使用 Pulumi 将现有 VNet 添加到 Azure KeyVault 失败
Adding existing VNet to Azure KeyVault using Pulumi fails
我在 Azure 中有一个现有的密钥保管库,我正在尝试通过 Pulumi 代码为其添加一个现有的 VNet。我遇到以下错误:
error: azure:keyvault/keyVault:KeyVault resource 'exampleKeyVault' has a problem: Invalid or unknown key. Examine values at 'KeyVault.NetworkAcls.VirtualNetworkRules'.
这是我的代码:
example_key_vault = azure.keyvault.KeyVault("exampleKeyVault",
resource_group_name=resourceGroup,
name="keyVaultName",
tenant_id=current.tenant_id,
sku_name="premium",
soft_delete_retention_days=7,
network_acls=pulumi_azure_native.keyvault.NetworkRuleSetArgs(
bypass="AzureServices",
ip_rules=None,
default_action="Deny",
virtual_network_rules=[pulumi_azure_native.keyvault.VirtualNetworkRuleArgs(id="/subscriptions/xxxx/resourceGroups/yyyy/providers/Microsoft.Network/virtualNetworks/zzzz/subnets/mysubnet")],),
access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
tenant_id=current.tenant_id,
object_id=current.object_id,
key_permissions=[
"list",
"create",
"get",
"purge",
"recover",
"delete"
],
secret_permissions=["set",
"list",
"get",
"delete",
"purge",
"recover"],
)])
您向资源传递了错误的类型。 network_acls 不采用 pulumi_azure_native.keyvault.NetworkRuleSetArgs 的类型,它采用 pulumi.azure.KeyVaultNetworkAcls
查看此处了解更多信息:https://www.pulumi.com/registry/packages/azure/api-docs/keyvault/keyvault/#keyvaultnetworkacls
你需要这样的东西:
example_key_vault = azure.keyvault.KeyVault("exampleKeyVault",
resource_group_name=resourceGroup,
name="keyVaultName",
tenant_id=current.tenant_id,
sku_name="premium",
soft_delete_retention_days=7,
network_acls=pulumi.azure.NetworkRuleSetArgs(
bypass="AzureServices",
ip_rules=None,
default_action="Deny",
virtual_network_rules=[pulumi_azure_native.keyvault.VirtualNetworkRuleArgs(id="/subscriptions/xxxx/resourceGroups/yyyy/providers/Microsoft.Network/virtualNetworks/zzzz/subnets/mysubnet")],),
access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
tenant_id=current.tenant_id,
object_id=current.object_id,
key_permissions=[
"list",
"create",
"get",
"purge",
"recover",
"delete"
],
secret_permissions=["set",
"list",
"get",
"delete",
"purge",
"recover"],
)])
我还看到您在 virtual_network_rules 犯了同样的错误,您需要确保您没有在同一资源中缺少提供程序类型
我在 Azure 中有一个现有的密钥保管库,我正在尝试通过 Pulumi 代码为其添加一个现有的 VNet。我遇到以下错误:
error: azure:keyvault/keyVault:KeyVault resource 'exampleKeyVault' has a problem: Invalid or unknown key. Examine values at 'KeyVault.NetworkAcls.VirtualNetworkRules'.
这是我的代码:
example_key_vault = azure.keyvault.KeyVault("exampleKeyVault",
resource_group_name=resourceGroup,
name="keyVaultName",
tenant_id=current.tenant_id,
sku_name="premium",
soft_delete_retention_days=7,
network_acls=pulumi_azure_native.keyvault.NetworkRuleSetArgs(
bypass="AzureServices",
ip_rules=None,
default_action="Deny",
virtual_network_rules=[pulumi_azure_native.keyvault.VirtualNetworkRuleArgs(id="/subscriptions/xxxx/resourceGroups/yyyy/providers/Microsoft.Network/virtualNetworks/zzzz/subnets/mysubnet")],),
access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
tenant_id=current.tenant_id,
object_id=current.object_id,
key_permissions=[
"list",
"create",
"get",
"purge",
"recover",
"delete"
],
secret_permissions=["set",
"list",
"get",
"delete",
"purge",
"recover"],
)])
您向资源传递了错误的类型。 network_acls 不采用 pulumi_azure_native.keyvault.NetworkRuleSetArgs 的类型,它采用 pulumi.azure.KeyVaultNetworkAcls
查看此处了解更多信息:https://www.pulumi.com/registry/packages/azure/api-docs/keyvault/keyvault/#keyvaultnetworkacls
你需要这样的东西:
example_key_vault = azure.keyvault.KeyVault("exampleKeyVault",
resource_group_name=resourceGroup,
name="keyVaultName",
tenant_id=current.tenant_id,
sku_name="premium",
soft_delete_retention_days=7,
network_acls=pulumi.azure.NetworkRuleSetArgs(
bypass="AzureServices",
ip_rules=None,
default_action="Deny",
virtual_network_rules=[pulumi_azure_native.keyvault.VirtualNetworkRuleArgs(id="/subscriptions/xxxx/resourceGroups/yyyy/providers/Microsoft.Network/virtualNetworks/zzzz/subnets/mysubnet")],),
access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
tenant_id=current.tenant_id,
object_id=current.object_id,
key_permissions=[
"list",
"create",
"get",
"purge",
"recover",
"delete"
],
secret_permissions=["set",
"list",
"get",
"delete",
"purge",
"recover"],
)])
我还看到您在 virtual_network_rules 犯了同样的错误,您需要确保您没有在同一资源中缺少提供程序类型