[英]On deploying Script to enable Customer Managed Key in Azure Data Factory using terraform, I am getting an error which I have stated below
在嘗試使用此代碼片段啟用客戶管理的密鑰時,我無法繼續執行 terraform 計划本身。 我嘗試了幾種方法,但即使它們也不起作用。 誰能幫我解決這個問題?? **
'''
data "azurerm_client_config" "current" {}
resource "azurerm_resource_group" "example" {
name = "testadfrg"
location = "West Europe"
}
resource "azurerm_key_vault" "example" {
name = "testkeyvault"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
tenant_id = data.azurerm_client_config.current.tenant_id
sku_name = "standard"
soft_delete_retention_days = 7
access_policy {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
key_permissions = [
"create",
"get",
"purge",
"recover"
]
secret_permissions = [
"set",
]
}
}
resource "azurerm_key_vault_key" "generated" {
name = "adfkey"
key_vault_id = azurerm_key_vault.example.id
key_type = "RSA"
key_size = 2048
key_opts = [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
]
}
resource "azurerm_data_factory" "df" {
name = "testadfadf"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
public_network_enabled = "true"
customer_managed_key_id = azurerm_key_vault_key.generated.id
identity {
type = "SystemAssigned"
}
}
'''
**
您必須為 ADF 創建用戶分配的標識才能訪問 Keyvault。 然后,在 Keyvault 中為該用戶分配的身份創建訪問策略,最后在創建 ADF 時必須使用以下內容:
identity {
type = "UserAssigned"
identity_ids = [azurerm_user_assigned_identity.base.id]
}
代替
identity {
type = "SystemAssigned"
}
因此,您的整體代碼將如下所示:
provider "azurerm" {
features{}
}
data "azurerm_client_config" "current" {}
data "azurerm_resource_group" "example"{
name = "yourresourcegroupname"
}
resource "azurerm_user_assigned_identity" "base" {
resource_group_name = data.azurerm_resource_group.example.name
location = data.azurerm_resource_group.example.location
name = "mi-adf-keyvault"
}
resource "azurerm_key_vault" "kv" {
name = "ansumankeyvault01"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
tenant_id = data.azurerm_client_config.current.tenant_id
sku_name = "standard"
access_policy {
object_id = data.azurerm_client_config.current.object_id
tenant_id = data.azurerm_client_config.current.tenant_id
certificate_permissions = [
"Create",
"Delete",
"DeleteIssuers",
"Get",
"GetIssuers",
"Import",
"List",
"ListIssuers",
"ManageContacts",
"ManageIssuers",
"Purge",
"SetIssuers",
"Update"
]
key_permissions = [
"Backup",
"Create",
"Decrypt",
"Delete",
"Encrypt",
"Get",
"Import",
"List",
"Purge",
"Recover",
"Restore",
"Sign",
"UnwrapKey",
"Update",
"Verify",
"WrapKey"
]
secret_permissions = [
"Backup",
"Delete",
"Get",
"List",
"Purge",
"Restore",
"Restore",
"Set"
]
}
access_policy {
object_id = azurerm_user_assigned_identity.base.principal_id
tenant_id = data.azurerm_client_config.current.tenant_id
secret_permissions = [
"Get"
]
key_permissions = [
"Get",
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
]
certificate_permissions = [
"Get"
]
}
}
resource "azurerm_key_vault_key" "generated" {
name = "generated-certificate"
key_vault_id = azurerm_key_vault.kv.id
key_type = "RSA"
key_size = 2048
key_opts = [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
]
}
resource "null_resource" "previous" {}
resource "time_sleep" "wait_120_seconds" {
depends_on = [azurerm_key_vault.kv]
create_duration = "120s"
}
resource "azurerm_data_factory" "df" {
name = "ansumantestadf" #uniquename
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
public_network_enabled = "true"
customer_managed_key_id = azurerm_key_vault_key.generated.id
identity {
type = "UserAssigned"
identity_ids = [azurerm_user_assigned_identity.base.id]
}
depends_on = [time_sleep.wait_120_seconds]
}
注意:我使用了 time sleep 塊,因為訪問策略可能需要一些時間才能反映在用戶分配標識的密鑰保管庫中。
輸出:
在谷歌雲中,使用命令“terraform apply”時出現此錯誤?
[英]In google cloud, I am getting this error while using the command "terraform apply"?
使用 Terraform 為 Azure 數據工廠管道創建數組變量或參數
[英]Creating Array Variable or Parameters For Azure Data Factory Pipeline Using Terraform
從firestore(firebase)獲取數據時出現錯誤。 我正在使用本機反應
[英]I am getting an error while fetching data from firestore(firebase). I am using react native
在這里,我嘗試使用 firebase 身份驗證登錄,但出現 400 錯誤。 我給出了准確的 email 和密碼,但它顯示如下錯誤
[英]Here, I am trying to login using firebase auth, but getting 400 error. I am giving exact email & password but it's showing below error
嘗試將 terraform 資源附加到一個列表中,但出現語法錯誤
[英]Trying to append terraform resources into one list but I am getting a syntax error
為什么在為 aws 服務目錄構建此 terraform 模板時出現無效模板主體錯誤?
[英]Why am I getting a Invalid template body error when building this terraform template for aws service catalog?
當我使用部署 terraform 代碼的 msft 托管代理添加變量組時,Azure 管道超時
[英]Azure pipelines timing out when I add a variable group using msft-hosted agent deploying terraform code
如何使用 VM 上的文件使用 Azure 數據工廠運行 python 腳本?
[英]How to run python script with Azure Data Factory using files on a VM?
將日期數據上傳到 flutter 中的 firestore 時出現錯誤
[英]I am getting error while uploading date data to firestore in flutter
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.