Terraform 创建 Azure Key Vault [英] Terraform create a azure key vault
问题描述
我正在使用 Terraform 创建使用 terraform 的 KeyVault 资源.
I am using Terraform to create a KeyVault resource using terraform.
密钥保管库策略需要参数 object_id.我不知道从哪里检索这个值.
The key vault policy required a argument object_id. I don't know where to retrieve this value from.
这是我收到的错误:
Error: expected "object_id" to be a valid UUID, got
on modules/keyvault/main.tf line 42, in resource "azurerm_key_vault_access_policy" "policy":
42: resource "azurerm_key_vault_access_policy" "policy" {
keyvault 的策略设置如下:
The policy for the keyvault is set like this:
# Create an Azure Key Vault access policy
resource "azurerm_key_vault_access_policy" "policy" {
for_each = var.policies
key_vault_id = azurerm_key_vault.key-vault.id
tenant_id = lookup(each.value, "tenant_id")
object_id = lookup(each.value, "object_id")
key_permissions = lookup(each.value, "key_permissions")
secret_permissions = lookup(each.value, "secret_permissions")
certificate_permissions = lookup(each.value, "certificate_permissions")
storage_permissions = lookup(each.value, "storage_permissions")
}
我使用 terraform 0.12 版和 azure provider 2.35.
I am using terraform version 0.12 and azure provider 2.35.
推荐答案
您应该能够获得 object_id.如果你只是在玩,你可以硬编码它.如果您使用 CI 进行部署,您可能需要考虑将其设置为变量并为您所属的组创建第二个策略.否则,您最终将根据运行程序翻转策略上的 object_id,并可能产生不良影响.
You should be able to get the object_id. If you are just playing around you can hard code it. If you are deploying with a CI, you might want consider setting this as a variable and creating a second policy for a group you belong to. Otherwise you will end up flipping the object_id on the policy based on the runner and could have undesirable effects.
provider "azurerm" {
features {}
}
data "azurerm_client_config" "current" {
}
output "object_id" {
value = data.azurerm_client_config.current.object_id
}
这篇关于Terraform 创建 Azure Key Vault的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!