Terraform与Keyvault访问的问题

huangapple
go评论64阅读模式
英文:

Terraform issue with Keyvault access

问题

resource "azurerm_role_assignment" "vault_access" {
scope = azurerm_key_vault.vault.id
role_definition_id = "Contributor"
principal_id = data.azuread_group.access_audit_members.object_id
}

英文:

So I defined the kayvault definition in terraofrm and now looking to provide access to an AD group by the below definition, but I get error as

> Error: authorization.RoleAssignmentsClient#Create: Failure responding
> to request: StatusCode=400 -- Original Error: autorest/azure: Service
> returned an error. Status=400 Code="BadRequestFormat" Message="The
> request was incorrectly formatted."

here is the definition :

resource "azurerm_role_assignment" "vault_access" {
  scope              = azurerm_key_vault.vault.id
  role_definition_id = "Contributor"
  principal_id       = data.azuread_group.access_audit_members.object_id
}

答案1

得分: 2

> Terraform问题与Keyvault访问

```haskell
role_definition_id = "Contributor"

由于您在代码中使用了role_definition_id而不是role_definition_name,请确保提供正确的Role Definition ID,而不是角色名称。

以下是将角色分配给Azure AD组范围内的Key Vault的更新代码

provider "azurerm" {
  features {}
}
data "azurerm_key_vault" "keyvault" {
  name                = "srikv12"
  resource_group_name = "Sri"
}
data "azuread_group" "Adgroup" {
  display_name     = "keyvaultgroup"
  security_enabled = true
}
resource "azurerm_role_assignment" "example" {
  scope                = data.azurerm_key_vault.keyvault.id
  role_definition_name = "Contributor"
  principal_id         = data.azuread_group.Adgroup.object_id
}

Terraform应用:

Terraform与Keyvault访问的问题

执行以上代码后,将在Azure AD范围内将Contributor角色分配给Key Vault

Terraform与Keyvault访问的问题

有关更多关于resource "azurerm_role_assignment"块的详细信息,请参阅registry.terraform


<details>
<summary>英文:</summary>

&gt; Terraform issue with Keyvault access

```haskell
role_definition_id = &quot;Contributor&quot;

As you have used role_definition_id instead of role_definition_name in your code, please make sure to provide the correct Role Definition ID instead of the role name.

Here is the updated code to assign the role to the Key Vault at the Azure AD Group scope

provider &quot;azurerm&quot; {
  features {}
}
data &quot;azurerm_key_vault&quot; &quot;keyvault&quot; {
  name                = &quot;srikv12&quot;
  resource_group_name = &quot;Sri&quot;
}
data &quot;azuread_group&quot; &quot;Adgroup&quot; {
  display_name     = &quot;keyvaultgroup&quot;
  security_enabled = true
}
resource &quot;azurerm_role_assignment&quot; &quot;example&quot; {
  scope                = data.azurerm_key_vault.keyvault.id
  role_definition_name = &quot;Contributor&quot;
  principal_id         = data.azuread_group.Adgroup.object_id
}

Terraform Apply:

Terraform与Keyvault访问的问题

Once the above code is executed, the Contributor role will be assigned to the Key Vault at the Azure AD scope

Terraform与Keyvault访问的问题

Refer the registry.terraform for more details about resource &quot;azurerm_role_assignment block.

huangapple
  • 本文由 发表于 2023年6月15日 20:22:08
  • 转载请务必保留本文链接:https://go.coder-hub.com/76482430.html
  • azure-keyvault
  • terraform
  • terraform-provider-azure
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定