我有以下 Terraform 代码。我需要确定为逻辑应用工作流的专用端点连接中的特定 subresource_names 指定哪个值。我是 Terraform 新手。
locals {
app_service_name = "appserviceswathi"
sku_sizes = {
small = "WS1"
medium = "WS2"
premium = "WS3"
}
}
data "azurerm_resource_group" "rg1" {
name = var.resource_group_name
}
data "azurerm_resource_group" "rg2" {
name = var.vnet_rg
}
data "azurerm_subnet" "integration_subnet_name" {
name = var.subnet_name
resource_group_name = data.azurerm_resource_group.rg2.name
virtual_network_name = var.vnet_name
}
data "azurerm_subnet" "private_endpoint_subnet_name" {
name = var.app_service_private_endpoint_subnet_name
resource_group_name = data.azurerm_resource_group.rg2.name
virtual_network_name = var.vnet_name
}
data "azurerm_storage_account" "storage_account" {
name = var.storage_account_name
resource_group_name = data.azurerm_resource_group.rg1.name
}
resource "azurerm_app_service_plan" "service_plan" {
count = var.app_service_plan_name == "" ? 1 : 0
name = "${local.app_service_name}asp"
location = var.location
resource_group_name = data.azurerm_resource_group.rg1.name
kind = "elastic"
sku {
tier = "WorkflowStandard"
size = local.sku_sizes[var.size]
}
}
module "storage_account" {
source = "./dfs_storage"
count = var.storage_account_name == "" ? 1 : 0
key_vault_is_required = false
lock_resource = false
fileshare_is_required = true
queue_is_required = true
table_is_required = true
dfs_subnet = var.subnet_name
hns = false
network_rules_default_action = "Deny"
}
resource "azurerm_storage_share" "logicApp" {
name = "${local.app_service_name}-content"
storage_account_name = var.storage_account_name
quota = 1024
depends_on = [
data.azurerm_storage_account.storage_account
]
}
resource "azurerm_logic_app_workflow" "logic_app" {
name = local.app_service_name
location = var.location
resource_group_name = data.azurerm_resource_group.rg1.name
identity {
type = "SystemAssigned"
}
}
resource "azurerm_private_endpoint" "endpoint" {
name = "${local.app_service_name}pe"
location = var.location
resource_group_name = var.resource_group_name
subnet_id = data.azurerm_subnet.private_endpoint_subnet_name.id
tags = {}
private_service_connection {
name = "${local.app_service_name}psc"
is_manual_connection = false
private_connection_resource_id = azurerm_logic_app_workflow.logic_app.id
subresource_names = ["workflow"]
}
lifecycle {
ignore_changes = [
network_interface,
subnet_id,
]
}
}
错误:
错误:创建专用端点(订阅:“” │ 资源组名称:“” │ 专用终结点名称:“”):执行 CreateOrUpdate:意外状态 400,错误:InvalidPrivateLinkServiceIdType:专用链接服务 Id /subscriptions//resourceGroups//providers/Microsoft.Logic/workflows/ 具有无效的资源类型。允许的类型:Microsoft.DocumentDB/databaseAccounts、Microsoft.Sql/servers、Microsoft.Network/privateLinkServices、Microsoft.Web/sites、Microsoft.Web/hostingEnvironments、Microsoft.Storage/storageAccounts、Microsoft.DBforPostgreSQL/servers、Microsoft。 DBforMySQL/服务器、Microsoft.DBforMariaDB/服务器、Microsoft.KeyVault/vaults、Microsoft.Synapse/workspaces、Microsoft.AppConfiguration/configurationStores、Microsoft.Search/searchServices、Microsoft.ContainerService/managedClusters、Microsoft.Attestation/attestationProviders、Microsoft.Devices/ IotHubs、Microsoft.Cache/Redis、Microsoft.SignalRService/SignalR、Microsoft.MachineLearningServices/工作区、Microsoft.Batch/batchAccounts、Microsoft.ContainerRegistry/注册表、Microsoft.RecoveryServices/vaults、Microsoft.EventGrid/topics、Microsoft.EventGrid/domains、 Microsoft.EventHub/命名空间、Microsoft.ServiceBus/命名空间、Microsoft.Relay/命名空间、Microsoft.StorageSync/storageSyncServices、Microsoft.HealthcareApis/服务、Microsoft.Automation/automationAccounts、Microsoft.Insights/privateLinkScopes、Microsoft.CognitiveServices/accounts、Microsoft.计算/磁盘访问、Microsoft.Network/applicationgateways、Microsoft.Media/mediaservices、Microsoft.Databricks/workspaces、Microsoft.Sql/managedInstances、Microsoft.Migrate/assessmentProjects、Microsoft.Migrate/migrateProjects、Microsoft.DataFactory/factories、Microsoft.Authorization/ resourceManagementPrivateLinks、Microsoft.Devices/ProvisioningServices、Microsoft.Synapse/privateLinkHubs、Microsoft.PowerBI/privateLinkServicesForPowerBI、Microsoft.Cache/redisEnterprise、Microsoft.HybridCompute/privateLinkScopes、Microsoft.OffAzure/mastersites、Microsoft.TimeSeriesInsights/environments、Microsoft.DigitalTwins/digitalTwinsInstances、 Microsoft.Keyvault/托管HSM、Microsoft.Kusto/集群、Microsoft.Purview/accounts、Microsoft.Web/staticSites、Microsoft.SignalRService/webPubSub、Microsoft.DeviceUpdate/accounts、Microsoft.DBforPostgreSQL/serverGroupsv2、Microsoft.HealthcareApis/workspaces、Microsoft. ApiManagement/服务、Microsoft.HDInsight/群集、Microsoft.DesktopVirtualization/主机池、Microsoft.DesktopVirtualization/工作区、Microsoft.Media/videoanalyzers、Microsoft.IoTCentral/IoTApps、Microsoft.EventGrid/partnerNamespaces、Microsoft.BotService/botServices、Microsoft.AgFoodPlatform/ farmBeats、Microsoft.OpenEnergyPlatform/energyServices、Microsoft.Dashboard/grafana、Microsoft.DBforMySQL/flexibleServers、Microsoft.MachineLearningServices/registries、Microsoft.DBforPostgreSQL/flexibleServers、Microsoft.HardwareSecurityModules/cloudHsmClusters、Microsoft.Monitor/accounts、Microsoft.EventGrid/命名空间、 Microsoft.ElasticSan/elasticSans。
这个问题已经解决了。 您遇到的错误表明为您的逻辑应用工作流提供的 private_connection_resource_id 不属于专用链接服务的有效资源类型。根据错误消息,专用链接服务允许的资源类型不包括逻辑应用工作流。
在您的情况下,您已在 subresource_names 参数中将子资源名称指定为“workflow”,但似乎不支持逻辑应用工作流作为私有链接服务。