找不到变量'azurerm_key_vault.vault.name'的资源'azurerm_key_vault.vault'

时间:2019-02-13 17:50:24

标签: terraform terraform-provider-azure terraform-template-file

环境:

Terraform v0.11.11
+ provider.azurerm v1.21.0
+ provider.random v2.0.0
+ provider.template v2.0.0```

问题:

问候,

尝试配置TF以访问Azure Vault密钥。这是我的代码段:

###############################################################################
# Configure Azure Vault Service
###############################################################################

resource "random_id" "keyvault" {
  byte_length = 4
}

data "azurerm_client_config" "current" {}

resource "azurerm_key_vault" "vault" {
  name                        = "consul-test"
  #name                        = "${var.env_name}-vault-${random_id.keyvault.hex}"
  location                    = "${var.deployment_location}"
  resource_group_name         = "${var.resource_group_name}"
  enabled_for_deployment      = true
  enabled_for_disk_encryption = true
  tenant_id                   = "${var.tenant_id}"

  sku {
    name = "standard"
  }

  tags {
    environment = "${var.env_name}"
  }

  access_policy {
    tenant_id = "${var.tenant_id}"
    object_id = "${data.azurerm_client_config.current.service_principal_object_id}"

    certificate_permissions = [
      "get",
      "list",
      "create",
      "delete",
      "update",
    ]

    key_permissions = [
      "get",
      "list",
      "create",
      "delete",
      "update",
      "wrapKey",
      "unwrapKey",
    ]

    secret_permissions = [
      "get",
      "list",
      "set",
      "delete",
    ]
  }

  network_acls {
    default_action = "Allow"
    bypass         = "AzureServices"
  }
}

resource "azurerm_key_vault_key" "generated" {
  name      = "${var.key_name}"
  vault_uri = "${azurerm_key_vault.vault.vault_uri}"
  key_type  = "RSA"
  key_size  = 2048

  key_opts = [
    "decrypt",
    "encrypt",
    "sign",
    "unwrapKey",
    "verify",
    "wrapKey",
  ]
}

output "key_vault_name" {
value = "${azurerm_key_vault.vault.name}"
}

###################################################################
# Create Render Data off Template
###################################################################

data "template_file" "init" {
  template = "${file("./init-cluster.tpl")}"

  vars = {
    cluster_size                = "${var.consul_instance_count}"
    consul_version              = "${var.consul_version}"
    consul_datacenter           = "${var.consul_datacenter}"
    vault_version               = "${var.vault_version}"
    vault_datacenter            = "${var.consul_datacenter}"
    consul_join_wan             = "${join(" ", var.consul_join_wan)}"
    auto_join_subscription_id   = "${var.auto_join_subscription_id}"
    auto_join_tenant_id         = "${var.auto_join_tenant_id}"
    auto_join_client_id         = "${var.auto_join_client_id}"
    auto_join_secret_access_key = "${var.auto_join_client_secret}"
    tenant_id                   = "${var.tenant_id}"
    subscription_id             = "${var.subscription_id}"
    client_id                   = "${var.client_id}"
    client_secret               = "${var.client_secret}"
    vault_name                  = "${azurerm_key_vault.vault.name}"
    key_name                    = "${var.key_name}"
  }
 }

我的模板文件如下所示:

文件:init-cluster.tpl

###############################################################################
# Prepare Vault Service for Auto-Unseal and Unseal Script
###############################################################################

sudo cat << EOF > /tmp/azure_auth.sh
set -v
export VAULT_ADDR="http://127.0.0.1:8200"
vault auth enable azure
vault write auth/azure/config tenant_id="${tenant_id}" resource="https://management.azure.com/" client_id="${client_id}" client_secret="${client_secret}"
vault write auth/azure/role/dev-role policies="default" bound_subscription_ids="${subscription_id}" bound_resource_groups="${resource_group_name}"
vault write auth/azure/login role="dev-role" \
  jwt="$(curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F'  -H Metadata:true -s | jq -r .access_token)" \
  subscription_id="${subscription_id}" \
  resource_group_name="${resource_group_name}" \
  vm_name="${vm_name}"
EOF
sudo chmod +x /tmp/azure_auth.sh

###############################################################################

现在,运行terraform plan给我以下错误:

Error: Error running plan: 3 error(s) occurred:

* output.key_vault_name: Resource 'azurerm_key_vault.vault' not found for variable 'azurerm_key_vault.vault.name'
* azurerm_key_vault_key.generated: 1 error(s) occurred:

* azurerm_key_vault_key.generated: Resource 'azurerm_key_vault.vault' not found for variable 'azurerm_key_vault.vault.vault_uri'
* data.template_file.init: 1 error(s) occurred:

* data.template_file.init: Resource 'azurerm_key_vault.vault' not found for variable 'azurerm_key_vault.vault.name'

我差点眼看着这个问题。定义了变量。我不明白为什么找不到azurem_key_vault.vault。就在那儿。

任何帮助将不胜感激。

0 个答案:

没有答案