Terraform:为Azure Key Vault创建诊断设置资源时找不到请求URI
我正在通过ARM模板和“ azurerm_template_deployment”资源在Azure中部署Key Vault,但是我需要启用诊断设置并将诊断数据流式传输到我现有的日志分析工作区中。
目的是将具有诊断设置的密钥库本身部署在同一“ terraform apply”中
在运行terraform应用时,将部署密钥库本身,但未启用诊断设置,并通过以下消息失败:
[error]Error: Error creating Monitor Diagnostics Setting "kv-diagnostics" for Resource "/subscriptions/----/resourceGroups/rg-test-001/providers/Microsoft.Resources/deployments/kv-diagnostics": insights.DiagnosticSettingsClient#CreateOrUpdate: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="" Message="No HTTP resource was found that matches the request URI 'h_ttps://management.azure.com/subscriptions/---/resourceGroups/rg-test-001/providers/Microsoft.Resources/deployments/kv_test/providers/microsoft.insights/diagnosticSettings/kv-diagnostics?api-version=2017-05-01-preview'."
以下是我在Terraform中用于诊断设置资源的代码:
resource "azurerm_monitor_diagnostic_setting" "kv-diag" {
count = length(var.kv_name)
name = "kv-diagnostics"
target_resource_id = azurerm_template_deployment.kv[count.index].id
log_analytics_workspace_id = azurerm_log_analytics_workspace.log.id
log {
...
}
}
metric {
...
}
}
}
azurerm_log_analytics_workspace.logs.id已存在且变量var.kv_name是名称列表(到目前为止,列表中只有1个名称)。 “ terraform plan ”的输出显示target_resource_id =(在应用后知道),这很有意义,因为在理想情况下,尚未部署密钥保管库,因此它没有id
为什么Azure会抛出此错误?我要去哪里错了?
1 个答案:
答案 0 :(得分:1)
您可以使用outputs从模板azurerm_template_deployment导出密钥库ID的值,然后将密钥库ID而不是模板部署ID作为代码引用到target_resource_id。 / p>
例如
resource "azurerm_resource_group" "example" {
name = "nancy-resources"
location = "West US"
}
resource "azurerm_template_deployment" "example" {
name = "nancytemplate-01"
resource_group_name = azurerm_resource_group.example.name
deployment_mode = "Incremental"
template_body = <<DEPLOY
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaults_ancykeyvault_name": {
"defaultValue": "nanvalut123",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2016-10-01",
"name": "[parameters('vaults_ancykeyvault_name')]",
"location": "westus",
"properties": {
"sku": {
"family": "A",
"name": "standard"
},
"tenantId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"accessPolicies": [
{
"tenantId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"objectId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"permissions": {
"keys": [
"Get",
"Create",
"Delete",
"List",
"Update",
"Import",
"Backup",
"Restore",
"Recover"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Backup",
"Restore",
"Recover"
],
"certificates": [
"Get",
"List",
"Delete",
"Create",
"Import",
"Update",
"ManageContacts",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
"ManageIssuers",
"Recover"
],
"storage": [
"get",
"list",
"delete",
"set",
"update",
"regeneratekey",
"setsas",
"listsas",
"getsas",
"deletesas"
]
}
}
],
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": true
}
}
],
"outputs": {
"myKvID": {
"type": "string",
"value": "[resourceId('Microsoft.KeyVault/vaults',parameters('vaults_ancykeyvault_name'))]"
}
}
}
DEPLOY
}
resource "azurerm_log_analytics_workspace" "example" {
name = "nancytest-01"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku = "PerGB2018"
retention_in_days = 30
}
resource "azurerm_monitor_diagnostic_setting" "example" {
name = "nancymonitoring"
target_resource_id = azurerm_template_deployment.example.outputs["myKvID"]
log_analytics_workspace_id = azurerm_log_analytics_workspace.example.id
log {
category = "AuditEvent"
enabled = false
retention_policy {
enabled = false
}
}
metric {
category = "AllMetrics"
retention_policy {
enabled = false
}
}
}
output "exsitingKvID" {
value = azurerm_template_deployment.example.outputs["myKvID"]
}
结果
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?