面临Terraform KeyVault证书创建问题
大家好,我面临的问题是,我有一个脚本,其中我正在创建资源组和密钥库,当我单独创建RG和密钥库时,我将凭证从central KV复制到了新的,然后将凭证复制部分添加到脚本中,创建了所有内容,但当我将代码与如果发生凭据复制,则表示RG中的错误密钥库不存在。我在问,在地形中有没有我需要遵循的序列? Resource.tf面临Terraform KeyVault证书创建问题,terraform,azure-keyvault,terraform-provider-azure,Terraform,Azure Keyvault,Terraform Provider Azure,大家好,我面临的问题是,我有一个脚本,其中我正在创建资源组和密钥库,当我单独创建RG和密钥库时,我将凭证从central KV复制到了新的,然后将凭证复制部分添加到脚本中,创建了所有内容,但当我将代码与如果发生凭据复制,则表示RG中的错误密钥库不存在。我在问,在地形中有没有我需要遵循的序列? Resource.tf resource "azurerm_resource_group" "main" { name = "${var.pre
resource "azurerm_resource_group" "main" {
name = "${var.prefix}-resourceGB"
location = var.location
}
# --- Get reference to logged on Azure subscription ---
data "azurerm_client_config" "current" {}
resource "azurerm_key_vault" "New" {
name = "KV1"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_enabled = true
purge_protection_enabled = false
sku_name = "standard"
access_policy {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
certificate_permissions = [
"create",
"delete",
"deleteissuers",
"get",
"getissuers",
"import",
"purge",
"list",
"listissuers",
"managecontacts",
"manageissuers",
"setissuers",
"update",
]
key_permissions = [
"backup",
"create",
"decrypt",
"delete",
"encrypt",
"get",
"import",
"list",
"purge",
"recover",
"restore",
"sign",
"unwrapKey",
"update",
"verify",
"wrapKey",
]
secret_permissions = [
"backup",
"delete",
"get",
"list",
"purge",
"recover",
"restore",
"set",
]
}
}
data "azurerm_key_vault" "existing" {
name = "Old-KV"
resource_group_name = "Old-RG"
}
data "azurerm_key_vault" "New" {
name = "KV1"
resource_group_name = "${var.prefix}-resourceGB"
}
module "Cert1" {
source = "../module/copy_cert"
source_key_vault_id = data.azurerm_key_vault.existing.id
source_key_vault_cert_name = "Cert1"
destination_key_vault_id = data.azurerm_key_vault.New.id
destination_key_vault_cert_name = "Cert1"
}
module "Cert2" {
source = "../module/copy_cert"
source_key_vault_id = data.azurerm_key_vault.existing.id
source_key_vault_cert_name = "Cert2"
destination_key_vault_id = data.azurerm_key_vault.New.id
destination_key_vault_cert_name = "Cert2"
}
data "azurerm_key_vault_secret" "source_KV_cert" {
name = var.source_key_vault_cert_name
key_vault_id = var.source_key_vault_id
}
data "azurerm_key_vault_certificate" "source_cert" {
name = var.source_key_vault_cert_name
key_vault_id = var.source_key_vault_id
}
resource "azurerm_key_vault_certificate" "dest_cert" {
name = var.destination_key_vault_cert_name
key_vault_id = var.destination_key_vault_id
certificate {
contents = data.azurerm_key_vault_secret.source_KV_cert.value
}
certificate_policy {
issuer_parameters {
name = "self"
}
key_properties {
exportable = true
key_size = 2048
key_type = "RSA"
reuse_key = true
}
secret_properties {
content_type = "application/x-pkcs12"
}
}
}
variable "source_key_vault_id" {
type = string
}
variable "source_key_vault_cert_name" {
type = string
}
variable "destination_key_vault_id" {
type = string
}
variable "destination_key_vault_cert_name" {
type = string
}
复制证书main.tf
resource "azurerm_resource_group" "main" {
name = "${var.prefix}-resourceGB"
location = var.location
}
# --- Get reference to logged on Azure subscription ---
data "azurerm_client_config" "current" {}
resource "azurerm_key_vault" "New" {
name = "KV1"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_enabled = true
purge_protection_enabled = false
sku_name = "standard"
access_policy {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
certificate_permissions = [
"create",
"delete",
"deleteissuers",
"get",
"getissuers",
"import",
"purge",
"list",
"listissuers",
"managecontacts",
"manageissuers",
"setissuers",
"update",
]
key_permissions = [
"backup",
"create",
"decrypt",
"delete",
"encrypt",
"get",
"import",
"list",
"purge",
"recover",
"restore",
"sign",
"unwrapKey",
"update",
"verify",
"wrapKey",
]
secret_permissions = [
"backup",
"delete",
"get",
"list",
"purge",
"recover",
"restore",
"set",
]
}
}
data "azurerm_key_vault" "existing" {
name = "Old-KV"
resource_group_name = "Old-RG"
}
data "azurerm_key_vault" "New" {
name = "KV1"
resource_group_name = "${var.prefix}-resourceGB"
}
module "Cert1" {
source = "../module/copy_cert"
source_key_vault_id = data.azurerm_key_vault.existing.id
source_key_vault_cert_name = "Cert1"
destination_key_vault_id = data.azurerm_key_vault.New.id
destination_key_vault_cert_name = "Cert1"
}
module "Cert2" {
source = "../module/copy_cert"
source_key_vault_id = data.azurerm_key_vault.existing.id
source_key_vault_cert_name = "Cert2"
destination_key_vault_id = data.azurerm_key_vault.New.id
destination_key_vault_cert_name = "Cert2"
}
data "azurerm_key_vault_secret" "source_KV_cert" {
name = var.source_key_vault_cert_name
key_vault_id = var.source_key_vault_id
}
data "azurerm_key_vault_certificate" "source_cert" {
name = var.source_key_vault_cert_name
key_vault_id = var.source_key_vault_id
}
resource "azurerm_key_vault_certificate" "dest_cert" {
name = var.destination_key_vault_cert_name
key_vault_id = var.destination_key_vault_id
certificate {
contents = data.azurerm_key_vault_secret.source_KV_cert.value
}
certificate_policy {
issuer_parameters {
name = "self"
}
key_properties {
exportable = true
key_size = 2048
key_type = "RSA"
reuse_key = true
}
secret_properties {
content_type = "application/x-pkcs12"
}
}
}
variable "source_key_vault_id" {
type = string
}
variable "source_key_vault_cert_name" {
type = string
}
variable "destination_key_vault_id" {
type = string
}
variable "destination_key_vault_cert_name" {
type = string
}
复制证书变量.tf
resource "azurerm_resource_group" "main" {
name = "${var.prefix}-resourceGB"
location = var.location
}
# --- Get reference to logged on Azure subscription ---
data "azurerm_client_config" "current" {}
resource "azurerm_key_vault" "New" {
name = "KV1"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_enabled = true
purge_protection_enabled = false
sku_name = "standard"
access_policy {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
certificate_permissions = [
"create",
"delete",
"deleteissuers",
"get",
"getissuers",
"import",
"purge",
"list",
"listissuers",
"managecontacts",
"manageissuers",
"setissuers",
"update",
]
key_permissions = [
"backup",
"create",
"decrypt",
"delete",
"encrypt",
"get",
"import",
"list",
"purge",
"recover",
"restore",
"sign",
"unwrapKey",
"update",
"verify",
"wrapKey",
]
secret_permissions = [
"backup",
"delete",
"get",
"list",
"purge",
"recover",
"restore",
"set",
]
}
}
data "azurerm_key_vault" "existing" {
name = "Old-KV"
resource_group_name = "Old-RG"
}
data "azurerm_key_vault" "New" {
name = "KV1"
resource_group_name = "${var.prefix}-resourceGB"
}
module "Cert1" {
source = "../module/copy_cert"
source_key_vault_id = data.azurerm_key_vault.existing.id
source_key_vault_cert_name = "Cert1"
destination_key_vault_id = data.azurerm_key_vault.New.id
destination_key_vault_cert_name = "Cert1"
}
module "Cert2" {
source = "../module/copy_cert"
source_key_vault_id = data.azurerm_key_vault.existing.id
source_key_vault_cert_name = "Cert2"
destination_key_vault_id = data.azurerm_key_vault.New.id
destination_key_vault_cert_name = "Cert2"
}
data "azurerm_key_vault_secret" "source_KV_cert" {
name = var.source_key_vault_cert_name
key_vault_id = var.source_key_vault_id
}
data "azurerm_key_vault_certificate" "source_cert" {
name = var.source_key_vault_cert_name
key_vault_id = var.source_key_vault_id
}
resource "azurerm_key_vault_certificate" "dest_cert" {
name = var.destination_key_vault_cert_name
key_vault_id = var.destination_key_vault_id
certificate {
contents = data.azurerm_key_vault_secret.source_KV_cert.value
}
certificate_policy {
issuer_parameters {
name = "self"
}
key_properties {
exportable = true
key_size = 2048
key_type = "RSA"
reuse_key = true
}
secret_properties {
content_type = "application/x-pkcs12"
}
}
}
variable "source_key_vault_id" {
type = string
}
variable "source_key_vault_cert_name" {
type = string
}
variable "destination_key_vault_id" {
type = string
}
variable "destination_key_vault_cert_name" {
type = string
}
由于您正在使用
资源“azurerm\u key\u vault”
创建一个新的密钥库,因此无法使用数据源查询在同一.tf
文件中的模块模块“Cert1”和模块“Cert2”中创建的新资源。用于访问有关现有密钥库的信息
因此,更改文件Resource.tf
中的相关代码如下:
# data "azurerm_key_vault" "New" {
# name = "KV1"
# resource_group_name = "${var.prefix}-resourceGB"
# }
module "Cert1" {
source = "../module/copy_cert"
source_key_vault_id = data.azurerm_key_vault.existing.id
source_key_vault_cert_name = "Cert1"
destination_key_vault_id = azurerm_key_vault.New.id # changed
destination_key_vault_cert_name = "Cert1"
}
module "Cert2" {
source = "../module/copy_cert"
source_key_vault_id = data.azurerm_key_vault.existing.id
source_key_vault_cert_name = "Cert2"
destination_key_vault_id = azurerm_key_vault.New.id # changed
destination_key_vault_cert_name = "Cert2"
}
你能告诉我发生1 RG和1 KV以及凭证复制的代码吗?确保所有的.tf文件都在同一个目录下。请查看我的更新答案@NancyXiong这里是我的版本输出。PS D:\environments>terraform版本您的terraform版本已过时!最新版本是0.13.4。您可以从Terraform v0.13.0+提供程序注册表下载更新。Terraform.io/hashicorp/azurerm v2.18.0+提供程序注册表.Terraform.io/hashicorp/random v2.3.0是否显示具体的错误消息?错误:KeyVault“KV1”(资源组“my resourceGB”)在resources.tf第82行的数据“azurerm_key_vault”“KV1”中不存在:82:数据“azurerm\u key\u vault”“KV1”{