从Terrraform中的Azure函数应用程序获取标识

Question

我正在尝试从Azure funtion应用程序检索托管标识，并在Azure密钥库中为该标识设置访问策略。脚本看起来像这样(一个更大的脚本的一部分)。

data "azurerm_function_app" "funcidmngmtapp" {
  name = "func-adpidentitymngmt-${var.location}-${local.env}"
  resource_group_name = azurerm_resource_group.azurefunctions.name
}
resource "azurerm_key_vault_access_policy" "funcidmngmt" {
    key_vault_id = azurerm_key_vault.general.id 
    tenant_id = data.azurerm_function_app.funcidmngmtapp.identity.tenant_id
    object_id = data.azurerm_function_app.funcidmngmtapp.identity.principal_id

    secret_permissions = [
      "Get",
      "List"
    ]
}

在执行terraform plan时，它返回以下错误

Error: Unsupported attribute

  on resources.tf line 283, in resource "azurerm_key_vault_access_policy" "funcidmngmt":
 283:     tenant_id = data.azurerm_function_app.funcidmngmtapp.identity.tenant_id

This value does not have any attributes.


Error: Unsupported attribute

  on resources.tf line 284, in resource "azurerm_key_vault_access_policy" "funcidmngmt":
 284:     object_id = data.azurerm_function_app.funcidmngmtapp.identity.principal_id

This value does not have any attributes.

据我所知，https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/function_app的语法是正确的，但在理解错误消息时遇到了问题。

感谢您的反馈

Answer 1

identity属性是一个列表，所以使用这个(重要的部分是.0.)：

data.azurerm_function_app.funcidmngmtapp.identity.0.principal_id