Azureがサポートするterraformアカウントの構築エラー

debugcn 投稿 Dev

svobol13

を実行すると、突然、予期せずエラーが発生しましたterraform plan。

Error: Error building account: Error getting authenticated object ID: Error parsing json result from the Azure CLI: Error retrieving running Azure CLI: Unable to encode the output with ANSI_X3.4-1968 encoding. U
nsupported characters are discarded.

  on main.tf line 4, in provider "azurerm":
   4: provider "azurerm" {

ログの近くのエラーは次のようになります。

2020-04-14T10:22:53.257Z [DEBUG] plugin.terraform-provider-azurerm_v2.5.0_x5: Testing if Service Principal / Client Certificate is applicable for Authentication..
2020-04-14T10:22:53.257Z [DEBUG] plugin.terraform-provider-azurerm_v2.5.0_x5: Testing if Multi Tenant Service Principal / Client Secret is applicable for Authentication..
2020-04-14T10:22:53.257Z [DEBUG] plugin.terraform-provider-azurerm_v2.5.0_x5: Testing if Service Principal / Client Secret is applicable for Authentication..
2020-04-14T10:22:53.257Z [DEBUG] plugin.terraform-provider-azurerm_v2.5.0_x5: Testing if Managed Service Identity is applicable for Authentication..
2020-04-14T10:22:53.257Z [DEBUG] plugin.terraform-provider-azurerm_v2.5.0_x5: Testing if Obtaining a token from the Azure CLI is applicable for Authentication..
2020-04-14T10:22:53.257Z [DEBUG] plugin.terraform-provider-azurerm_v2.5.0_x5: Using Obtaining a token from the Azure CLI for Authentication
2020-04-14T10:22:53.258Z [DEBUG] plugin.terraform-provider-azurerm_v2.5.0_x5: [DEBUG] Resource "https://management.core.windows.net/" isn't for the correct Tenant
2020/04/14 10:22:54 [ERROR] <root>: eval: *terraform.EvalConfigProvider, err: Error building account: Error getting authenticated object ID: Error parsing json result from the Azure CLI: Error retrieving running
 Azure CLI: Unable to encode the output with ANSI_X3.4-1968 encoding. Unsupported characters are discarded.
2020/04/14 10:22:54 [ERROR] <root>: eval: *terraform.EvalSequence, err: Error building account: Error getting authenticated object ID: Error parsing json result from the Azure CLI: Error retrieving running Azure
 CLI: Unable to encode the output with ANSI_X3.4-1968 encoding. Unsupported characters are discarded.
2020/04/14 10:22:54 [ERROR] <root>: eval: *terraform.EvalOpFilter, err: Error building account: Error getting authenticated object ID: Error parsing json result from the Azure CLI: Error retrieving running Azure
 CLI: Unable to encode the output with ANSI_X3.4-1968 encoding. Unsupported characters are discarded.
2020/04/14 10:22:54 [ERROR] <root>: eval: *terraform.EvalSequence, err: Error building account: Error getting authenticated object ID: Error parsing json result from the Azure CLI: Error retrieving running Azure
 CLI: Unable to encode the output with ANSI_X3.4-1968 encoding. Unsupported characters are discarded.
2020/04/14 10:22:54 [TRACE] [walkRefresh] Exiting eval tree: provider.azurerm
2020/04/14 10:22:54 [TRACE] vertex "provider.azurerm": visit complete
2020/04/14 10:22:54 [TRACE] dag/walk: upstream of "azurerm_cosmosdb_mongo_database.cupi" errored, so skipping
2020/04/14 10:22:54 [TRACE] dag/walk: upstream of "azurerm_log_analytics_workspace.law-cupi" errored, so skipping
2020/04/14 10:22:54 [TRACE] dag/walk: upstream of "azurerm_cosmosdb_account.cosmodb_account" errored, so skipping
2020/04/14 10:22:54 [TRACE] dag/walk: upstream of "azurerm_cosmosdb_mongo_collection.customer" errored, so skipping
2020/04/14 10:22:54 [TRACE] dag/walk: upstream of "azurerm_resource_group.rg-cupi" errored, so skipping
2020/04/14 10:22:54 [TRACE] dag/walk: upstream of "azurerm_log_analytics_solution.las-cupi" errored, so skipping
2020/04/14 10:22:54 [TRACE] dag/walk: upstream of "azurerm_kubernetes_cluster.aks-cupi" errored, so skipping
2020/04/14 10:22:54 [TRACE] dag/walk: upstream of "azurerm_cosmosdb_mongo_collection.deactivationRequest" errored, so skipping
2020/04/14 10:22:54 [TRACE] dag/walk: upstream of "azurerm_cosmosdb_mongo_collection.customerHash" errored, so skipping
2020/04/14 10:22:54 [TRACE] dag/walk: upstream of "azurerm_cosmosdb_mongo_collection.apiAuth" errored, so skipping
2020/04/14 10:22:54 [TRACE] dag/walk: upstream of "provider.azurerm (close)" errored, so skipping
2020/04/14 10:22:54 [TRACE] dag/walk: upstream of "root" errored, so skipping

と私のバージョン terraform

$ terraform version
2020/04/14 10:24:24 [INFO] Terraform version: 0.12.24
2020/04/14 10:24:24 [INFO] Go runtime version: go1.12.13
2020/04/14 10:24:24 [INFO] CLI args: []string{"/usr/bin/terraform", "version"}
2020/04/14 10:24:24 [DEBUG] Attempting to open CLI config file: /root/.terraformrc
2020/04/14 10:24:24 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2020/04/14 10:24:24 [INFO] CLI command args: []string{"version"}
Terraform v0.12.24
2020/04/14 10:24:24 [DEBUG] checking for provider in "."
2020/04/14 10:24:24 [DEBUG] checking for provider in "/usr/bin"
2020/04/14 10:24:24 [DEBUG] checking for provider in ".terraform/plugins/linux_amd64"
2020/04/14 10:24:24 [DEBUG] found provider "terraform-provider-azuread_v0.8.0_x4"
2020/04/14 10:24:24 [DEBUG] found provider "terraform-provider-azurerm_v2.5.0_x5"
2020/04/14 10:24:24 [DEBUG] found provider "terraform-provider-random_v2.2.1_x4"
2020/04/14 10:24:24 [DEBUG] found valid plugin: "azurerm", "2.5.0", "/cupi/operations/terraform/.terraform/plugins/linux_amd64/terraform-provider-azurerm_v2.5.0_x5"
2020/04/14 10:24:24 [DEBUG] found valid plugin: "random", "2.2.1", "/cupi/operations/terraform/.terraform/plugins/linux_amd64/terraform-provider-random_v2.2.1_x4"
2020/04/14 10:24:24 [DEBUG] found valid plugin: "azuread", "0.8.0", "/cupi/operations/terraform/.terraform/plugins/linux_amd64/terraform-provider-azuread_v0.8.0_x4"
+ provider.azuread v0.8.0
+ provider.azurerm v2.5.0
+ provider.random v2.2.1

そして最後に私のazCLI

$ az --version
azure-cli                          2.3.1

command-modules-nspkg              2.0.3
core                               2.3.1
nspkg                              3.0.4
telemetry                          1.0.4

Python location '/opt/az/bin/python3'
Extensions directory '/root/.azure/cliextensions'

Python (Linux) 3.6.5 (default, Apr  1 2020, 07:19:45)
[GCC 7.5.0]

Legal docs and information: aka.ms/AzureCliLegal

私のmain.tfファイル：

provider "azuread" {
  version = "~>0.8"
}
provider "azurerm" {
  version         = "~>2"
  subscription_id = "..."
  features {}
}
terraform {
  backend "azurerm" {}
}

以下のスレッドも読みました。どれも私の問題を助けたり解決したりしませんでした。今日は機能しない同じ構成で、数日前に変更なしで機能しました（クライアント側で変更できるのはプラグインのバージョンだけです-グレードを上げたり下げたりしましたが、成功しませんでした）。

アミット・バラネス

コメントで述べたように、問題はプロバイダーでサービスプリンシパルを提供していませんでした。正しい構文は次のとおりです。

# Configure the Azure Provider
# https://www.terraform.io/docs/providers/azurerm/index.html
provider "azurerm" {
  subscription_id = var.SUBSCRIPTION_ID
  client_id       = var.SP_CLIENT_ID
  client_secret   = var.SP_CLIENT_SECRET
  tenant_id       = var.SP_TENANT_ID
  version         = "=2.0.0" #Can be overide as you wish
  features {}
}

サービスプリンシパルとは何ですか？

Azureサービスプリンシパルは、Azureリソースにアクセスするためのアプリケーション、ホストされたサービス、および自動化されたツールで使用するために作成されたIDです。このアクセスは、サービスプリンシパルに割り当てられたロールによって制限され、アクセスできるリソースとレベルを制御できます。セキュリティ上の理由から、ユーザーIDでログインするのではなく、自動化されたツールでサービスプリンシパルを使用することを常にお勧めします。

詳細はこちら。

そうは言っても、なぜTerraformでサービスプリンシパルを使用する必要があるのでしょうか。