本代码:
# Storage account
resource "azurerm_storage_account" "sa" {
name = local.storage_account_name
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
account_kind = var.storage_account_kind
account_tier = var.storage_account_tier
account_replication_type = var.storage_account_replication_type
enable_https_traffic_only = "true"
tags = local.tags
}
# Create container
resource "azurerm_storage_container" "filestore" {
name = "filestore"
storage_account_name = azurerm_storage_account.sa.name
container_access_type = "private"
}
# SA Network rules
resource "azurerm_storage_account_network_rules" "netrules" {
resource_group_name = azurerm_resource_group.rg.name
storage_account_name = azurerm_storage_account.sa.name
default_action = "Deny"
bypass = [
"Metrics",
"Logging",
"AzureServices"
]
depends_on = [
azurerm_storage_container.filestore,
]
}
参考
我在使用terraform创建azure infra时遇到了同样的错误。
我为编辑
container_access_type = "private"
内部:
resource "azurerm_storage_container" "container" {
...
...
...
}
在main.tf文件中。
您需要在存储帐户上设置此属性,allow_blob_public_access = true
CCD_ 2的文档显示了需要设置的属性,https://registry.terraform.io/providers/hashicorp/azurerm/2.82.0/docs/resources/storage_account#allow_blob_public_access
注意,我使用的是azurerm提供程序2.82.0
resource "azurerm_storage_account" "images" {
name = format("%simages", module.names.environment.storage_account.name_unique)
resource_group_name = azurerm_resource_group.default.name
location = azurerm_resource_group.default.location
allow_blob_public_access = true
account_tier = "Standard"
account_replication_type = "LRS"
tags = azurerm_resource_group.default.tags
}
resource "azurerm_storage_container" "images" {
name = "images"
storage_account_name = azurerm_storage_account.images.name
container_access_type = "blob"
}