问题
I am trying to run terraform apply on a folder with a tf file, after running init.
However, I get the error below:
Error running plan: 1 error(s) occurred:
- provider.azurerm: Unable to list provider registration status, it is possible that this is due to invalid credentials or the service principal does not have permission to use the Resource Manager API, Azure error: resources.ProvidersClien t#List: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Stat us=403 Code="AuthorizationFailed" Message="The client '17cd0b64-08fb-48db-ad9f-4dd56361bb47' with object id '17cd0b64-08 fb-48db-ad9f-4dd56361bb47' does not have authorization to perform action 'Microsoft.Resources/subscriptions/providers/re ad' over scope '/subscriptions/9a305d25-7f89-43d4-a691-62ad0f63c5c8'."
The tf file has my tenant id, subscription id, all the other required fields, but the error keeps happening. Please advise?
EDIT: Below is my tf file
provider "azurerm" {
subscription_id = "9a305d25-7f89-43d4-a691-62ad0f63c5c8"
client_id = "b5c92e75-9609-40d4-a64c-8d09be8b3a26"
client_secret = "CO5FufAOpH!j0r*Rlf0gi^zFl@St1Q0n{}A=zUZRbsf"
tenant_id = "4da92a32-54f3-4287-bbdb-bafbf8b87840"
}
# Create a resource group
resource "azurerm_resource_group" "production" {
name = "productiongs"
location = "West US"
}回答1:
Without seeing your terraform setup it's hard to know the exact problem, but I am guessing you are missing your client_id and client_secret.
So your provider would look something like this:
provider "azurerm" {
subscription_id = "..."
client_id = "..."
client_secret = "..."
tenant_id = "..."
}
More information here: https://www.terraform.io/docs/providers/azurerm/
回答2:
Looking at the given error message, I would say the given credentials do not have required permissions over the said resources.
perform action 'Microsoft.Resources/subscriptions/providers/read'
over scope '/subscriptions/9a305d25-7f89-43d4-a691-62ad0f63c5c8'."
Did you create your credentials as per given instructions at
https://www.terraform.io/docs/providers/azurerm/
Also, from https://github.com/Azure/vagrant-azure/issues/127#issuecomment-226659944
"To enable the application for use with Azure RM, you now need to switch to the 'New' Portal:" and further. You need to add that app credential to the Azure portal and give permission. Trick is about adding by name manually as "Type in the name of the application added in the 'Classic' Portal. You need to type this as it won't be shown in the user list. Click on the appropriate user in the list and then click Select"
来源:https://stackoverflow.com/questions/46720266/terraform-unable-to-list-provider-registration-status