我正在使用Terraform部署Azure诊断设置,由于某种原因,每次部署都会破坏并重新创建资源。我需要添加什么,以便跳过销毁/创建(如果已存在)?
data "external" "aks_nsg_id" {
program = [
"bash",
"${path.root}/scripts/aks_nsg_id.sh"
]
}
resource "azurerm_monitor_diagnostic_setting" "aksnsg" {
name = "aksnsg-ds"
target_resource_id = "${data.external.aks_nsg_id.result.output}"
storage_account_id = "${var.storage_account}"
log_analytics_workspace_id = "${azurerm_log_analytics_workspace.log_analytics.id}"
log {
category = "NetworkSecurityGroupRuleCounter"
enabled = true
retention_policy {
enabled = true
days = 365
}
}
log {
category = "NetworkSecurityGroupEvent"
enabled = true
retention_policy {
enabled = true
days = 365
}
}
depends_on = [data.external.aks_nsg_id]
}
获得NSG ID的bash脚本如下:
OUTPUT=$(az network nsg list --query [].id -o tsv | grep aks | head -n 1)
jq -n --arg output "$OUTPUT" '{"output":$output}'
[0m[1mazurerm_monitor_diagnostic_setting.aksnsg: Destruction complete after 53s[0m[0m
...........
[0m[1mazurerm_monitor_diagnostic_setting.aksnsg: Creation complete after 2s
Terraform应用第二次运行强制替换,即使它存在:
azurerm_monitor_diagnostic_setting.aksnsg must be replaced
-/+ resource "azurerm_monitor_diagnostic_setting" "aksnsg" {
~ id = "/subscriptions/.../resourceGroups/MC_terraform-aks-rg_terraform-aks_westeurope/providers/Microsoft.Network/networkSecurityGroups/aks-agentpool-32800724-nsg|aksnsg-ds" -> (known after apply)
log_analytics_workspace_id = "/subscriptions/.../resourcegroups/terraform-marius-oms-rg/providers/microsoft.operationalinsights/workspaces/terraform-oms"
name = "aksnsg-ds"
storage_account_id = "/subscriptions/.../resourceGroups/terraform-oms-rg/providers/Microsoft.Storage/storageAccounts/archivingsaaccount001"
~ target_resource_id = "/subscriptions/.../resourceGroups/MC_terraform-aks-rg_terraform-aks_westeurope/providers/Microsoft.Network/networkSecurityGroups/aks-agentpool-32800724-nsg" -> (known after apply) # forces replacement