我正在尝试在租户 2 中创建虚拟机,并在租户 1 中提供共享映像厨房。
下面是我正在使用的代码。
租户 - 2
provider "azurerm" {
subscription_id = "${var.subscription_id}"
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
tenant_id = "${var.tenant_id}"
}
租户 - 1
用于获取 SIG 资源的提供程序
provider "azurerm" {
alias = "sig-resources-id"
subscription_id = "${var.sig_subscription_id}"
client_id = "${var.sig_client_id}"
client_secret = "${var.sig_client_secret}"
tenant_id = "${var.sig_tenant_id}"
}
从租户 1 获取映像 ID,并将其用于azurerm_virtual_machine在租户 2 中创建 VM
Error: compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="LinkedAuthorizationFailed" Message="The client has permission to perform action 'Microsoft.Compute/galleries/images/versions/read' on scope '/subscriptions/subscription-ID-of-tenant-2/resourceGroups/mygroup/providers/Microsoft.Compute/virtualMachines/sigvm-01', however the current tenant '<Tenant-2 ID>' is not authorized to access linked subscription '<subscription-ID-of-tenant-1>'."
任何帮助都非常感谢。
这似乎在这里得到了修复 https://github.com/terraform-providers/terraform-provider-azurerm/pull/4290
根据修复程序,请将属性auxiliary_tenant_ids = [""]添加到租户 - 1
provider "azurerm" {
subscription_id = "${var.subscription_id}"
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
tenant_id = "${var.tenant_id}"
auxiliary_tenant_ids = ["${var.sig_tenant_id}"]
}
希望这有帮助!