Terraform 创建 Azure Key Vault [英] Terraform create a azure key vault

问题描述

我正在使用 Terraform 创建使用 terraform 的 KeyVault 资源.

I am using Terraform to create a KeyVault resource using terraform.

密钥保管库策略需要参数 object_id.我不知道从哪里检索这个值.

The key vault policy required a argument object_id. I don't know where to retrieve this value from.

这是我收到的错误:

Error: expected "object_id" to be a valid UUID, got 
 on modules/keyvault/main.tf line 42, in resource "azurerm_key_vault_access_policy" "policy":
 42: resource "azurerm_key_vault_access_policy" "policy" {

keyvault 的策略设置如下:

The policy for the keyvault is set like this:

# Create an Azure Key Vault access policy
resource "azurerm_key_vault_access_policy" "policy" {
  for_each                = var.policies
  key_vault_id            = azurerm_key_vault.key-vault.id
  tenant_id               = lookup(each.value, "tenant_id")
  object_id               = lookup(each.value, "object_id")
  key_permissions         = lookup(each.value, "key_permissions")
  secret_permissions      = lookup(each.value, "secret_permissions")
  certificate_permissions = lookup(each.value, "certificate_permissions")
  storage_permissions     = lookup(each.value, "storage_permissions")
}

我使用 terraform 0.12 版和 azure provider 2.35.

I am using terraform version 0.12 and azure provider 2.35.

推荐答案

您应该能够获得 object_id.如果你只是在玩，你可以硬编码它.如果您使用 CI 进行部署，您可能需要考虑将其设置为变量并为您所属的组创建第二个策略.否则，您最终将根据运行程序翻转策略上的 object_id，并可能产生不良影响.

You should be able to get the object_id. If you are just playing around you can hard code it. If you are deploying with a CI, you might want consider setting this as a variable and creating a second policy for a group you belong to. Otherwise you will end up flipping the object_id on the policy based on the runner and could have undesirable effects.

provider "azurerm" {
    features {}
}

data "azurerm_client_config" "current" {
}

output "object_id" {
  value = data.azurerm_client_config.current.object_id
}

这篇关于Terraform 创建 Azure Key Vault的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！