admin管理员组

文章数量:1122832

I'm trying to provsision the App Service certificate using terrafrom azurerm_app_service_certificate resource as given below

  resource "azurerm_app_service_certificate" "cert" {
    name                = "testcert"
    resource_group_name = var.resource_group_name
    location            = "eastus"
    key_vault_id        = data.azurerm_key_vault.cert_keyvault.id
    key_vault_secret_id = "https://Test- KV.vault.azure/secrets/Testcert/3d10d62bc5da4f31b09a9a90e8189bca"

}

On running the "terrafrom apply" the execution is failing with following error

 creating/updating Certificate: (Name "testcert" / Resource Group "Test-RG"): 
web.CertificatesClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- 
Original Error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" 
Message="The service does not have access to '/subscriptions/XXXXXX-XXX-XXXX-XXXX- 
XXXXXXXXXX/resourcegroups/Test-RG/providers/microsoft.keyvault/vaults/Test-KV' Key 
Vault. Please make sure that you have granted necessary permissions to the service to 
perform the request operation." Details=[{"Message":"The service does not have access 
to '/subscriptions/XXXXXX-XXX-XXXX-XXXX-XXXXXXXXXX/resourcegroups/Test- 
RG/providers/microsoft.keyvault/vaults/Test-KV' Key Vault. Please make sure that you 
have granted necessary permissions to the service to perform the request operation."}, 
{"Code":"BadRequest"},{"ErrorEntity": 
{"Code":"BadRequest","ExtendedCode":"59716","Message":"The service does not have access 
to '/subscriptions/XXXXXX-XXX-XXXX-XXXX-XXXXXXXXXX/resourcegroups/Test- 
RG/providers/microsoft.keyvault/vaults/Test-KV' Key Vault. Please make sure that you 
have granted necessary permissions to the service to perform the request 
operation.","MessageTemplate":"The service does not have access to '{0}' Key Vault. 
Please make sure that you have granted necessary permissions to the service to perform 
the request operation.","Parameters":["/subscriptions/XXXXXX-XXX-XXXX-XXXX- 
XXXXXXXXXX/resourcegroups/Test-RG/providers/microsoft.keyvault/vaults/Test-KV"]}}]

I'm trying to provsision the App Service certificate using terrafrom azurerm_app_service_certificate resource as given below

  resource "azurerm_app_service_certificate" "cert" {
    name                = "testcert"
    resource_group_name = var.resource_group_name
    location            = "eastus"
    key_vault_id        = data.azurerm_key_vault.cert_keyvault.id
    key_vault_secret_id = "https://Test- KV.vault.azure.net/secrets/Testcert/3d10d62bc5da4f31b09a9a90e8189bca"

}

On running the "terrafrom apply" the execution is failing with following error

 creating/updating Certificate: (Name "testcert" / Resource Group "Test-RG"): 
web.CertificatesClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- 
Original Error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" 
Message="The service does not have access to '/subscriptions/XXXXXX-XXX-XXXX-XXXX- 
XXXXXXXXXX/resourcegroups/Test-RG/providers/microsoft.keyvault/vaults/Test-KV' Key 
Vault. Please make sure that you have granted necessary permissions to the service to 
perform the request operation." Details=[{"Message":"The service does not have access 
to '/subscriptions/XXXXXX-XXX-XXXX-XXXX-XXXXXXXXXX/resourcegroups/Test- 
RG/providers/microsoft.keyvault/vaults/Test-KV' Key Vault. Please make sure that you 
have granted necessary permissions to the service to perform the request operation."}, 
{"Code":"BadRequest"},{"ErrorEntity": 
{"Code":"BadRequest","ExtendedCode":"59716","Message":"The service does not have access 
to '/subscriptions/XXXXXX-XXX-XXXX-XXXX-XXXXXXXXXX/resourcegroups/Test- 
RG/providers/microsoft.keyvault/vaults/Test-KV' Key Vault. Please make sure that you 
have granted necessary permissions to the service to perform the request 
operation.","MessageTemplate":"The service does not have access to '{0}' Key Vault. 
Please make sure that you have granted necessary permissions to the service to perform 
the request operation.","Parameters":["/subscriptions/XXXXXX-XXX-XXXX-XXXX- 
XXXXXXXXXX/resourcegroups/Test-RG/providers/microsoft.keyvault/vaults/Test-KV"]}}]
  • azure
  • terraform
Share Improve this question asked Nov 21, 2024 at 14:09 mystackmystack 5,47213 gold badges50 silver badges87 bronze badges
Add a comment  | 

1 Answer 1

Reset to default 0

For fixing this we need to Create an access policy in the key vault to Microsoft Azure App service resource provider abfa0a7c-a6b6-4736-8310-5855508787cd with GET permission for the Secret.

resource "azurerm_key_vault_access_policy" "app_service_provider" {
   key_vault_id = data.azurerm_key_vault.example.id
   tenant_id    = data.azurerm_client_config.current.tenant_id
  object_id    = "xxxx-xxxx-xxxx-xxxx"  # App Service resource provider 
 (abfa0a7c-a6b6-4736-8310-5855508787cd) object id 

 secret_permissions = [
   "Get",
 ]
}

本文标签: azureTerraform quotazurermappservicecertificatequot failing with exit code quot59716quotStack Overflow

版权声明:本文标题:azure - Terraform "azurerm_app_service_certificate" failing with exit code "59716" - Stack O 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736310125a1934264.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。