Terraform Azure Grid 主题资源已存在于全新构建中

Terraform Azure Grid Topic resource already exists on a fresh build

我最近一直在通过 Terraform 在 Azure 中实施网格主题,大多数情况都还不错,除了一个。通过管道应用时,它表示资源已经存在并需要导入。然而,在管道 运行 之前,Azure 中从未存在过该资源,请参阅我的网格主题代码。

# Terraform Block
terraform {
  required_version = ">= 1.0"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 2.0"
    }
    random = {
      source  = "hashicorp/random"
      version = ">= 3.0"
    }
  }
  #Terraform State Storage Account
  backend "azurerm" {}
}

# Providers Block
provider "azurerm" {
  features {}
}
provider "azuread" {
  tenant_id     = ""
  client_id     = ""
  client_secret = ""
}

provider "random" {}
provider "time" {}

# Random String Resource

resource "random_string" "myrandom" {
  length  = 6
  number  = false
  upper   = false
  special = false
}

resource "azurerm_resource_group" "Classroom_In_The_Cloud_Terraform" {
  name     = var.resource_group_name
  location = var.location
}

## Variables: 

variable "AuthServer_EventGrid_Topic_name" {
  description = "Authentication Server Event Grid Topic Name"
  type        = string
  default     = "nscauthservertopic-dgyn27h2dfoyojc"
}

variable "Tenant_Management_Topic_name" {
  description = "Tenant Manager Event Grid Topic Name"
  type        = string
  default     = "nsctenantmanagementtopic-dgyn27h2dfoyojc"
}

variable "Event_Grid_ClassroomApi_Topic_name" {
  description = "Classroom API Event Grid Topic Name"
  type        = string
  default     = "nscclassroomapitopic-dgyn27h2dfoyojc"
}

variable "Event_Grid_SafeguardingApi_Topic_name" {
  description = "Event Grid SafeguardingApi Topic Name"
  type        = string
  default     = "nscsafeguardingapitopic-dgyn27h2dfoyojc"
}

variable "Event_Grid_TechnicianApi_Topic_name" {
  description = "Event Grid TechnicianApi Topic Name"
  type        = string
  default     = "nsctechnicianapitopic-dgyn27h2dfoyojc"
}

variable "Event_Grid_System_Notification_Topic_name" {
  description = "Event Grid TechnicianApi Topic Name"
  type        = string
  default     = "nscsystemnotificationtopic-dgyn27h2dfoyojc"

resource "azurerm_eventgrid_topic" "AuthServer_EventGrid_Topic" {
  name                = var.AuthServer_EventGrid_Topic_name
  resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
  location            = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location

  tags = {
    environment = "Development"
  }
}

resource "azurerm_eventgrid_topic" "Tenant_Management_Topic" {
  name                = var.Tenant_Management_Topic_name
  resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
  location            = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location

  tags = {
    environment = "Development"
  }
}

resource "azurerm_eventgrid_topic" "Event_Grid_ClassroomApi_Topic" {
  name                = var.Event_Grid_ClassroomApi_Topic_name
  resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
  location            = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location

  tags = {
    environment = "Development"
  }
}

resource "azurerm_eventgrid_topic" "Event_Grid_SafeguardingApi_Topic" {
  name                = var.Event_Grid_SafeguardingApi_Topic_name
  resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
  location            = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location

  tags = {
    environment = "Development"
  }
}

resource "azurerm_eventgrid_topic" "Event_Grid_TechnicianApi_Topic" {
  name                = var.Event_Grid_TechnicianApi_Topic_name
  resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
  location            = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location

  tags = {
    environment = "Development"
  }
}

resource "azurerm_eventgrid_topic" "Event_Grid_System_Notification_Topic" {
  name                = var.Event_Grid_System_Notification_Topic_name
  resource_group_name = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
  location            = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location

  tags = {
    environment = "Development"
  }
}

这是否类似于在添加容器之前必须将其保留 60 秒的存储帐户?我想知道网格主题是否有同样的问题?因为我之前遇到过类似的存储帐户问题。

更新:

我认为这是事件网格,但它不是来自事件网格的 keyvault 秘密。错误如下:

Error: A resource with the ID ""https://nscsecrets-aldjfd.vault.azure.net/secrets/EventGridAuthenticationServerTopicAccountEndpoint/10f66b24325f4be0b7e042e6d4122794" " already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_key_vault_secret" for more information. with azurerm_key_vault_secret.Event_Grid_Authentication_Server_Topic_Account_EndPoint, │ on keyvault.tf line 138, in resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint": │ 138: resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint" {

我的密钥库代码:

// Users & Groups which I want to give permissions to be able to access the keyvault.
data "azuread_user" "user" {
  user_principal_name = "VALUE"
}

data "azuread_group" "Classroom_In_The_Cloud_AZ_AD_Group" {
  display_name     = "VALUE"
  security_enabled = true
}

// This gets the Azure AD Tenant ID information to deploy for KeyVault. 
resource "azurerm_key_vault" "nscsecrets" {
  name                       = "${var.key_vault_name}-${random_string.myrandom.id}"
  resource_group_name        = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.name
  location                   = azurerm_resource_group.Classroom_In_The_Cloud_Terraform.location
  sku_name                   = "standard"
  tenant_id                  = data.azurerm_client_config.current.tenant_id
  soft_delete_retention_days = 7
  purge_protection_enabled   = false

}

resource "azurerm_key_vault_secret" "WebsiteStorageConnectionString" { // Website Main Storage Connection String Secret
  name         = "WebsiteStorageConnectionString"
  value        = format("DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.website_storage_account.name};AccountKey=${azurerm_storage_account.website_storage_account.primary_access_key};EndpointSuffix=core.windows.net")
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_storage_account.website_storage_account,
  ]

}
resource "azurerm_key_vault_secret" "TenantManagerStorageConnectionString" { // Tenant Manger Storage Connection String Secret
  name         = "TenantManagerStorageConnectionString"
  value        = format("DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.tenant_manager_storage_account.name};AccountKey=${azurerm_storage_account.tenant_manager_storage_account.primary_access_key};EndpointSuffix=core.windows.net")
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_storage_container.tenant_manager_storage_container,
  ]

}

resource "azurerm_key_vault_secret" "ClassroomApiStorageConnectionString" { // Classroom API Connection String Secret
  name         = "ClassroomApiStorageConnectionString"
  value        = format("DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.classroom_api_storage_account.name};AccountKey=${azurerm_storage_account.classroom_api_storage_account.primary_access_key};EndpointSuffix=core.windows.net")
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_storage_container.classsroom_api_storage_container,
  ]

}

resource "azurerm_key_vault_secret" "AuthenticationServerStorageConnectionString" { // Authentication Server Connection String Secret
  name         = "AuthenticationServerStorageConnectionString"
  value        = format("DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.authentication_server_storage_account.name};AccountKey=${azurerm_storage_account.authentication_server_storage_account.primary_access_key};EndpointSuffix=core.windows.net")
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_storage_container.authentication_server_storage_container,
  ]

}

resource "azurerm_key_vault_secret" "SafeguardingStorageConnectionString" { // Safeguarding Server Connection String Secret
  name         = "SafeguardingStorageConnectionString"
  value        = format("DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.safeguarding_storage_account.name};AccountKey=${azurerm_storage_account.safeguarding_storage_account.primary_access_key};EndpointSuffix=core.windows.net")
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_storage_container.safeguarding_storage_container,
  ]

}

resource "azurerm_key_vault_secret" "WebsiteSignalRConnectionString" { // Website SignalR Connection String Secret
  name         = "WebsiteSignalRConnectionString"
  value        = format("Endpoint=https://${azurerm_signalr_service.websitesignalr.name}.service.signalr.net;AccessKey=${azurerm_signalr_service.websitesignalr.primary_access_key};Version=1.0;")
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_signalr_service.websitesignalr,
  ]

}

resource "azurerm_key_vault_secret" "TutorSignalRConnectionString" { // Tutor SignalR Connection String Secret
  name         = "TutorSignalRConnectionString"
  value        = format("Endpoint=https://${azurerm_signalr_service.tutorsignalr.name}.service.signalr.net;AccessKey=${azurerm_signalr_service.tutorsignalr.primary_access_key};Version=1.0;")
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_signalr_service.tutorsignalr,
  ]

}

resource "azurerm_key_vault_secret" "AzureADClientID" { //Website Azure AD ClientID
  name         = "AuthenticationServerMicrosoftClientId"
  value        = azuread_application.websiteadapp.id
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
  ]

}

resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint" {
  name         = "EventGridAuthenticationServerTopicAccountEndpoint"
  value        = azurerm_eventgrid_topic.AuthServer_EventGrid_Topic.endpoint
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_eventgrid_topic.AuthServer_EventGrid_Topic,
  ]

}

resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_Key" {
  name         = "EventGridAuthenticationServerTopicAccountKey"
  value        = azurerm_eventgrid_topic.AuthServer_EventGrid_Topic.primary_access_key
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_eventgrid_topic.AuthServer_EventGrid_Topic,
  ]

}

resource "azurerm_key_vault_secret" "Tenant_Management_Topic_Account_EndPoint" {
  name         = "EventGridTenantManagementTopicAccountEndpoint"
  value        = azurerm_eventgrid_topic.Tenant_Management_Topic.endpoint
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_eventgrid_topic.Tenant_Management_Topic,
  ]

}

resource "azurerm_key_vault_secret" "Tenant_Management_Topic_Account_Key" {
  name         = "EventGridTenantManagementTopicAccountAccountKey"
  value        = azurerm_eventgrid_topic.Tenant_Management_Topic.primary_access_key
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_eventgrid_topic.Tenant_Management_Topic,
  ]

}

resource "azurerm_key_vault_secret" "Event_Grid_ClassroomApi_Topic_Account_EndPoint" {
  name         = "EventGridClassroomApiTopicAccountEndpoint"
  value        = azurerm_eventgrid_topic.Tenant_Management_Topic.endpoint
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_eventgrid_topic.Event_Grid_ClassroomApi_Topic,
  ]

}

resource "azurerm_key_vault_secret" "Event_Grid_ClassroomApi_Topic_Account_Key" {
  name         = "EventGridClassroomApiTopicAccountKey"
  value        = azurerm_eventgrid_topic.Tenant_Management_Topic.primary_access_key
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_eventgrid_topic.Event_Grid_ClassroomApi_Topic,
  ]

}

resource "azurerm_key_vault_secret" "Event_Grid_SafeguardingApi_Topic_Account_EndPoint" {
  name         = "EventGridSafeguardingApiTopicAccountEndpoint"
  value        = azurerm_eventgrid_topic.Tenant_Management_Topic.endpoint
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_eventgrid_topic.Event_Grid_SafeguardingApi_Topic,
  ]

}

resource "azurerm_key_vault_secret" "Event_Grid_SafeguardingApi_Topic_Account_Key" {
  name         = "EventGridSafeguardingApiTopicAccountKey"
  value        = azurerm_eventgrid_topic.Tenant_Management_Topic.primary_access_key
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_eventgrid_topic.Event_Grid_SafeguardingApi_Topic,
  ]

}

resource "azurerm_key_vault_secret" "Event_Grid_TechnicianApi_Topic_Account_EndPoint" {
  name         = "EventGridTechnicianApiTopicAccountEndpoint"
  value        = azurerm_eventgrid_topic.Tenant_Management_Topic.endpoint
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_eventgrid_topic.Event_Grid_SafeguardingApi_Topic,
  ]

}

resource "azurerm_key_vault_secret" "Event_Grid_TechnicianApi_Topic_Account_Key" {
  name         = "EventGridTechnicianApiTopicAccountKey"
  value        = azurerm_eventgrid_topic.Event_Grid_TechnicianApi_Topic.primary_access_key
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_eventgrid_topic.Event_Grid_TechnicianApi_Topic,
  ]

}

resource "azurerm_key_vault_secret" "Event_Grid_System_Notification_Topic_Account_EndPoint" {
  name         = "EventGridSystemNotificationTopicAccountKey"
  value        = azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic.endpoint
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic,
  ]

}

resource "azurerm_key_vault_secret" "Event_Grid_System_Notification_Topic_Account_Key" {
  name         = "EventGridAuthenticationServerTopicAccountEndpoint"
  value        = azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic.primary_access_key
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic,
  ]

}

resource "azurerm_key_vault_secret" "SendGridAPIKey" {
  name         = "SendGridAPIKey"
  value        = "value"
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
  ]

}

resource "azurerm_key_vault_secret" "Interna_APIKey" {
  name         = "APIKey"
  value        = "value"
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
  ]

}

resource "azurerm_key_vault_secret" "WebRTC_Token_Key" {
  name         = "WebRTCTokenKey"
  value        = "value"
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
  ]

}

resource "azurerm_key_vault_secret" "AzureADAppPassword" { //Website Azure AD Password
  name         = "AuthenticationServerMicrosoftClientSecret"
  value        = azuread_application_password.websiteadapp.value
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
  ]

}


resource "azurerm_key_vault_key" "website_logs_key" {
  name         = "${var.website_name}-logskey"
  key_vault_id = azurerm_key_vault.nscsecrets.id
  key_type     = "RSA"
  key_size     = 2048
  key_opts     = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey"]

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
  ]
}

resource "azurerm_key_vault_key" "Authentication_key" {
  name         = "AuthenticationKey"
  key_vault_id = azurerm_key_vault.nscsecrets.id
  key_type     = "RSA"
  key_size     = 2048
  key_opts     = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey"]

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
  ]
}

resource "azurerm_key_vault_access_policy" "client" { // This is for AD Users Logged into Azure to give them the right access when creating resources. 
  key_vault_id            = azurerm_key_vault.nscsecrets.id
  tenant_id               = data.azurerm_client_config.current.tenant_id
  object_id               = data.azuread_group.Classroom_In_The_Cloud_AZ_AD_Group.object_id
  secret_permissions      = ["Backup", "Delete", "Get", "List", "Purge", "Recover", "Restore", "Set", ]
  key_permissions         = ["Backup", "Create", "Decrypt", "Delete", "Encrypt", "Get", "Import", "List", "Purge", "Recover", "Restore", "Sign", "UnwrapKey", "Update", "Verify", "WrapKey", ]
  storage_permissions     = ["Backup", "Delete", "DeleteSAS", "Get", "GetSAS", "List", "ListSAS", "Purge", "Recover", "RegenerateKey", "Restore", "Set", "SetSAS", "Update", ]
  certificate_permissions = ["create", "delete", "deleteissuers", "get", "getissuers", "import", "list", "listissuers", "managecontacts", "manageissuers", "setissuers", "update", ]
}

resource "azurerm_key_vault_access_policy" "service_principal" { // This is for the Service Principal in the pipeline to be able to make changes to Key Vault. 
  key_vault_id            = azurerm_key_vault.nscsecrets.id
  tenant_id               = data.azurerm_client_config.current.tenant_id
  object_id               = data.azurerm_client_config.current.object_id
  secret_permissions      = ["Backup", "Delete", "Get", "List", "Purge", "Recover", "Restore", "Set", ]
  key_permissions         = ["Backup", "Create", "Decrypt", "Delete", "Encrypt", "Get", "Import", "List", "Purge", "Recover", "Restore", "Sign", "UnwrapKey", "Update", "Verify", "WrapKey", ]
  storage_permissions     = ["Backup", "Delete", "DeleteSAS", "Get", "GetSAS", "List", "ListSAS", "Purge", "Recover", "RegenerateKey", "Restore", "Set", "SetSAS", "Update", ]
  certificate_permissions = ["create", "delete", "deleteissuers", "get", "getissuers", "import", "list", "listissuers", "managecontacts", "manageissuers", "setissuers", "update", ]
}

resource "azurerm_key_vault_access_policy" "website_app_accesspolicy" { // This is for the Storage Account for Website Logs. 
  depends_on = [
    azurerm_app_service.website_app,
  ]
  key_vault_id            = azurerm_key_vault.nscsecrets.id
  tenant_id               = data.azurerm_client_config.current.tenant_id
  object_id               = azurerm_app_service.website_app.identity[0].principal_id
  key_permissions         = ["get", "create", "delete", "list", "restore", "recover", "unwrapkey", "wrapkey", "purge", "encrypt", "decrypt", "sign", "verify", ]
  secret_permissions      = ["Backup", "Delete", "Get", "List", "Purge", "Recover", "Restore", "Set", ]
  certificate_permissions = ["create", "delete", "deleteissuers", "get", "getissuers", "import", "list", "listissuers", "managecontacts", "manageissuers", "setissuers", "update", ]
}

resource "azurerm_key_vault_access_policy" "authentication_server_web_app_accesspolicy" { // This is for the Storage Account for Authentication Server Logs. 
  depends_on = [
    azurerm_app_service.authentication_server_web_app,
  ]
  key_vault_id            = azurerm_key_vault.nscsecrets.id
  tenant_id               = data.azurerm_client_config.current.tenant_id
  object_id               = azurerm_app_service.authentication_server_web_app.identity[0].principal_id
  key_permissions         = ["get", "create", "delete", "list", "restore", "recover", "unwrapkey", "wrapkey", "purge", "encrypt", "decrypt", "sign", "verify", ]
  secret_permissions      = ["Backup", "Delete", "Get", "List", "Purge", "Recover", "Restore", "Set", ]
  certificate_permissions = ["create", "delete", "deleteissuers", "get", "getissuers", "import", "list", "listissuers", "managecontacts", "manageissuers", "setissuers", "update", ]
}

Error: A resource with the ID ""https://nscsecrets-aldjfd.vault.azure.net/secrets/EventGridAuthenticationServerTopicAccountEndpoint/10f66b24325f4be0b7e042e6d4122794" " already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_key_vault_secret" for more information. with azurerm_key_vault_secret.Event_Grid_Authentication_Server_Topic_Account_EndPoint, │   on keyvault.tf line 138, in resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint": │  138: resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint" {

根据上述错误,在您的代码中,您已将 2 Key vault secret 命名为 ,即 EventGridAuthenticationServerTopicAccountEndpoint,为此它给出的错误是 密钥保管库秘密已经存在。请重命名解决错误的秘密之一。

具有相同秘密名称的秘密块如下来自您的代码:

resource "azurerm_key_vault_secret" "Event_Grid_Authentication_Server_Topic_Account_EndPoint" {
  name         = "EventGridAuthenticationServerTopicAccountEndpoint"
  value        = azurerm_eventgrid_topic.AuthServer_EventGrid_Topic.endpoint
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_eventgrid_topic.AuthServer_EventGrid_Topic,
  ]

}
resource "azurerm_key_vault_secret" "Event_Grid_System_Notification_Topic_Account_Key" {
  name         = "EventGridAuthenticationServerTopicAccountEndpoint"
  value        = azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic.primary_access_key
  key_vault_id = azurerm_key_vault.nscsecrets.id

  depends_on = [
    azurerm_key_vault_access_policy.client,
    azurerm_key_vault_access_policy.service_principal,
    azurerm_eventgrid_topic.Event_Grid_System_Notification_Topic,
  ]

}