Azure Storage使用Terraform创建的AccessKey与门户中的不同。

huangapple go评论62阅读模式
英文:

AccessKey of Azure Storage created with Terraform are different from portal

问题

我使用Terraform创建Azure存储帐户,并将访问密钥(主要和次要)存储在Azure Key Vault中。

resource "azurerm_key_vault_secret" "StorageAccessKey" {
  depends_on = [
    azurerm_key_vault.kv,
    azurerm_key_vault_access_policy.KVAccessPolicies
  ]
  name = "Azure--Storage--AccountKey"
  value = azurerm_storage_account.storage_account.primary_access_key
  key_vault_id = azurerm_key_vault.kv.id
}

当我从Azure门户检查值时,访问密钥不同。

Azure Storage使用Terraform创建的AccessKey与门户中的不同。

Azure Storage使用Terraform创建的AccessKey与门户中的不同。

有什么问题?

英文:

I use Terraform to create an Azure Storage account and I store the Access Keys (primary and secondary) in Azure Key Vault.

resource "azurerm_key_vault_secret" "StorageAccessKey" {
  depends_on = [
    azurerm_key_vault.kv,
    azurerm_key_vault_access_policy.KVAccessPolicies
  ]
  name = "Azure--Storage--AccountKey"
  value = azurerm_storage_account.storage_account.primary_access_key
  key_vault_id = azurerm_key_vault.kv.id
}

When I check the value from the Azure Portal, the Access key are different:

Azure Storage使用Terraform创建的AccessKey与门户中的不同。

Azure Storage使用Terraform创建的AccessKey与门户中的不同。

What's wrong?

答案1

得分: 0

我尝试在我的环境中重新创建相同的内容,以将 Azure 存储账户的访问密钥存储在使用 Terraform 创建的 Key Vault 中。

您可以使用以下 Terraform 代码将存储账户访问密钥存储在 Key Vault 中:

provider "azurerm" {
  features {}
}

data "azurerm_client_config" "current" {}

resource "azurerm_resource_group" "thejarg" {
  name     = "theja-resource-group"
  location = "eastus"
}

resource "azurerm_storage_account" "thejastorageaccount123" {
  name                = "thejastorageaccount1"
  resource_group_name = azurerm_resource_group.thejarg.name
  location            = azurerm_resource_group.thejarg.location
  account_tier        = "Standard"
  account_replication_type = "LRS"

  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_key_vault" "thejavaulttest" {
  name                = "thejavault"
  resource_group_name = azurerm_resource_group.thejarg.name
  location            = azurerm_resource_group.thejarg.location
  sku_name            = "standard"

  tenant_id = data.azurerm_client_config.current.tenant_id

  access_policy {
    tenant_id = "3f5c7a77-062d-426c-8582-1238b1a77336"
    object_id = "a970fc40-48da-4ac7-b126-b40206699b9c"
    
    key_permissions = ["Create", "Get"]
    secret_permissions = ["Set", "Get", "Delete", "Purge", "Recover", "List"]
    storage_permissions = ["Get", "Set"]
  }
}

resource "azurerm_key_vault_secret" "primary_storage_key" {
  name         = "primary-storage-key"
  value        = azurerm_storage_account.thejastorageaccount123.primary_access_key
  key_vault_id = azurerm_key_vault.thejavaulttest.id
}

运行上述代码后,资源会成功创建。

当我检查 Key Vault 中的存储账户访问密钥时,相同的密钥会在 Key Vault 中更新。

英文:

I Tried to reproduce the same in my environment to store access key of Azure Storage account in Key Vault created with Terraform

You can use below Terraform code to store the storage account access key in Key vault.

    provider  "azurerm" {

features {}

}
data  "azurerm_client_config"  "current" {}
resource  "azurerm_resource_group"  "thejarg" {
name =  "theja-resource-group"

location =  "eastus"

}
resource  "azurerm_storage_account"  "thejastorageaccount123" {

name =  "thejastorageaccount1"

resource_group_name =  azurerm_resource_group.thejarg.name

location =  azurerm_resource_group.thejarg.location

account_tier =  "Standard"

account_replication_type =  "LRS"
identity {

type =  "SystemAssigned"

}

}

resource  "azurerm_key_vault"  "thejavaulttest" {

name =  "thejavault"

resource_group_name =  azurerm_resource_group.thejarg.name

location =  azurerm_resource_group.thejarg.location
sku_name =  "standard"

tenant_id =  data.azurerm_client_config.current.tenant_id

access_policy {

tenant_id =  "3f5c7a77-062d-426c-8582-1238b1a77336"

object_id =  "a970fc40-48da-4ac7-b126-b40206699b9c"

key_permissions =  ["Create","Get",]

secret_permissions =  ["Set","Get","Delete","Purge", "Recover","List"]

storage_permissions =  ["Get","Set"]

}

}

resource  "azurerm_key_vault_secret"  "primary_storage_key" {

name =  "primary-storage-key"

value =  azurerm_storage_account.thejastorageaccount123.primary_access_key

key_vault_id =  azurerm_key_vault.thejavaulttest.id

}

Once ran the above code resources are created successfully.

Azure Storage使用Terraform创建的AccessKey与门户中的不同。

When I check the storage account access key in key vault, the same key is updated in key vault.

Azure Storage使用Terraform创建的AccessKey与门户中的不同。

huangapple
  • 本文由 发表于 2023年3月7日 15:31:40
  • 转载请务必保留本文链接:https://go.coder-hub.com/75659085.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定