使用Terraform运行Azure AZ登录命令

Question

问题:我试图在Terraform中执行bash脚本并抛出一个错误。

环境:我在Windows10上运行VScode中的Terraform (终端是bash)，我也尝试过在标准的git命令终端中运行，它会引发相同的错误。我也尝试过将'program =[“bash‘，’‘替换为'program = ["az”’，但仍然会抛出错误。

我的bash脚本

#!/bin/bash

# Exit if any of the intermediate steps fail
set -e

# Login
az login --service-principal -u "${ARM_CLIENT_ID}" -p "${ARM_CLIENT_SECRET}" --tenant "${ARM_TENANT_ID}" >/dev/null

# Extract the query json into variables
eval "$(jq -r '@sh "SUBSCRIPTION_NAME=\(.subscription_name)"')"

# Get the subscription id and pass back map
az account list --query "[?name == '${SUBSCRIPTION_NAME}'].id | {id: join(', ', @)}" --output json

我的main.tf文件

locals {
    access_levels     = ["read", "write"]
    subscription_name = lower(var.subscription_name)
}

# lookup existing subscription
data "azurerm_subscription" "current" {}

# Lookup Subscription
data "external" "lookupByName" {
  # Looks up a subscription by its display name and returns id
  program = ["bash", "${path.module}/scripts/lookupByName.sh"]

  query = {
    subscription_name = local.subscription_name
  }
}

运行“地形计划”后抛出错误

The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

data.external.lookupByName: Refreshing state...
data.azurerm_subscription.current: Refreshing state...

Error: failed to execute "bash": usage: az login [-h] [--verbose] [--debug] [--only-show-errors]
                [--output {json,jsonc,yaml,yamlc,table,tsv,none}]
                [--query JMESPATH] [--username USERNAME] [--password PASSWORD]
                [--service-principal] [--tenant TENANT]
                [--allow-no-subscriptions] [-i] [--use-device-code]
                [--use-cert-sn-issuer]
az login: error: Expecting value: line 1 column 1 (char 0)


  on main.tf line 10, in data "external" "lookupByName":
  10: data "external" "lookupByName" {

Answer 1

我假设您在Windows 10中使用( WSL )。根据您的推荐，无需将ARM_CLIENT_SECRET硬编码为变量，您可以将凭据存储为WSL中的环境变量，如下所示：

$ export ARM_CLIENT_ID="00000000-0000-0000-0000-000000000000"
$ export ARM_CLIENT_SECRET="00000000-0000-0000-0000-000000000000"
$ export ARM_TENANT_ID="00000000-0000-0000-0000-000000000000"

您可以阅读在Terraform中配置服务主体获得更多详细信息。

但是，环境变量在当前会话中以这种方式暂时有效。如果要永久存储其值，可以在Windows和WSL之间使用共享WSLENV环境变量。从17063开始，WSLENV就开始受到支持。WSLENV是区分大小写的。

例如,

首先，您可以在Windows 10中设置环境变量，

​

​

其次，在CMD中设置WSLENV变量。

C:\WINDOWS\system32>setx WSLENV ARM_TENANT_ID/u:ARM_CLIENT_ID/u:ARM_CLIENT_SECRET/u

SUCCESS: Specified value was saved.

再次，重新启动VS代码，您可以使用export检查当前的WSL环境变量.

​

​

最后，您应该运行terraform plan，在VScode中的WSL中没有这样的错误。

有关更多信息，请参考以下文档，

• https://learn.microsoft.com/en-us/windows/wsl/interop
• https://devblogs.microsoft.com/commandline/share-environment-vars-between-wsl-and-windows/