Azure:: Terraform 在 azure keyvault 机密上失败
[英]Azure :: Terraform fails on azure keyvault secrets
问题描述
I am noticing this wierd error since I moved whole of my code from 1.42.0 provider version to 2.19.0.
我注意到这个奇怪的错误,因为我将我的整个代码从 1.42.0 提供程序版本移动到 2.19.0。 I am creating several keyvault secrets.我正在创建几个 keyvault 秘密。 Earlier it when I try to execute a plan after appplying once, it used to refresh the state and proceed, but now after updating the provider version, I am noticing the below error.早些时候,当我尝试在应用一次后执行计划时,它曾经刷新 state 并继续,但现在更新提供程序版本后,我注意到以下错误。
Error: A resource with the ID "https://mytestingvault.vault.azure.net/secrets/hub-access/060e71ecd1084cb5a6a496f77a2aea5c" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_key_vault_secret" for more information.
Additionally I have added lifecycle ignore changes to see if it could skip reading the vault secret changes but unfortunately the same error is shown.此外,我添加了生命周期忽略更改,以查看它是否可以跳过读取保险库机密更改,但不幸的是显示了相同的错误。 Only way to get rid of the error is to delete the secret.摆脱错误的唯一方法是删除秘密。 What am i wrong here?我在这里错了什么?
lifecycle {
ignore_changes = [
value,name
]
}
3 个解决方案
解决方案1
0 2021-08-12 08:44:45
You probably need to read up on the general topic of Terraform state management .您可能需要阅读Terraform state 管理的一般主题。 This is not specific to your Key Vault secret.这并非特定于您的 Key Vault 机密。 Some resource (your secret) exists that was not created by the terraform workspace that you are just executing.某些资源(您的秘密)不是由您刚刚执行的 terraform 工作空间创建的。 TF does not like that. TF 不喜欢这样。 So you either need to import this pre-existing resource into the state of this workspace, or delete it so that it can be re-created (and thereby managed)因此,您要么需要将这个预先存在的资源导入到这个工作区的 state 中,要么将其删除,以便重新创建(从而管理)
解决方案2
0 2021-08-13 09:32:05
The issue was that keyvault even though was deleted, we had to purge it via cli using aws cli purge.问题是即使 keyvault 被删除,我们也必须使用 aws cli purge 通过 cli 清除它。
解决方案3
0 2022-06-05 09:57:59
The Terraform key vault documentation says: Terraform 密钥保管库文档说:
Terraform will automatically recover a soft-deleted Key Vault during Creation if one is found - you can opt out of this using the features block within the Provider block.
You should configure your Terraform to stop recovering the softly deleted Key Vault like this:您应该像这样配置您的 Terraform 以停止恢复软删除的 Key Vault:
provider "azurerm" {
features {
key_vault {
recover_soft_deleted_key_vaults = false
}
}
}
If you want Terraform to purge any softly deleted Key Vaults when using terraform destroy use this additional line:如果您希望 Terraform 在使用terraform destroy时清除任何软删除的密钥保管库,请使用以下附加行:
provider "azurerm" {
features {
key_vault {
purge_soft_delete_on_destroy = true
recover_soft_deleted_key_vaults = false
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.