Terraform 部署 azure 函数导致“无法下载 ZIP FILE.txt”

Posted 2023-03-06

【中文标题】Terraform 部署 azure 函数导致“无法下载 ZIP FILE.txt”

【英文标题】：Terraform deploying azure function resulting in "FAILED TO DOWNLOAD ZIP FILE.txt"

【发布时间】：2019-05-29 08:06:04

【问题描述】：

我正在尝试使用 terraform 部署 azure 函数，但我一直只得到一个名为“FAILED TO DOWNLOAD ZIP FILE.txt”的文件，而不是实际部署的函数。

如果我粘贴从 azure 提取的实际 SAS blob 字符串（来自以前部署的存储帐户），它可以工作，但 terraform 脚本失败。 zip 文件似乎已正确部署到 blob。

我在这里复制粘贴了这个例子：http://vgaltes.com/post/deploying-azure-functions-using-terraform/

我是 terraform 的新手，所以这里可能缺少一些明显的东西......

 resource "azurerm_resource_group" "rg" 
 name = "myName"
 location = "northEurope"


resource "random_string" "storage_name" 
 length = 16
 special = false
 upper = false

resource "random_string" "function_name" 
 length = 16
 special = false
 upper = false

resource "random_string" "app_service_plan_name" 
 length = 16
 special = false


resource "azurerm_storage_account" "storage" 
 name = "$random_string.storage_name.result"
 resource_group_name = "$azurerm_resource_group.rg.name"
 location = "$azurerm_resource_group.rg.location"
 account_tier = "Standard"
 account_replication_type = "LRS"

resource "azurerm_storage_container" "storage_container" 
 name = "func"
 resource_group_name = "$azurerm_resource_group.rg.name"
 storage_account_name = "$azurerm_storage_account.storage.name"
 container_access_type = "blob"


resource "azurerm_storage_blob" "storage_blob" 
 name = "HelloWorld.zip"
 resource_group_name = "$azurerm_resource_group.rg.name"
 storage_account_name = "$azurerm_storage_account.storage.name"
 storage_container_name = "$azurerm_storage_container.storage_container.name"
 type = "block"
 source = "./../FunctionAppZip/HelloWorld.zip"

data "azurerm_storage_account_sas" "storage_sas" 
 connection_string = "$azurerm_storage_account.storage.primary_connection_string"
 https_only = false
resource_types 
 service = false
 container = false
 object = true
 
services 
 blob = true
 queue = true
 table = true
 file = true
 
start = "2019–05–21"
 expiry = "2029–05–21"
permissions 
 read = true
 write = true
 delete = true
 list = true
 add = true
 create = true
 update = true
 process = true
 


resource "azurerm_app_service_plan" "plan" 
 name = "$random_string.app_service_plan_name.result"
 location = "$azurerm_resource_group.rg.location"
 resource_group_name = "$azurerm_resource_group.rg.name"
 kind = "functionapp"
sku 
 tier = "Dynamic"
 size = "Y1"
 


resource "azurerm_function_app" "function" 
  name = "$random_string.storage_name.result"
  location = "$azurerm_resource_group.rg.location"
  resource_group_name = "$azurerm_resource_group.rg.name"
  app_service_plan_id = "$azurerm_app_service_plan.plan.id"
  storage_connection_string = "$azurerm_storage_account.storage.primary_connection_string"
  app_settings 
    FUNCTIONS_WORKER_RUNTIME = "dotnet"
    FUNCTION_APP_EDIT_MODE = "readwrite"
    https_only = false
    HASH = "$base64sha256(file("./../FunctionAppZip/HelloWorld.zip"))"
    WEBSITE_RUN_FROM_PACKAGE = 1    
    WEBSITE_USE_ZIP = "https://$azurerm_storage_account.storage.name.blob.core.windows.net/$azurerm_storage_container.storage_container.name/$azurerm_storage_blob.storage_blob.name$data.azurerm_storage_account_sas.storage_sas.sas"
  

当我下载 azure 函数内容时，它只是一个名为“FAILED TO DOWNLOAD ZIP FILE.txt”的文件

包含这个：

% Total % Received % Xferd 平均速度 时间 时间 时间 当前 下载上传总花费的剩余速度

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (22) The requested URL returned error: 403 Server failed to authenticate the request。确保 Authorization 标头的值格式正确，包括签名。

任何建议我做错了什么？

【参考方案1】：

我遇到了同样的问题 - 您的 WEBSITE_USE_ZIP 值 https://$azurerm_storage_account.storage.name.blob.core.windows.net/$azurerm_storage_container.storage_container.name/$azurerm_storage_blob.storage_blob.name$data.azurerm_storage_account_sas.storage_sas.sas 中的值是阻止函数应用访问源代码压缩包的值。如果您在控制台门户中生成访问 URL，它将起作用。但由于某种原因 - 我还没有解决 - 由于签名字段格式错误，terraform 模板生成的值不会授予访问权限。