我已经配置 azurerm_key_vault 一段时间了,但在决定运行全新计划后,我似乎收到以下错误:
Error: expected access_policy.0.key_permissions.0 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey], got create
│
│ with module.database.azurerm_key_vault.admin_vault,
│ on ../../modules/database/main.tf line 29, in resource "azurerm_key_vault" "admin_vault":
│ 29: "list"
│
╵
╷
│ Error: expected access_policy.0.key_permissions.1 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey], got get
│
│ with module.database.azurerm_key_vault.admin_vault,
│ on ../../modules/database/main.tf line 29, in resource "azurerm_key_vault" "admin_vault":
│ 29: "list"
│
╵
╷
│ Error: expected access_policy.0.key_permissions.2 to be one of [Backup Create Decrypt Delete Encrypt Get Import List Purge Recover Restore Sign UnwrapKey Update Verify WrapKey], got list
│
│ with module.database.azurerm_key_vault.admin_vault,
│ on ../../modules/database/main.tf line 29, in resource "azurerm_key_vault" "admin_vault":
│ 29: "list"
│
╵
╷
│ Error: expected access_policy.0.secret_permissions.0 to be one of [Backup Delete Get List Purge Recover Restore Set], got list
│
│ with module.database.azurerm_key_vault.admin_vault,
│ on ../../modules/database/main.tf line 38, in resource "azurerm_key_vault" "admin_vault":
│ 38: "recover"
│
╵
╷
│ Error: expected access_policy.0.secret_permissions.1 to be one of [Backup Delete Get List Purge Recover Restore Set], got set
│
│ with module.database.azurerm_key_vault.admin_vault,
│ on ../../modules/database/main.tf line 38, in resource "azurerm_key_vault" "admin_vault":
│ 38: "recover"
│
╵
╷
│ Error: expected access_policy.0.secret_permissions.2 to be one of [Backup Delete Get List Purge Recover Restore Set], got get
│
│ with module.database.azurerm_key_vault.admin_vault,
│ on ../../modules/database/main.tf line 38, in resource "azurerm_key_vault" "admin_vault":
│ 38: "recover"
│
╵
╷
│ Error: expected access_policy.0.secret_permissions.3 to be one of [Backup Delete Get List Purge Recover Restore Set], got delete
│
│ with module.database.azurerm_key_vault.admin_vault,
│ on ../../modules/database/main.tf line 38, in resource "azurerm_key_vault" "admin_vault":
│ 38: "recover"
│
╵
╷
│ Error: expected access_policy.0.secret_permissions.4 to be one of [Backup Delete Get List Purge Recover Restore Set], got purge
│
│ with module.database.azurerm_key_vault.admin_vault,
│ on ../../modules/database/main.tf line 38, in resource "azurerm_key_vault" "admin_vault":
│ 38: "recover"
│
╵
╷
│ Error: expected access_policy.0.secret_permissions.5 to be one of [Backup Delete Get List Purge Recover Restore Set], got recover
│
│ with module.database.azurerm_key_vault.admin_vault,
│ on ../../modules/database/main.tf line 38, in resource "azurerm_key_vault" "admin_vault":
│ 38: "recover"
我不确定为什么会发生这种情况,因为我没有对以下代码进行任何更改:
resource "random_id" "db" {
keepers = {
resource_group_name = var.resource_group.name
}
byte_length = 4
}
locals {
prefix = "tf-${terraform.workspace}-${random_id.db.hex}"
}
data "azurerm_client_config" "current" {}
resource "azurerm_key_vault" "admin_vault" {
name = "${local.prefix}-vlt"
location = var.resource_group.location
resource_group_name = var.resource_group.name
tenant_id = data.azurerm_client_config.current.tenant_id
sku_name = "premium"
soft_delete_retention_days = 7
access_policy {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
key_permissions = [
"create",
"get",
"list"
]
secret_permissions = [
"list",
"set",
"get",
"delete",
"purge",
"recover"
]
}
tags = {
environment = var.environment
}
}
resource "random_password" "database_admin_password" {
length = 16
special = true
}
resource "azurerm_key_vault_secret" "database_admin_password_secret" {
name = "database-admin-password"
value = random_password.database_admin_password.result
key_vault_id = azurerm_key_vault.admin_vault.id
}
resource "azurerm_key_vault_secret" "database_admin_username_secret" {
name = "database-admin-username"
value = "psqladmin"
key_vault_id = azurerm_key_vault.admin_vault.id
tags = {
environment = var.environment
}
}
resource "azurerm_postgresql_server" "db_server" {
name = "${local.prefix}-db-server"
location = var.resource_group.location
resource_group_name = var.resource_group.name
sku_name = terraform.workspace == "prod" ? "GP_Gen5_2" : "B_Gen5_1"
storage_mb = terraform.workspace == "prod" ? 102400 : 10240
backup_retention_days = 35
geo_redundant_backup_enabled = terraform.workspace == "prod"
auto_grow_enabled = true
administrator_login = azurerm_key_vault_secret.database_admin_username_secret.value
administrator_login_password = azurerm_key_vault_secret.database_admin_password_secret.value
version = "11"
ssl_enforcement_enabled = true
tags = {
environment = var.environment
}
}
最佳答案
documentation for azurerm_key_vault显示 secret 权限以大写字母开头 - 即“Recover”而不是“recover”。
关于azure - Terraform azurerm_key_vault - 访问策略引发错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/73280772/