环境:
Terraform v0.11.11
+ provider.azurerm v1.21.0
+ provider.random v2.0.0
+ provider.template v2.0.0```
问题:
问候,
尝试配置TF以访问Azure Vault密钥。这是我的代码段:
###############################################################################
# Configure Azure Vault Service
###############################################################################
resource "random_id" "keyvault" {
byte_length = 4
}
data "azurerm_client_config" "current" {}
resource "azurerm_key_vault" "vault" {
name = "consul-test"
#name = "${var.env_name}-vault-${random_id.keyvault.hex}"
location = "${var.deployment_location}"
resource_group_name = "${var.resource_group_name}"
enabled_for_deployment = true
enabled_for_disk_encryption = true
tenant_id = "${var.tenant_id}"
sku {
name = "standard"
}
tags {
environment = "${var.env_name}"
}
access_policy {
tenant_id = "${var.tenant_id}"
object_id = "${data.azurerm_client_config.current.service_principal_object_id}"
certificate_permissions = [
"get",
"list",
"create",
"delete",
"update",
]
key_permissions = [
"get",
"list",
"create",
"delete",
"update",
"wrapKey",
"unwrapKey",
]
secret_permissions = [
"get",
"list",
"set",
"delete",
]
}
network_acls {
default_action = "Allow"
bypass = "AzureServices"
}
}
resource "azurerm_key_vault_key" "generated" {
name = "${var.key_name}"
vault_uri = "${azurerm_key_vault.vault.vault_uri}"
key_type = "RSA"
key_size = 2048
key_opts = [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
]
}
output "key_vault_name" {
value = "${azurerm_key_vault.vault.name}"
}
###################################################################
# Create Render Data off Template
###################################################################
data "template_file" "init" {
template = "${file("./init-cluster.tpl")}"
vars = {
cluster_size = "${var.consul_instance_count}"
consul_version = "${var.consul_version}"
consul_datacenter = "${var.consul_datacenter}"
vault_version = "${var.vault_version}"
vault_datacenter = "${var.consul_datacenter}"
consul_join_wan = "${join(" ", var.consul_join_wan)}"
auto_join_subscription_id = "${var.auto_join_subscription_id}"
auto_join_tenant_id = "${var.auto_join_tenant_id}"
auto_join_client_id = "${var.auto_join_client_id}"
auto_join_secret_access_key = "${var.auto_join_client_secret}"
tenant_id = "${var.tenant_id}"
subscription_id = "${var.subscription_id}"
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
vault_name = "${azurerm_key_vault.vault.name}"
key_name = "${var.key_name}"
}
}
我的模板文件如下所示:
文件:init-cluster.tpl
###############################################################################
# Prepare Vault Service for Auto-Unseal and Unseal Script
###############################################################################
sudo cat << EOF > /tmp/azure_auth.sh
set -v
export VAULT_ADDR="http://127.0.0.1:8200"
vault auth enable azure
vault write auth/azure/config tenant_id="${tenant_id}" resource="https://management.azure.com/" client_id="${client_id}" client_secret="${client_secret}"
vault write auth/azure/role/dev-role policies="default" bound_subscription_ids="${subscription_id}" bound_resource_groups="${resource_group_name}"
vault write auth/azure/login role="dev-role" \
jwt="$(curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F' -H Metadata:true -s | jq -r .access_token)" \
subscription_id="${subscription_id}" \
resource_group_name="${resource_group_name}" \
vm_name="${vm_name}"
EOF
sudo chmod +x /tmp/azure_auth.sh
###############################################################################
现在,运行terraform plan
给我以下错误:
Error: Error running plan: 3 error(s) occurred:
* output.key_vault_name: Resource 'azurerm_key_vault.vault' not found for variable 'azurerm_key_vault.vault.name'
* azurerm_key_vault_key.generated: 1 error(s) occurred:
* azurerm_key_vault_key.generated: Resource 'azurerm_key_vault.vault' not found for variable 'azurerm_key_vault.vault.vault_uri'
* data.template_file.init: 1 error(s) occurred:
* data.template_file.init: Resource 'azurerm_key_vault.vault' not found for variable 'azurerm_key_vault.vault.name'
我差点眼看着这个问题。定义了变量。我不明白为什么找不到azurem_key_vault.vault
。就在那儿。
任何帮助将不胜感激。