Terraform Azure Grid 主题资源已存在于全新构建中
Terraform Azure Grid Topic resource already exists on a fresh build
我最近一直在通过 Terraform 在 Azure 中实施网格主题,大多数情况都还不错,除了一个。通过管道应用时,它表示资源已经存在并需要导入。然而,在管道 运行 之前,Azure 中从未存在过该资源,请参阅我的网格主题代码。
# Terraform Block
terraform {
required_version = ">= 1.0"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">= 2.0"
}
random = {
source = "hashicorp/random"
version = ">= 3.0"
}
}
#Terraform State Storage Account
backend "azurerm" {}
}
# Providers Block
provider "azurerm" {
features {}
}
provider "azuread" {
tenant_id = ""
client_id = ""
client_secret = ""
}
provider "random" {}
provider "time" {}
# Random String Resource
resource "random_string" "myrandom" {
length = 6
number = false
upper = false
special = false
}
resource "azurerm_resource_group" "Classroom_In_The_Cloud_Terraform" {
name = var.resource_group_name
location = var.location
}
## Variables:
variable "AuthServer_EventGrid_Topic_name" {
description = "Authentication Server Event Grid Topic Name"
type = string
default = "nscauthservertopic-dgyn27h2dfoyojc"
}
variable "Tenant_Management_Topic_name" {
description = "Tenant Manager Event Grid Topic Name"
type = string
default = "nsctenantmanagementtopic-dgyn27h2dfoyojc"
}
variable "Event_Grid_ClassroomApi_Topic_name" {
description = "Classroom API Event Grid Topic Name"
type = string
default = "nscclassroomapitopic-dgyn27h2dfoyojc"
}
variable "Event_Grid_SafeguardingApi_Topic_name" {
description = "Event Grid SafeguardingApi Topic Name"
type = string
default = "nscsafeguardingapitopic-dgyn27h2dfoyojc"
}
variable "Event_Grid_TechnicianApi_Topic_name" {
description = "Event Grid TechnicianApi Topic Name"
type = string
default = "nsctechnicianapitopic-dgyn27h2dfoyojc"
}
variable "Event_Grid_System_Notification_Topic_name" {
description = "Event Grid TechnicianApi Topic Name"
type = string
default = "nscsystemnotificationtopic-dgyn27h2dfoyojc"
resource "azurerm_eventgrid_topic" "AuthServer_EventGrid_Topic" {
name = var.AuthServer_EventGrid_Topic_name
resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
location = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location
tags = {
environment = "Development"
}
}
resource "azurerm_eventgrid_topic" "Tenant_Management_Topic" {
name = var.Tenant_Management_Topic_name
resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
location = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location
tags = {
environment = "Development"
}
}
resource "azurerm_eventgrid_topic" "Event_Grid_ClassroomApi_Topic" {
name = var.Event_Grid_ClassroomApi_Topic_name
resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
location = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location
tags = {
environment = "Development"
}
}
resource "azurerm_eventgrid_topic" "Event_Grid_SafeguardingApi_Topic" {
name = var.Event_Grid_SafeguardingApi_Topic_name
resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
location = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location
tags = {
environment = "Development"
}
}
resource "azurerm_eventgrid_topic" "Event_Grid_TechnicianApi_Topic" {
name = var.Event_Grid_TechnicianApi_Topic_name
resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
location = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location
tags = {
environment = "Development"
}
}
resource "azurerm_eventgrid_topic" "Event_Grid_System_Notification_Topic" {
name = var.Event_Grid_System_Notification_Topic_name
resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
location = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location
tags = {
environment = "Development"
}
}
这是否类似于在添加容器之前必须将其保留 60 秒的存储帐户?我想知道网格主题是否有同样的问题?因为我之前遇到过类似的存储帐户问题。
更新:
我认为这是事件网格,但它不是来自事件网格的 keyvault 秘密。错误如下:
Error: A resource with the ID ""https://nscsecrets-aldjfd.vault.azure.net/secrets/EventGridAuthenticationServerTopicAccountEndpoint/10f66b24325f4be0b7e042e6d4122794" " already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_key_vault_secret" for more information. with azurerm_key_vault_secret.Event_Grid_Authentication_Server_Topic_Account_EndPoint, │ on keyvault.tf line 138, in resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint": │ 138: resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint" {
我的密钥库代码:
// Users & Groups which I want to give permissions to be able to access the keyvault.
data "azuread_user" "user" {
user_principal_name = "VALUE"
}
data "azuread_group" "Classroom_In_The_Cloud_AZ_AD_Group" {
display_name = "VALUE"
security_enabled = true
}
// This gets the Azure AD Tenant ID information to deploy for KeyVault.
resource "azurerm_key_vault" "nscsecrets" {
name = "${var.key_vault_name}-${random_string.myrandom.id}"
resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
location = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location
sku_name = "standard"
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 7
purge_protection_enabled = false
}
resource "azurerm_key_vault_secret" "WebsiteStorageConnectionString" { // Website Main Storage Connection String Secret
name = "WebsiteStorageConnectionString"
value = format("DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.website_storage_account.name};AccountKey=${azurerm_storage_account.website_storage_account.primary_access_key};EndpointSuffix=core.windows.net")
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_storage_account.website_storage_account,
]
}
resource "azurerm_key_vault_secret" "TenantManagerStorageConnectionString" { // Tenant Manger Storage Connection String Secret
name = "TenantManagerStorageConnectionString"
value = format("DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.tenant_manager_storage_account.name};AccountKey=${azurerm_storage_account.tenant_manager_storage_account.primary_access_key};EndpointSuffix=core.windows.net")
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_storage_container.tenant_manager_storage_container,
]
}
resource "azurerm_key_vault_secret" "ClassroomApiStorageConnectionString" { // Classroom API Connection String Secret
name = "ClassroomApiStorageConnectionString"
value = format("DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.classroom_api_storage_account.name};AccountKey=${azurerm_storage_account.classroom_api_storage_account.primary_access_key};EndpointSuffix=core.windows.net")
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_storage_container.classsroom_api_storage_container,
]
}
resource "azurerm_key_vault_secret" "AuthenticationServerStorageConnectionString" { // Authentication Server Connection String Secret
name = "AuthenticationServerStorageConnectionString"
value = format("DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.authentication_server_storage_account.name};AccountKey=${azurerm_storage_account.authentication_server_storage_account.primary_access_key};EndpointSuffix=core.windows.net")
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_storage_container.authentication_server_storage_container,
]
}
resource "azurerm_key_vault_secret" "SafeguardingStorageConnectionString" { // Safeguarding Server Connection String Secret
name = "SafeguardingStorageConnectionString"
value = format("DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.safeguarding_storage_account.name};AccountKey=${azurerm_storage_account.safeguarding_storage_account.primary_access_key};EndpointSuffix=core.windows.net")
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_storage_container.safeguarding_storage_container,
]
}
resource "azurerm_key_vault_secret" "WebsiteSignalRConnectionString" { // Website SignalR Connection String Secret
name = "WebsiteSignalRConnectionString"
value = format("Endpoint=https://${azurerm_signalr_service.websitesignalr.name}.service.signalr.net;AccessKey=${azurerm_signalr_service.websitesignalr.primary_access_key};Version=1.0;")
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_signalr_service.websitesignalr,
]
}
resource "azurerm_key_vault_secret" "TutorSignalRConnectionString" { // Tutor SignalR Connection String Secret
name = "TutorSignalRConnectionString"
value = format("Endpoint=https://${azurerm_signalr_service.tutorsignalr.name}.service.signalr.net;AccessKey=${azurerm_signalr_service.tutorsignalr.primary_access_key};Version=1.0;")
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_signalr_service.tutorsignalr,
]
}
resource "azurerm_key_vault_secret" "AzureADClientID" { //Website Azure AD ClientID
name = "AuthenticationServerMicrosoftClientId"
value = azuread_application.websiteadapp.id
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint" {
name = "EventGridAuthenticationServerTopicAccountEndpoint"
value = azurerm_eventgrid_topic.AuthServer_EventGrid_Topic.endpoint
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.AuthServer_EventGrid_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_Key" {
name = "EventGridAuthenticationServerTopicAccountKey"
value = azurerm_eventgrid_topic.AuthServer_EventGrid_Topic.primary_access_key
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.AuthServer_EventGrid_Topic,
]
}
resource "azurerm_key_vault_secret" "Tenant_Management_Topic_Account_EndPoint" {
name = "EventGridTenantManagementTopicAccountEndpoint"
value = azurerm_eventgrid_topic.Tenant_Management_Topic.endpoint
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Tenant_Management_Topic,
]
}
resource "azurerm_key_vault_secret" "Tenant_Management_Topic_Account_Key" {
name = "EventGridTenantManagementTopicAccountAccountKey"
value = azurerm_eventgrid_topic.Tenant_Management_Topic.primary_access_key
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Tenant_Management_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_ClassroomApi_Topic_Account_EndPoint" {
name = "EventGridClassroomApiTopicAccountEndpoint"
value = azurerm_eventgrid_topic.Tenant_Management_Topic.endpoint
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_ClassroomApi_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_ClassroomApi_Topic_Account_Key" {
name = "EventGridClassroomApiTopicAccountKey"
value = azurerm_eventgrid_topic.Tenant_Management_Topic.primary_access_key
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_ClassroomApi_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_SafeguardingApi_Topic_Account_EndPoint" {
name = "EventGridSafeguardingApiTopicAccountEndpoint"
value = azurerm_eventgrid_topic.Tenant_Management_Topic.endpoint
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_SafeguardingApi_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_SafeguardingApi_Topic_Account_Key" {
name = "EventGridSafeguardingApiTopicAccountKey"
value = azurerm_eventgrid_topic.Tenant_Management_Topic.primary_access_key
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_SafeguardingApi_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_TechnicianApi_Topic_Account_EndPoint" {
name = "EventGridTechnicianApiTopicAccountEndpoint"
value = azurerm_eventgrid_topic.Tenant_Management_Topic.endpoint
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_SafeguardingApi_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_TechnicianApi_Topic_Account_Key" {
name = "EventGridTechnicianApiTopicAccountKey"
value = azurerm_eventgrid_topic.Event_Grid_TechnicianApi_Topic.primary_access_key
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_TechnicianApi_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_System_Notification_Topic_Account_EndPoint" {
name = "EventGridSystemNotificationTopicAccountKey"
value = azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic.endpoint
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_System_Notification_Topic_Account_Key" {
name = "EventGridAuthenticationServerTopicAccountEndpoint"
value = azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic.primary_access_key
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic,
]
}
resource "azurerm_key_vault_secret" "SendGridAPIKey" {
name = "SendGridAPIKey"
value = "value"
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
]
}
resource "azurerm_key_vault_secret" "Interna_APIKey" {
name = "APIKey"
value = "value"
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
]
}
resource "azurerm_key_vault_secret" "WebRTC_Token_Key" {
name = "WebRTCTokenKey"
value = "value"
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
]
}
resource "azurerm_key_vault_secret" "AzureADAppPassword" { //Website Azure AD Password
name = "AuthenticationServerMicrosoftClientSecret"
value = azuread_application_password.websiteadapp.value
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
]
}
resource "azurerm_key_vault_key" "website_logs_key" {
name = "${var.website_name}-logskey"
key_vault_id = azurerm_key_vault.nscsecrets.id
key_type = "RSA"
key_size = 2048
key_opts = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey"]
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
]
}
resource "azurerm_key_vault_key" "Authentication_key" {
name = "AuthenticationKey"
key_vault_id = azurerm_key_vault.nscsecrets.id
key_type = "RSA"
key_size = 2048
key_opts = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey"]
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
]
}
resource "azurerm_key_vault_access_policy" "client" { // This is for AD Users Logged into Azure to give them the right access when creating resources.
key_vault_id = azurerm_key_vault.nscsecrets.id
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azuread_group.Classroom_In_The_Cloud_AZ_AD_Group.object_id
secret_permissions = ["Backup", "Delete", "Get", "List", "Purge", "Recover", "Restore", "Set", ]
key_permissions = ["Backup", "Create", "Decrypt", "Delete", "Encrypt", "Get", "Import", "List", "Purge", "Recover", "Restore", "Sign", "UnwrapKey", "Update", "Verify", "WrapKey", ]
storage_permissions = ["Backup", "Delete", "DeleteSAS", "Get", "GetSAS", "List", "ListSAS", "Purge", "Recover", "RegenerateKey", "Restore", "Set", "SetSAS", "Update", ]
certificate_permissions = ["create", "delete", "deleteissuers", "get", "getissuers", "import", "list", "listissuers", "managecontacts", "manageissuers", "setissuers", "update", ]
}
resource "azurerm_key_vault_access_policy" "service_principal" { // This is for the Service Principal in the pipeline to be able to make changes to Key Vault.
key_vault_id = azurerm_key_vault.nscsecrets.id
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
secret_permissions = ["Backup", "Delete", "Get", "List", "Purge", "Recover", "Restore", "Set", ]
key_permissions = ["Backup", "Create", "Decrypt", "Delete", "Encrypt", "Get", "Import", "List", "Purge", "Recover", "Restore", "Sign", "UnwrapKey", "Update", "Verify", "WrapKey", ]
storage_permissions = ["Backup", "Delete", "DeleteSAS", "Get", "GetSAS", "List", "ListSAS", "Purge", "Recover", "RegenerateKey", "Restore", "Set", "SetSAS", "Update", ]
certificate_permissions = ["create", "delete", "deleteissuers", "get", "getissuers", "import", "list", "listissuers", "managecontacts", "manageissuers", "setissuers", "update", ]
}
resource "azurerm_key_vault_access_policy" "website_app_accesspolicy" { // This is for the Storage Account for Website Logs.
depends_on = [
azurerm_app_service.website_app,
]
key_vault_id = azurerm_key_vault.nscsecrets.id
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = azurerm_app_service.website_app.identity[0].principal_id
key_permissions = ["get", "create", "delete", "list", "restore", "recover", "unwrapkey", "wrapkey", "purge", "encrypt", "decrypt", "sign", "verify", ]
secret_permissions = ["Backup", "Delete", "Get", "List", "Purge", "Recover", "Restore", "Set", ]
certificate_permissions = ["create", "delete", "deleteissuers", "get", "getissuers", "import", "list", "listissuers", "managecontacts", "manageissuers", "setissuers", "update", ]
}
resource "azurerm_key_vault_access_policy" "authentication_server_web_app_accesspolicy" { // This is for the Storage Account for Authentication Server Logs.
depends_on = [
azurerm_app_service.authentication_server_web_app,
]
key_vault_id = azurerm_key_vault.nscsecrets.id
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = azurerm_app_service.authentication_server_web_app.identity[0].principal_id
key_permissions = ["get", "create", "delete", "list", "restore", "recover", "unwrapkey", "wrapkey", "purge", "encrypt", "decrypt", "sign", "verify", ]
secret_permissions = ["Backup", "Delete", "Get", "List", "Purge", "Recover", "Restore", "Set", ]
certificate_permissions = ["create", "delete", "deleteissuers", "get", "getissuers", "import", "list", "listissuers", "managecontacts", "manageissuers", "setissuers", "update", ]
}
Error: A resource with the ID ""https://nscsecrets-aldjfd.vault.azure.net/secrets/EventGridAuthenticationServerTopicAccountEndpoint/10f66b24325f4be0b7e042e6d4122794" " already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_key_vault_secret" for more information. with azurerm_key_vault_secret.Event_Grid_Authentication_Server_Topic_Account_EndPoint, │ on keyvault.tf line 138, in resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint": │ 138: resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint" {
根据上述错误,在您的代码中,您已将 2 Key vault secret 命名为 ,即 EventGridAuthenticationServerTopicAccountEndpoint
,为此它给出的错误是 密钥保管库秘密已经存在。请重命名解决错误的秘密之一。
具有相同秘密名称的秘密块如下来自您的代码:
resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint" {
name = "EventGridAuthenticationServerTopicAccountEndpoint"
value = azurerm_eventgrid_topic.AuthServer_EventGrid_Topic.endpoint
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.AuthServer_EventGrid_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_System_Notification_Topic_Account_Key" {
name = "EventGridAuthenticationServerTopicAccountEndpoint"
value = azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic.primary_access_key
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic,
]
}
我最近一直在通过 Terraform 在 Azure 中实施网格主题,大多数情况都还不错,除了一个。通过管道应用时,它表示资源已经存在并需要导入。然而,在管道 运行 之前,Azure 中从未存在过该资源,请参阅我的网格主题代码。
# Terraform Block
terraform {
required_version = ">= 1.0"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">= 2.0"
}
random = {
source = "hashicorp/random"
version = ">= 3.0"
}
}
#Terraform State Storage Account
backend "azurerm" {}
}
# Providers Block
provider "azurerm" {
features {}
}
provider "azuread" {
tenant_id = ""
client_id = ""
client_secret = ""
}
provider "random" {}
provider "time" {}
# Random String Resource
resource "random_string" "myrandom" {
length = 6
number = false
upper = false
special = false
}
resource "azurerm_resource_group" "Classroom_In_The_Cloud_Terraform" {
name = var.resource_group_name
location = var.location
}
## Variables:
variable "AuthServer_EventGrid_Topic_name" {
description = "Authentication Server Event Grid Topic Name"
type = string
default = "nscauthservertopic-dgyn27h2dfoyojc"
}
variable "Tenant_Management_Topic_name" {
description = "Tenant Manager Event Grid Topic Name"
type = string
default = "nsctenantmanagementtopic-dgyn27h2dfoyojc"
}
variable "Event_Grid_ClassroomApi_Topic_name" {
description = "Classroom API Event Grid Topic Name"
type = string
default = "nscclassroomapitopic-dgyn27h2dfoyojc"
}
variable "Event_Grid_SafeguardingApi_Topic_name" {
description = "Event Grid SafeguardingApi Topic Name"
type = string
default = "nscsafeguardingapitopic-dgyn27h2dfoyojc"
}
variable "Event_Grid_TechnicianApi_Topic_name" {
description = "Event Grid TechnicianApi Topic Name"
type = string
default = "nsctechnicianapitopic-dgyn27h2dfoyojc"
}
variable "Event_Grid_System_Notification_Topic_name" {
description = "Event Grid TechnicianApi Topic Name"
type = string
default = "nscsystemnotificationtopic-dgyn27h2dfoyojc"
resource "azurerm_eventgrid_topic" "AuthServer_EventGrid_Topic" {
name = var.AuthServer_EventGrid_Topic_name
resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
location = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location
tags = {
environment = "Development"
}
}
resource "azurerm_eventgrid_topic" "Tenant_Management_Topic" {
name = var.Tenant_Management_Topic_name
resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
location = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location
tags = {
environment = "Development"
}
}
resource "azurerm_eventgrid_topic" "Event_Grid_ClassroomApi_Topic" {
name = var.Event_Grid_ClassroomApi_Topic_name
resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
location = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location
tags = {
environment = "Development"
}
}
resource "azurerm_eventgrid_topic" "Event_Grid_SafeguardingApi_Topic" {
name = var.Event_Grid_SafeguardingApi_Topic_name
resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
location = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location
tags = {
environment = "Development"
}
}
resource "azurerm_eventgrid_topic" "Event_Grid_TechnicianApi_Topic" {
name = var.Event_Grid_TechnicianApi_Topic_name
resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
location = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location
tags = {
environment = "Development"
}
}
resource "azurerm_eventgrid_topic" "Event_Grid_System_Notification_Topic" {
name = var.Event_Grid_System_Notification_Topic_name
resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
location = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location
tags = {
environment = "Development"
}
}
这是否类似于在添加容器之前必须将其保留 60 秒的存储帐户?我想知道网格主题是否有同样的问题?因为我之前遇到过类似的存储帐户问题。
更新:
我认为这是事件网格,但它不是来自事件网格的 keyvault 秘密。错误如下:
Error: A resource with the ID ""https://nscsecrets-aldjfd.vault.azure.net/secrets/EventGridAuthenticationServerTopicAccountEndpoint/10f66b24325f4be0b7e042e6d4122794" " already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_key_vault_secret" for more information. with azurerm_key_vault_secret.Event_Grid_Authentication_Server_Topic_Account_EndPoint, │ on keyvault.tf line 138, in resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint": │ 138: resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint" {
我的密钥库代码:
// Users & Groups which I want to give permissions to be able to access the keyvault.
data "azuread_user" "user" {
user_principal_name = "VALUE"
}
data "azuread_group" "Classroom_In_The_Cloud_AZ_AD_Group" {
display_name = "VALUE"
security_enabled = true
}
// This gets the Azure AD Tenant ID information to deploy for KeyVault.
resource "azurerm_key_vault" "nscsecrets" {
name = "${var.key_vault_name}-${random_string.myrandom.id}"
resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
location = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location
sku_name = "standard"
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 7
purge_protection_enabled = false
}
resource "azurerm_key_vault_secret" "WebsiteStorageConnectionString" { // Website Main Storage Connection String Secret
name = "WebsiteStorageConnectionString"
value = format("DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.website_storage_account.name};AccountKey=${azurerm_storage_account.website_storage_account.primary_access_key};EndpointSuffix=core.windows.net")
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_storage_account.website_storage_account,
]
}
resource "azurerm_key_vault_secret" "TenantManagerStorageConnectionString" { // Tenant Manger Storage Connection String Secret
name = "TenantManagerStorageConnectionString"
value = format("DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.tenant_manager_storage_account.name};AccountKey=${azurerm_storage_account.tenant_manager_storage_account.primary_access_key};EndpointSuffix=core.windows.net")
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_storage_container.tenant_manager_storage_container,
]
}
resource "azurerm_key_vault_secret" "ClassroomApiStorageConnectionString" { // Classroom API Connection String Secret
name = "ClassroomApiStorageConnectionString"
value = format("DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.classroom_api_storage_account.name};AccountKey=${azurerm_storage_account.classroom_api_storage_account.primary_access_key};EndpointSuffix=core.windows.net")
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_storage_container.classsroom_api_storage_container,
]
}
resource "azurerm_key_vault_secret" "AuthenticationServerStorageConnectionString" { // Authentication Server Connection String Secret
name = "AuthenticationServerStorageConnectionString"
value = format("DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.authentication_server_storage_account.name};AccountKey=${azurerm_storage_account.authentication_server_storage_account.primary_access_key};EndpointSuffix=core.windows.net")
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_storage_container.authentication_server_storage_container,
]
}
resource "azurerm_key_vault_secret" "SafeguardingStorageConnectionString" { // Safeguarding Server Connection String Secret
name = "SafeguardingStorageConnectionString"
value = format("DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.safeguarding_storage_account.name};AccountKey=${azurerm_storage_account.safeguarding_storage_account.primary_access_key};EndpointSuffix=core.windows.net")
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_storage_container.safeguarding_storage_container,
]
}
resource "azurerm_key_vault_secret" "WebsiteSignalRConnectionString" { // Website SignalR Connection String Secret
name = "WebsiteSignalRConnectionString"
value = format("Endpoint=https://${azurerm_signalr_service.websitesignalr.name}.service.signalr.net;AccessKey=${azurerm_signalr_service.websitesignalr.primary_access_key};Version=1.0;")
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_signalr_service.websitesignalr,
]
}
resource "azurerm_key_vault_secret" "TutorSignalRConnectionString" { // Tutor SignalR Connection String Secret
name = "TutorSignalRConnectionString"
value = format("Endpoint=https://${azurerm_signalr_service.tutorsignalr.name}.service.signalr.net;AccessKey=${azurerm_signalr_service.tutorsignalr.primary_access_key};Version=1.0;")
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_signalr_service.tutorsignalr,
]
}
resource "azurerm_key_vault_secret" "AzureADClientID" { //Website Azure AD ClientID
name = "AuthenticationServerMicrosoftClientId"
value = azuread_application.websiteadapp.id
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint" {
name = "EventGridAuthenticationServerTopicAccountEndpoint"
value = azurerm_eventgrid_topic.AuthServer_EventGrid_Topic.endpoint
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.AuthServer_EventGrid_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_Key" {
name = "EventGridAuthenticationServerTopicAccountKey"
value = azurerm_eventgrid_topic.AuthServer_EventGrid_Topic.primary_access_key
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.AuthServer_EventGrid_Topic,
]
}
resource "azurerm_key_vault_secret" "Tenant_Management_Topic_Account_EndPoint" {
name = "EventGridTenantManagementTopicAccountEndpoint"
value = azurerm_eventgrid_topic.Tenant_Management_Topic.endpoint
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Tenant_Management_Topic,
]
}
resource "azurerm_key_vault_secret" "Tenant_Management_Topic_Account_Key" {
name = "EventGridTenantManagementTopicAccountAccountKey"
value = azurerm_eventgrid_topic.Tenant_Management_Topic.primary_access_key
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Tenant_Management_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_ClassroomApi_Topic_Account_EndPoint" {
name = "EventGridClassroomApiTopicAccountEndpoint"
value = azurerm_eventgrid_topic.Tenant_Management_Topic.endpoint
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_ClassroomApi_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_ClassroomApi_Topic_Account_Key" {
name = "EventGridClassroomApiTopicAccountKey"
value = azurerm_eventgrid_topic.Tenant_Management_Topic.primary_access_key
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_ClassroomApi_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_SafeguardingApi_Topic_Account_EndPoint" {
name = "EventGridSafeguardingApiTopicAccountEndpoint"
value = azurerm_eventgrid_topic.Tenant_Management_Topic.endpoint
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_SafeguardingApi_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_SafeguardingApi_Topic_Account_Key" {
name = "EventGridSafeguardingApiTopicAccountKey"
value = azurerm_eventgrid_topic.Tenant_Management_Topic.primary_access_key
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_SafeguardingApi_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_TechnicianApi_Topic_Account_EndPoint" {
name = "EventGridTechnicianApiTopicAccountEndpoint"
value = azurerm_eventgrid_topic.Tenant_Management_Topic.endpoint
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_SafeguardingApi_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_TechnicianApi_Topic_Account_Key" {
name = "EventGridTechnicianApiTopicAccountKey"
value = azurerm_eventgrid_topic.Event_Grid_TechnicianApi_Topic.primary_access_key
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_TechnicianApi_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_System_Notification_Topic_Account_EndPoint" {
name = "EventGridSystemNotificationTopicAccountKey"
value = azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic.endpoint
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_System_Notification_Topic_Account_Key" {
name = "EventGridAuthenticationServerTopicAccountEndpoint"
value = azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic.primary_access_key
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic,
]
}
resource "azurerm_key_vault_secret" "SendGridAPIKey" {
name = "SendGridAPIKey"
value = "value"
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
]
}
resource "azurerm_key_vault_secret" "Interna_APIKey" {
name = "APIKey"
value = "value"
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
]
}
resource "azurerm_key_vault_secret" "WebRTC_Token_Key" {
name = "WebRTCTokenKey"
value = "value"
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
]
}
resource "azurerm_key_vault_secret" "AzureADAppPassword" { //Website Azure AD Password
name = "AuthenticationServerMicrosoftClientSecret"
value = azuread_application_password.websiteadapp.value
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
]
}
resource "azurerm_key_vault_key" "website_logs_key" {
name = "${var.website_name}-logskey"
key_vault_id = azurerm_key_vault.nscsecrets.id
key_type = "RSA"
key_size = 2048
key_opts = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey"]
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
]
}
resource "azurerm_key_vault_key" "Authentication_key" {
name = "AuthenticationKey"
key_vault_id = azurerm_key_vault.nscsecrets.id
key_type = "RSA"
key_size = 2048
key_opts = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey"]
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
]
}
resource "azurerm_key_vault_access_policy" "client" { // This is for AD Users Logged into Azure to give them the right access when creating resources.
key_vault_id = azurerm_key_vault.nscsecrets.id
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azuread_group.Classroom_In_The_Cloud_AZ_AD_Group.object_id
secret_permissions = ["Backup", "Delete", "Get", "List", "Purge", "Recover", "Restore", "Set", ]
key_permissions = ["Backup", "Create", "Decrypt", "Delete", "Encrypt", "Get", "Import", "List", "Purge", "Recover", "Restore", "Sign", "UnwrapKey", "Update", "Verify", "WrapKey", ]
storage_permissions = ["Backup", "Delete", "DeleteSAS", "Get", "GetSAS", "List", "ListSAS", "Purge", "Recover", "RegenerateKey", "Restore", "Set", "SetSAS", "Update", ]
certificate_permissions = ["create", "delete", "deleteissuers", "get", "getissuers", "import", "list", "listissuers", "managecontacts", "manageissuers", "setissuers", "update", ]
}
resource "azurerm_key_vault_access_policy" "service_principal" { // This is for the Service Principal in the pipeline to be able to make changes to Key Vault.
key_vault_id = azurerm_key_vault.nscsecrets.id
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
secret_permissions = ["Backup", "Delete", "Get", "List", "Purge", "Recover", "Restore", "Set", ]
key_permissions = ["Backup", "Create", "Decrypt", "Delete", "Encrypt", "Get", "Import", "List", "Purge", "Recover", "Restore", "Sign", "UnwrapKey", "Update", "Verify", "WrapKey", ]
storage_permissions = ["Backup", "Delete", "DeleteSAS", "Get", "GetSAS", "List", "ListSAS", "Purge", "Recover", "RegenerateKey", "Restore", "Set", "SetSAS", "Update", ]
certificate_permissions = ["create", "delete", "deleteissuers", "get", "getissuers", "import", "list", "listissuers", "managecontacts", "manageissuers", "setissuers", "update", ]
}
resource "azurerm_key_vault_access_policy" "website_app_accesspolicy" { // This is for the Storage Account for Website Logs.
depends_on = [
azurerm_app_service.website_app,
]
key_vault_id = azurerm_key_vault.nscsecrets.id
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = azurerm_app_service.website_app.identity[0].principal_id
key_permissions = ["get", "create", "delete", "list", "restore", "recover", "unwrapkey", "wrapkey", "purge", "encrypt", "decrypt", "sign", "verify", ]
secret_permissions = ["Backup", "Delete", "Get", "List", "Purge", "Recover", "Restore", "Set", ]
certificate_permissions = ["create", "delete", "deleteissuers", "get", "getissuers", "import", "list", "listissuers", "managecontacts", "manageissuers", "setissuers", "update", ]
}
resource "azurerm_key_vault_access_policy" "authentication_server_web_app_accesspolicy" { // This is for the Storage Account for Authentication Server Logs.
depends_on = [
azurerm_app_service.authentication_server_web_app,
]
key_vault_id = azurerm_key_vault.nscsecrets.id
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = azurerm_app_service.authentication_server_web_app.identity[0].principal_id
key_permissions = ["get", "create", "delete", "list", "restore", "recover", "unwrapkey", "wrapkey", "purge", "encrypt", "decrypt", "sign", "verify", ]
secret_permissions = ["Backup", "Delete", "Get", "List", "Purge", "Recover", "Restore", "Set", ]
certificate_permissions = ["create", "delete", "deleteissuers", "get", "getissuers", "import", "list", "listissuers", "managecontacts", "manageissuers", "setissuers", "update", ]
}
Error: A resource with the ID ""https://nscsecrets-aldjfd.vault.azure.net/secrets/EventGridAuthenticationServerTopicAccountEndpoint/10f66b24325f4be0b7e042e6d4122794" " already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_key_vault_secret" for more information. with azurerm_key_vault_secret.Event_Grid_Authentication_Server_Topic_Account_EndPoint, │ on keyvault.tf line 138, in resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint": │ 138: resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint" {
根据上述错误,在您的代码中,您已将 2 Key vault secret 命名为 ,即 EventGridAuthenticationServerTopicAccountEndpoint
,为此它给出的错误是 密钥保管库秘密已经存在。请重命名解决错误的秘密之一。
具有相同秘密名称的秘密块如下来自您的代码:
resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint" {
name = "EventGridAuthenticationServerTopicAccountEndpoint"
value = azurerm_eventgrid_topic.AuthServer_EventGrid_Topic.endpoint
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.AuthServer_EventGrid_Topic,
]
}
resource "azurerm_key_vault_secret" "Event_Grid_System_Notification_Topic_Account_Key" {
name = "EventGridAuthenticationServerTopicAccountEndpoint"
value = azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic.primary_access_key
key_vault_id = azurerm_key_vault.nscsecrets.id
depends_on = [
azurerm_key_vault_access_policy.client,
azurerm_key_vault_access_policy.service_principal,
azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic,
]
}