将同一 Azure AD 组用于两个不同的组时收到错误消息。我得到的错误说该组已经处于 TF 状态并且不能再次使用。希望有人以前见过这个错误。
dev = {
product1 = {
product_name = "Product-1"
approval_required = true
published = true
subscriptions_limit = "2"
aad_group_obj_id = "00000000-0000-0000-0000-000000000000"
aad_group_name = "AG-Azure-Sample-Group"
product_policy = "../policy-samples/base-policy.xml"
}
product2 = {
product_name = "Product-2"
approval_required = true
published = true
subscriptions_limit = "2"
aad_group_obj_id = "00000000-0000-0000-0000-000000000000"
aad_group_name = "AG-Azure-Sample-Group"
product_policy = "../policy-samples/base-policy.xml"
}
}
# ========================================================================
# Product for BU APIs
resource "azurerm_api_management_product" "custom_product" {
product_id = var.product_name
api_management_name = var.api_management_name
resource_group_name = var.resource_group_name
display_name = replace(var.product_name, "-", " ")
# Require subscription keys for API access
subscription_required = true
approval_required = var.approval_required
published = var.published
subscriptions_limit = var.subscriptions_limit
}
# Relate group to a product, for each is if we want to use developer or guest built in groups
resource "azurerm_api_management_product_group" "assignments" {
for_each = toset([azurerm_api_management_group.external_group.name])
product_id = azurerm_api_management_product.custom_product.product_id
group_name = each.key
api_management_name = var.api_management_name
resource_group_name = var.resource_group_name
}
# Create default policy for Product
resource "azurerm_api_management_product_policy" "apim-product-policy" {
product_id = azurerm_api_management_product.custom_product.product_id
api_management_name = var.api_management_name
resource_group_name = var.resource_group_name
xml_content = file(var.product_policy_file_path)
}