Terraform Azure提供者-用于容器的Azure公共访问级别

Question

我试图将container_access_type值从“私有”更改为“私有”，但我一直收到一个错误。

我可以从Azure UI中执行这个操作。在Terraform代码中可能缺少一些东西。

请协助，谢谢。

provider "azurerm" {
version = "=2.25.0"
features {}
}

resource "azurerm_resource_group" "storage" {
  name     = "tfstorageresourcegroup"
  location = "North Europe"
}

resource "azurerm_storage_account" "account" {
  name = "${azurerm_resource_group.storage.name}"
  location = "${azurerm_resource_group.storage.location}"
  account_tier = "Standard"
  resource_group_name = "${azurerm_resource_group.storage.name}"
  account_replication_type = "LRS"
  enable_https_traffic_only = true
  allow_blob_public_access = true
}


resource "azurerm_storage_container" "container" {
    name = "tftestcontainer"
    storage_account_name = "${azurerm_storage_account.account.name}"
    container_access_type = "container"
}

resource "azurerm_storage_blob" "blob" {
    name = "tftestblob"
    storage_account_name = "${azurerm_storage_account.account.name}"
    storage_container_name = "${azurerm_storage_container.container.name}"
    type = "Page"
    size = "5120"
}

错误:更新容器“tftest容器”的访问控制错误(存储帐户“tfstorageresourcegroup”/资源组“tfstorageresourcegroup”)：containers.Client#SetAccessControl: Failure发送请求: StatusCode=409 -原始错误: autorest/azure: Service返回了一个错误。此存储account.\nRequestId:80d021ca-501e-009f-4aa6-86a404000000\nTime:2020-09-09T12:38:47.5769058Z”不允许Status= Code=“PublicAccessNotPermitted”Message=公共访问

Answer 1

这可能是开放的问题。

因此，如果您在存储帐户中有规则。

取网络规则取决于容器，意思是先创建容器，然后应用网络规则。非工作样例代码：

resource "azurerm_storage_account" "terraform_storage" {
  name = var.storage_account_name
  resource_group_name = var.rg_name
  location = var.region
  account_tier = "Standard"
  account_replication_type = "GRS"
  account_kind = "Storage"

  network_rules {
    default_action = "Deny"
    virtual_network_subnet_ids = [data.azurerm_subnet.publicsubnet.id]
  }
}

# Create container
resource "azurerm_storage_container" "filestore" {
  name                  = "filestore"
  storage_account_name  = azurerm_storage_account.sa.name
  container_access_type = "private"
}

工作样本代码：

# Storage account
resource "azurerm_storage_account" "sa" {
  name                = local.storage_account_name
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location

  account_kind             = var.storage_account_kind
  account_tier             = var.storage_account_tier
  account_replication_type = var.storage_account_replication_type

  enable_https_traffic_only = "true"

  tags = local.tags
}

# Create container
resource "azurerm_storage_container" "filestore" {
  name                  = "filestore"
  storage_account_name  = azurerm_storage_account.sa.name
  container_access_type = "private"
}

# SA Network rules
resource "azurerm_storage_account_network_rules" "netrules" {
  resource_group_name  = azurerm_resource_group.rg.name
  storage_account_name = azurerm_storage_account.sa.name

  default_action = "Deny"
  bypass = [
    "Metrics",
    "Logging",
    "AzureServices"
  ]

  depends_on = [
    azurerm_storage_container.filestore,
  ]
}

参考文献

Answer 2

我也犯了同样的错误，当我用地形在水下创造蓝色的时候。

我编辑了：

  container_access_type = "private"

内部：

    resource "azurerm_storage_container" "container" {
     ...
     ...
     ...
    }

在main.tf文件中。