无法通过 terraform 使用 oauth 创建 azure 广告应用程序
Cannot create azure ad application with oauth via terraform
我正在尝试 create/register 在具有 oauth2_permissions / 范围的 Azure AD 中应用。
我正在关注此文档页面:https://www.terraform.io/docs/providers/azuread/r/application.html
我已将其简化为那个简单的 .tf 文件:
provider "azuread" {
version = "=0.7.0"
subscription_id = "*******************************"
tenant_id = var.tenant-id
}
resource "azuread_application" "example" {
name = "example"
// oauth2_permissions {
// admin_consent_description = "Allow the application to access example on behalf of the signed-in user."
// admin_consent_display_name = "Access example"
// is_enabled = true
// type = "User"
// user_consent_description = "Allow the application to access example on your behalf."
// user_consent_display_name = "Access example"
// value = "user_impersonation"
// }
}
运行 这样的脚本 terraform plan 说:
C:\source\ITAN\terraform (master -> origin) λ terraform plan
Refreshing Terraform state in-memory prior to plan... The refreshed
state will be used to calculate this plan, but will not be persisted
to local or remote state storage.
An execution plan has been generated and is shown below. Resource
actions are indicated with the following symbols: + create
Terraform will perform the following actions:
azuread_application.example will be created + resource
azuread_application" "example" {
+ application_id = (known after apply)
+ homepage = (known after apply)
+ id = (known after apply)
+ identifier_uris = (known after apply)
+ name = "example"
+ object_id = (known after apply)
+ owners = (known after apply)
+ public_client = (known after apply)
+ reply_urls = (known after apply)
+ type = "webapp/api"
+ oauth2_permissions {
+ admin_consent_description = (known after apply)
+ admin_consent_display_name = (known after apply)
+ id = (known after apply)
+ is_enabled = (known after apply)
+ type = (known after apply)
+ user_consent_description = (known after apply)
+ user_consent_display_name = (known after apply)
+ value = (known after apply)
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Note: You didn't specify an "-out" parameter to save this plan, so
Terraform can't guarantee that exactly these actions will be performed
if "terraform apply" is subsequently run.
但是当我取消注释 oauth2_permissions
provider "azuread" {
version = "=0.7.0"
subscription_id = "******************"
tenant_id = var.tenant-id
}
resource "azuread_application" "example" {
name = "example"
oauth2_permissions {
admin_consent_description = "Allow the application to access example on behalf of the signed-in user."
admin_consent_display_name = "Access example"
is_enabled = true
type = "User"
user_consent_description = "Allow the application to access example on your behalf."
user_consent_display_name = "Access example"
value = "user_impersonation"
}
}
出现问题,它是这样的:
Error: "oauth2_permissions.0.user_consent_display_name": this field
cannot be set
on itan-azure-ad.tf line 7, in resource "azuread_application"
"example": 7: resource "azuread_application" "example" {
知道我做错了什么吗?我登录了,我选择了合适的订阅并切换到它。我拥有 azure 帐户。我已经通过 Azure 门户成功创建了应用程序,但我想自动完成它。 运行 在地形上:
terraform -v
Terraform v0.12.28
+ provider.azuread v0.7.0
provider.azuread v0.7.0版本似乎不支持设置user_consent_display_name。请参阅更改日志 here 中的 oauth2_permissions。
请使用最新的 azuread 提供程序版本 0.11.0。它会解决您的问题。
provider "azuread" {
version = "~>0.11.0"
subscription_id = "*******************************"
tenant_id = var.tenant-id
}
我正在尝试 create/register 在具有 oauth2_permissions / 范围的 Azure AD 中应用。 我正在关注此文档页面:https://www.terraform.io/docs/providers/azuread/r/application.html 我已将其简化为那个简单的 .tf 文件:
provider "azuread" {
version = "=0.7.0"
subscription_id = "*******************************"
tenant_id = var.tenant-id
}
resource "azuread_application" "example" {
name = "example"
// oauth2_permissions {
// admin_consent_description = "Allow the application to access example on behalf of the signed-in user."
// admin_consent_display_name = "Access example"
// is_enabled = true
// type = "User"
// user_consent_description = "Allow the application to access example on your behalf."
// user_consent_display_name = "Access example"
// value = "user_impersonation"
// }
}
运行 这样的脚本 terraform plan 说:
C:\source\ITAN\terraform (master -> origin) λ terraform plan Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage.
An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create
Terraform will perform the following actions:
azuread_application.example will be created + resource azuread_application" "example" {
+ application_id = (known after apply) + homepage = (known after apply) + id = (known after apply) + identifier_uris = (known after apply) + name = "example" + object_id = (known after apply) + owners = (known after apply) + public_client = (known after apply) + reply_urls = (known after apply) + type = "webapp/api" + oauth2_permissions { + admin_consent_description = (known after apply) + admin_consent_display_name = (known after apply) + id = (known after apply) + is_enabled = (known after apply) + type = (known after apply) + user_consent_description = (known after apply) + user_consent_display_name = (known after apply) + value = (known after apply) } }Plan: 1 to add, 0 to change, 0 to destroy.
Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run.
但是当我取消注释 oauth2_permissions
provider "azuread" {
version = "=0.7.0"
subscription_id = "******************"
tenant_id = var.tenant-id
}
resource "azuread_application" "example" {
name = "example"
oauth2_permissions {
admin_consent_description = "Allow the application to access example on behalf of the signed-in user."
admin_consent_display_name = "Access example"
is_enabled = true
type = "User"
user_consent_description = "Allow the application to access example on your behalf."
user_consent_display_name = "Access example"
value = "user_impersonation"
}
}
出现问题,它是这样的:
Error: "oauth2_permissions.0.user_consent_display_name": this field cannot be set
on itan-azure-ad.tf line 7, in resource "azuread_application" "example": 7: resource "azuread_application" "example" {
知道我做错了什么吗?我登录了,我选择了合适的订阅并切换到它。我拥有 azure 帐户。我已经通过 Azure 门户成功创建了应用程序,但我想自动完成它。 运行 在地形上:
terraform -v
Terraform v0.12.28
+ provider.azuread v0.7.0
provider.azuread v0.7.0版本似乎不支持设置user_consent_display_name。请参阅更改日志 here 中的 oauth2_permissions。
请使用最新的 azuread 提供程序版本 0.11.0。它会解决您的问题。
provider "azuread" {
version = "~>0.11.0"
subscription_id = "*******************************"
tenant_id = var.tenant-id
}