Terraform 资源'；azurerm#u key#u vault.vault'；未找到变量'；azurerm_key_vault.vault.name'；

环境：

Terraform v0.11.11
+ provider.azurerm v1.21.0
+ provider.random v2.0.0
+ provider.template v2.0.0```

问题：

Terraform v0.11.11
+ provider.azurerm v1.21.0
+ provider.random v2.0.0
+ provider.template v2.0.0```

您好

正在尝试配置TF以访问Azure Vault密钥。这是我的片段：

###############################################################################
# Configure Azure Vault Service
###############################################################################

resource "random_id" "keyvault" {
  byte_length = 4
}

data "azurerm_client_config" "current" {}

resource "azurerm_key_vault" "vault" {
  name                        = "consul-test"
  #name                        = "${var.env_name}-vault-${random_id.keyvault.hex}"
  location                    = "${var.deployment_location}"
  resource_group_name         = "${var.resource_group_name}"
  enabled_for_deployment      = true
  enabled_for_disk_encryption = true
  tenant_id                   = "${var.tenant_id}"

  sku {
    name = "standard"
  }

  tags {
    environment = "${var.env_name}"
  }

  access_policy {
    tenant_id = "${var.tenant_id}"
    object_id = "${data.azurerm_client_config.current.service_principal_object_id}"

    certificate_permissions = [
      "get",
      "list",
      "create",
      "delete",
      "update",
    ]

    key_permissions = [
      "get",
      "list",
      "create",
      "delete",
      "update",
      "wrapKey",
      "unwrapKey",
    ]

    secret_permissions = [
      "get",
      "list",
      "set",
      "delete",
    ]
  }

  network_acls {
    default_action = "Allow"
    bypass         = "AzureServices"
  }
}

resource "azurerm_key_vault_key" "generated" {
  name      = "${var.key_name}"
  vault_uri = "${azurerm_key_vault.vault.vault_uri}"
  key_type  = "RSA"
  key_size  = 2048

  key_opts = [
    "decrypt",
    "encrypt",
    "sign",
    "unwrapKey",
    "verify",
    "wrapKey",
  ]
}

output "key_vault_name" {
value = "${azurerm_key_vault.vault.name}"
}

###################################################################
# Create Render Data off Template
###################################################################

data "template_file" "init" {
  template = "${file("./init-cluster.tpl")}"

  vars = {
    cluster_size                = "${var.consul_instance_count}"
    consul_version              = "${var.consul_version}"
    consul_datacenter           = "${var.consul_datacenter}"
    vault_version               = "${var.vault_version}"
    vault_datacenter            = "${var.consul_datacenter}"
    consul_join_wan             = "${join(" ", var.consul_join_wan)}"
    auto_join_subscription_id   = "${var.auto_join_subscription_id}"
    auto_join_tenant_id         = "${var.auto_join_tenant_id}"
    auto_join_client_id         = "${var.auto_join_client_id}"
    auto_join_secret_access_key = "${var.auto_join_client_secret}"
    tenant_id                   = "${var.tenant_id}"
    subscription_id             = "${var.subscription_id}"
    client_id                   = "${var.client_id}"
    client_secret               = "${var.client_secret}"
    vault_name                  = "${azurerm_key_vault.vault.name}"
    key_name                    = "${var.key_name}"
  }
 }

我的模板文件如下所示：

文件：init cluster.tpl

###############################################################################
# Prepare Vault Service for Auto-Unseal and Unseal Script
###############################################################################

sudo cat << EOF > /tmp/azure_auth.sh
set -v
export VAULT_ADDR="http://127.0.0.1:8200"
vault auth enable azure
vault write auth/azure/config tenant_id="${tenant_id}" resource="https://management.azure.com/" client_id="${client_id}" client_secret="${client_secret}"
vault write auth/azure/role/dev-role policies="default" bound_subscription_ids="${subscription_id}" bound_resource_groups="${resource_group_name}"
vault write auth/azure/login role="dev-role" \
  jwt="$(curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F'  -H Metadata:true -s | jq -r .access_token)" \
  subscription_id="${subscription_id}" \
  resource_group_name="${resource_group_name}" \
  vm_name="${vm_name}"
EOF
sudo chmod +x /tmp/azure_auth.sh

###############################################################################

看着这个问题，我几乎要睁大眼睛了。定义了变量。我不明白为什么它找不到azurem\u key\u vault.vault。就在那里

---

任何帮助都将不胜感激。

这对我来说确实很奇怪，我不知道那里发生了什么。如果删除/注释掉除

azurerm\u key\u vault.vault

资源及其依赖的内容以外的所有内容，会发生什么情况？已尝试。注释掉除azurerm\u key\u vault.vault之外的所有内容。仍然给我本质上相同的错误：

azurerm\u key\u vault\u key.generated:Resource'azurerm\u key\u vault.vault'找不到变量'azurerm\u key\u vault.vault.vault\u uri'

代码看起来不错。请进行清洁，然后重试<代码>rm-rf.地形；地形岩；地形图；terraform apply在宝马尝试过。不。仍然显示相同的行为：

azurerm\u key\u vault\u key.generated:Resource'azurerm\u key\u vault.vault'未找到变量'azurerm\u key\u vault.vault.vault\u uri'

以及此错误：

azurerm\u key\u vault\u key.generated:Resource'azurerm\u key\u vault.vault'未找到变量'azurerm\u key\u vault.vault\u id'的资源'我觉得很奇怪，不知道那里发生了什么。如果删除/注释掉除
azurerm\u key\u vault.vault
资源及其依赖的内容以外的所有内容，会发生什么情况？已尝试。注释掉除azurerm\u key\u vault.vault之外的所有内容

。仍然给我本质上相同的错误：

azurerm\u key\u vault\u key.generated:Resource'azurerm\u key\u vault.vault'找不到变量'azurerm\u key\u vault.vault.vault\u uri'

代码看起来不错。请进行清洁，然后重试<代码>rm-rf.地形；地形岩；地形图；terraform apply在宝马尝试过。不。仍然显示相同的行为：

azurerm\u key\u vault\u key.generated:Resource'azurerm\u key\u vault.vault'未找到变量'azurerm\u key\u vault.vault.vault\u uri'

以及此错误：

azurerm\u key\u vault\u key.generated:Resource'azurerm\u key\u vault.vault'未找到变量'azurerm\u key\u vault.vault\u id'