我想将auth_settings
添加到我的Azure应用程序服务中。我正在使用此提供商:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_function_app
这是我的密码。模块:
resource "azurerm_windows_function_app" "function_app" {
name = var.name
resource_group_name = var.resource_group_name
location = var.location
storage_account_name = var.storage_account_name
service_plan_id = var.service_plan_id
app_settings = var.app_settings
auth_settings {
enabled = var.auth_settings_enabled
active_directory = var.auth_active_directory
}
}
和variables.tf
文件:
// ommited the rest
variable "auth_settings_enabled" {
type = bool
default = false
}
variable "auth_active_directory" {
default = null
type = object({
client_id = optional(string)
client_secret = optional(string)
allowed_audiences = optional(list(string))
})
}
然后,我在main.tf
中声明我的模块
///
module "function_app_1" {
source = "./function-app-module"
// standard vars like name etc here...
auth_settings_enabled = true
auth_active_directory = {
client_id = var.clientid
client_secret = var.clientsecret
allowed_audiences = [ var.audience ]
}
}
module "function_app_2" {
source = "./function-app-module"
// standard vars like name etc here...
auth_active_directory = {}
}
在terraform plan
推荐之后,我得到了这个错误:
│ Error: Unsupported argument
│
│ on function-appmain.tf line 28, in resource "azurerm_windows_function_app" "function_app":
│ 28: active_directory = var.auth_active_directory
│
│ An argument named "active_directory" is not expected here. Did you mean to define a block of type "active_directory"?
╵
╷
│ Error: Unsupported argument
│
│ on function-appmain.tf line 28, in resource "azurerm_windows_function_app" "function_app":
│ 28: active_directory = var.auth_active_directory
│
│ An argument named "active_directory" is not expected here. Did you mean to define a block of type "active_directory"?
我的问题是,如何在auth_settings
对象中正确初始化active_directory
?
由于active_directory
是一个块而不是一个参数,您无法按照当前的方式定义它。因此,需要考虑以下几点:
- 如果
enabled
值设置为true
,则应使用active_directory
块 - 变量值分配给块而不是参数
基于这两个假设,您可以重构有问题的代码块,如下所示:
auth_settings {
enabled = var.auth_settings_enabled
dynamic "active_directory" {
for_each = auth_settings_enabled ? [1] : []
content {
client_id = var.auth_active_directory.client_id
client_secret = var.auth_active_directory.client_secret
allowed_audiences = var.auth_active_directory.allowed_audiences
}
}
}
在这种情况下,使用Terraformdynamic
块[1]来确保active_directory
块是可选的,并且仅在auth_settings_enabled
变量等于true
时使用。
[1]https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks