Terraform 中的 Azure AzApi 提供程序
Azure AzApi provider in Terraform
我正在尝试使用 Azure AzApi 提供程序来更新 Azure 密钥保管库密钥轮换策略。
“Azure AzApi 提供程序”和密钥轮换策略都是上周发布的非常新的功能。
我没有收到任何错误,但它没有更新属性。
代码很简单:
- 读取现有的密钥保管库
- 使用“azurerm_key_vault_key”资源创建密钥
- 使用“azapi_update_resource”资源添加密钥轮换策略配置
我的代码:
data "azurerm_key_vault" "this" {
name = "kv33eerr"
resource_group_name = "test"
}
resource "time_offset" "expiration_days" {
offset_days = 364
}
resource "azurerm_key_vault_key" "generated" {
name = "testkey01"
key_vault_id = data.azurerm_key_vault.this.id
key_type = "RSA"
key_size = 2048
expiration_date = time_offset.expiration_days.rfc3339
key_opts = [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
]
}
resource "azapi_update_resource" "rotaion" {
type = "Microsoft.KeyVault/vaults/keys@2021-10-01"
parent_id = data.azurerm_key_vault.this.id
name = azurerm_key_vault_key.generated.name
body = jsonencode(
{
properties = {
lifetimeactions = [
{
action = "rotate"
timeaftercreate = "p545d"
timebeforeexpiry = null
},
{
action = "notify"
timeaftercreate = null
timebeforeexpiry = "p20d"
}
],
expiresin = "p2y"
}
}
)
depends_on = [
azurerm_key_vault_key.generated
]
}
地形应用:
Terraform will perform the following actions:
# azapi_update_resource.rotaion will be updated in-place
~ resource "azapi_update_resource" "rotaion" {
~ body = jsonencode(
~ {
~ properties = {
+ expiresin = "p2y"
+ lifetimeactions = [
+ {
+ action = "rotate"
+ timeaftercreate = "p545d"
+ timebeforeexpiry = null
},
+ {
+ action = "notify"
+ timeaftercreate = null
+ timebeforeexpiry = "p30d"
},
]
}
}
)
id = "/subscriptions/32055728-56f6-46dd-8fd1-3f50d4ae69a5/resourceGroups/test/providers/Microsoft.KeyVault/vaults/kv33eerr/keys/testkey01"
name = "testkey01"
~ output = jsonencode({}) -> (known after apply)
# (5 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
azapi_update_resource.rotaion: Modifying... [id=/subscriptions/32055728-56f6-46dd-8fd1-3f50d4ae69a5/resourceGroups/test/providers/Microsoft.KeyVault/vaults/kv33eerr/keys/testkey01]
azapi_update_resource.rotaion: Modifications complete after 3s [id=/subscriptions/3205xxxx-56f6-46dd-8fd1-3f50d4ae69a5/resourceGroups/test/providers/Microsoft.KeyVault/vaults/kv33eerr/keys/testkey01]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
密钥轮换策略:
az keyvault key rotation-policy show -n testkey01 --vault-name kv33eerr
{
"createdOn": null,
"expiresIn": null,
"id": null,
"lifetimeActions": [
{
"action": "Notify",
"timeAfterCreate": null,
"timeBeforeExpiry": "P30D"
}
],
"updatedOn": null
有效负载不准确,强烈建议安装 AzApi VSCode 扩展,它提供了丰富的创作体验以帮助您使用 AzApi 提供程序:https://marketplace.visualstudio.com/items?itemName=azapi-vscode.azapi
resource "azapi_update_resource" "test" {
type = "Microsoft.KeyVault/vaults/keys@2021-11-01-preview"
name = azurerm_key_vault_key.generated.name
parent_id = azurerm_key_vault_key.generated.key_vault_id
body = jsonencode({
properties = {
rotationPolicy = {
lifetimeActions = [
{
action = {
type = "Rotate"
}
trigger = {
timeAfterCreate = "P20D"
timeBeforeExpiry = null
}
},
{
action = {
type = "Notify"
}
trigger = {
timeAfterCreate = null
timeBeforeExpiry = "P20D"
}
}
],
attributes = {
expiryTime = "P2Y"
}
}
}
})
}
我正在尝试使用 Azure AzApi 提供程序来更新 Azure 密钥保管库密钥轮换策略。 “Azure AzApi 提供程序”和密钥轮换策略都是上周发布的非常新的功能。
我没有收到任何错误,但它没有更新属性。
代码很简单:
- 读取现有的密钥保管库
- 使用“azurerm_key_vault_key”资源创建密钥
- 使用“azapi_update_resource”资源添加密钥轮换策略配置
我的代码:
data "azurerm_key_vault" "this" {
name = "kv33eerr"
resource_group_name = "test"
}
resource "time_offset" "expiration_days" {
offset_days = 364
}
resource "azurerm_key_vault_key" "generated" {
name = "testkey01"
key_vault_id = data.azurerm_key_vault.this.id
key_type = "RSA"
key_size = 2048
expiration_date = time_offset.expiration_days.rfc3339
key_opts = [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
]
}
resource "azapi_update_resource" "rotaion" {
type = "Microsoft.KeyVault/vaults/keys@2021-10-01"
parent_id = data.azurerm_key_vault.this.id
name = azurerm_key_vault_key.generated.name
body = jsonencode(
{
properties = {
lifetimeactions = [
{
action = "rotate"
timeaftercreate = "p545d"
timebeforeexpiry = null
},
{
action = "notify"
timeaftercreate = null
timebeforeexpiry = "p20d"
}
],
expiresin = "p2y"
}
}
)
depends_on = [
azurerm_key_vault_key.generated
]
}
地形应用:
Terraform will perform the following actions:
# azapi_update_resource.rotaion will be updated in-place
~ resource "azapi_update_resource" "rotaion" {
~ body = jsonencode(
~ {
~ properties = {
+ expiresin = "p2y"
+ lifetimeactions = [
+ {
+ action = "rotate"
+ timeaftercreate = "p545d"
+ timebeforeexpiry = null
},
+ {
+ action = "notify"
+ timeaftercreate = null
+ timebeforeexpiry = "p30d"
},
]
}
}
)
id = "/subscriptions/32055728-56f6-46dd-8fd1-3f50d4ae69a5/resourceGroups/test/providers/Microsoft.KeyVault/vaults/kv33eerr/keys/testkey01"
name = "testkey01"
~ output = jsonencode({}) -> (known after apply)
# (5 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
azapi_update_resource.rotaion: Modifying... [id=/subscriptions/32055728-56f6-46dd-8fd1-3f50d4ae69a5/resourceGroups/test/providers/Microsoft.KeyVault/vaults/kv33eerr/keys/testkey01]
azapi_update_resource.rotaion: Modifications complete after 3s [id=/subscriptions/3205xxxx-56f6-46dd-8fd1-3f50d4ae69a5/resourceGroups/test/providers/Microsoft.KeyVault/vaults/kv33eerr/keys/testkey01]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
密钥轮换策略:
az keyvault key rotation-policy show -n testkey01 --vault-name kv33eerr
{
"createdOn": null,
"expiresIn": null,
"id": null,
"lifetimeActions": [
{
"action": "Notify",
"timeAfterCreate": null,
"timeBeforeExpiry": "P30D"
}
],
"updatedOn": null
有效负载不准确,强烈建议安装 AzApi VSCode 扩展,它提供了丰富的创作体验以帮助您使用 AzApi 提供程序:https://marketplace.visualstudio.com/items?itemName=azapi-vscode.azapi
resource "azapi_update_resource" "test" {
type = "Microsoft.KeyVault/vaults/keys@2021-11-01-preview"
name = azurerm_key_vault_key.generated.name
parent_id = azurerm_key_vault_key.generated.key_vault_id
body = jsonencode({
properties = {
rotationPolicy = {
lifetimeActions = [
{
action = {
type = "Rotate"
}
trigger = {
timeAfterCreate = "P20D"
timeBeforeExpiry = null
}
},
{
action = {
type = "Notify"
}
trigger = {
timeAfterCreate = null
timeBeforeExpiry = "P20D"
}
}
],
attributes = {
expiryTime = "P2Y"
}
}
}
})
}