Terraform for_each azure 客户管理的密钥
Terraform for_each azure customer managed keys
我正在尝试使用 for_each 创建多个 Azure 存储帐户和 Azure 机密和密钥。
到目前为止一切顺利,并设法创建了应该使用此代码的所有内容:
variable "storage-foreach" {
type = list(string)
default = ["storage1", "storage2"]
}
variable "key-name" {
type = list(string)
default = ["key1", "key2"]
}
resource "azurerm_storage_account" "storage-foreach" {
for_each = toset(var.storage-foreach)
access_tier = "Hot"
account_kind = "StorageV2"
account_replication_type = "LRS"
account_tier = "Standard"
location = var.location
name = each.value
resource_group_name = azurerm_resource_group.tenant-testing-test.name
lifecycle {
prevent_destroy = false
}
}
resource "azurerm_key_vault_secret" "storagesctforeach" {
for_each = toset(var.storage-foreach)
key_vault_id = azurerm_key_vault.tenantsnbshared.id
name = each.value
value = azurerm_storage_account.storage-foreach[each.key].primary_connection_string
content_type = "${each.value} Storage Account Connection String"
lifecycle {
prevent_destroy = false
}
}
resource "azurerm_storage_table" "tableautomation" {
for_each = toset(var.storage-foreach)
name = "UserAnswer"
storage_account_name = azurerm_storage_account.storage-foreach[each.key].name
lifecycle {
prevent_destroy = false
}
}
resource "azurerm_key_vault_key" "client-key" {
for_each = toset(var.key-name)
key_vault_id = azurerm_key_vault.tenantsnbshared.id
name = "Key-Client-${each.value}"
key_opts = [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
]
key_type = "RSA"
key_size = 2048
}
在我尝试创建客户管理的密钥资源并将密钥自动分配给存储帐户之前,这段代码工作得非常好。
resource "azurerm_storage_account_customer_managed_key" "storage-managed-key" {
for_each = toset(var.key-name)
key_name = each.value
key_vault_id = azurerm_key_vault.tenantsnbshared.id
storage_account_id = azurerm_storage_account.storage-foreach[each.value].id
key_version = "current"
}
我面临的问题是,因为我在上面的资源中创建了所有带有 for_each 的资源,所以我的存储帐户 ID 中需要一个 [each.value]。我放置的参数是针对 var.key-name,因为它无法在我的存储帐户中找到这些字符串而引发错误。
我想知道您是否可以帮助我考虑一个好的做法来自动执行此过程并确保它选择正确的密钥来加密资源组中正确的存储帐户 ID。
非常感谢大家,很抱歉,我一直在为这段代码以及如何自动化它而苦苦挣扎。
问题是您正在尝试使用 var.key-name.
访问 var.storage-foreach 项
我认为以下内容适合您:
resource "azurerm_storage_account_customer_managed_key" "storage-managed-key" {
count = length(var.key-name)
key_name = var.key-name[count.index]
key_vault_id = azurerm_key_vault.tenantsnbshared.id
storage_account_id = azurerm_storage_account.storage-foreach[var.storage-foreach[count.index]].id
key_version = "current"
}
我正在尝试使用 for_each 创建多个 Azure 存储帐户和 Azure 机密和密钥。
到目前为止一切顺利,并设法创建了应该使用此代码的所有内容:
variable "storage-foreach" {
type = list(string)
default = ["storage1", "storage2"]
}
variable "key-name" {
type = list(string)
default = ["key1", "key2"]
}
resource "azurerm_storage_account" "storage-foreach" {
for_each = toset(var.storage-foreach)
access_tier = "Hot"
account_kind = "StorageV2"
account_replication_type = "LRS"
account_tier = "Standard"
location = var.location
name = each.value
resource_group_name = azurerm_resource_group.tenant-testing-test.name
lifecycle {
prevent_destroy = false
}
}
resource "azurerm_key_vault_secret" "storagesctforeach" {
for_each = toset(var.storage-foreach)
key_vault_id = azurerm_key_vault.tenantsnbshared.id
name = each.value
value = azurerm_storage_account.storage-foreach[each.key].primary_connection_string
content_type = "${each.value} Storage Account Connection String"
lifecycle {
prevent_destroy = false
}
}
resource "azurerm_storage_table" "tableautomation" {
for_each = toset(var.storage-foreach)
name = "UserAnswer"
storage_account_name = azurerm_storage_account.storage-foreach[each.key].name
lifecycle {
prevent_destroy = false
}
}
resource "azurerm_key_vault_key" "client-key" {
for_each = toset(var.key-name)
key_vault_id = azurerm_key_vault.tenantsnbshared.id
name = "Key-Client-${each.value}"
key_opts = [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
]
key_type = "RSA"
key_size = 2048
}
在我尝试创建客户管理的密钥资源并将密钥自动分配给存储帐户之前,这段代码工作得非常好。
resource "azurerm_storage_account_customer_managed_key" "storage-managed-key" {
for_each = toset(var.key-name)
key_name = each.value
key_vault_id = azurerm_key_vault.tenantsnbshared.id
storage_account_id = azurerm_storage_account.storage-foreach[each.value].id
key_version = "current"
}
我面临的问题是,因为我在上面的资源中创建了所有带有 for_each 的资源,所以我的存储帐户 ID 中需要一个 [each.value]。我放置的参数是针对 var.key-name,因为它无法在我的存储帐户中找到这些字符串而引发错误。
我想知道您是否可以帮助我考虑一个好的做法来自动执行此过程并确保它选择正确的密钥来加密资源组中正确的存储帐户 ID。
非常感谢大家,很抱歉,我一直在为这段代码以及如何自动化它而苦苦挣扎。
问题是您正在尝试使用 var.key-name.
var.storage-foreach 项
我认为以下内容适合您:
resource "azurerm_storage_account_customer_managed_key" "storage-managed-key" {
count = length(var.key-name)
key_name = var.key-name[count.index]
key_vault_id = azurerm_key_vault.tenantsnbshared.id
storage_account_id = azurerm_storage_account.storage-foreach[var.storage-foreach[count.index]].id
key_version = "current"
}