Terraform 如何在订阅 B 中使用订阅 A 中的资源

问题描述 投票:0回答:1

我已在订阅 A 中创建了 azurerm_data_protection_backup_vault,当我在订阅 B 中创建存储帐户时,我希望启用备份保管库的主体 ID 作为存储帐户备份贡献者。我在订阅 B 中创建了第二个提供程序块,一个别名提供程序块,如下所示:

provider "azurerm" {
  alias           = "backup_sub_provider"
  subscription_id = "xxx-xxxx-"
  features {
    
  }
}

在创建存储帐户的模块中我添加了以下内容:

data "azurerm_data_protection_backup_vault" "this_vault" {
  provider            = azurerm.backup_sub_provider
  name                = "bvault-reb3az-vault"
  resource_group_name = "rg-reb3az-vault"
  }
  

resource "azurerm_role_assignment" "example" {
  scope                = azurerm_storage_account.storage_accounts["accntbackup"]
  role_definition_name = "Storage Account Backup Contributor"
  principal_id         = azurerm_data_protection_backup_vault.this_vault.identity[0].principal_id
}

这不起作用,我什至不理解 Terraform 的错误消息:

Error: Provider configuration not present

To work with
module.client_instance.module.storage.data.azurerm_data_protection_backup_vault.this_vault
its original provider configuration at
module.client_instance.module.storage.provider["registry.terraform.io/hashicorp/azurerm"].backup_sub_provider
is required, but it has been removed. This occurs when a provider
configuration is removed while objects created by that provider still exist
in the state. Re-add the provider configuration to destroy
module.client_instance.module.storage.data.azurerm_data_protection_backup_vault.this_vault,
after which you can remove the provider configuration again.

我想知道这是否与别名提供程序块位于另一个模块中有关。我的模块结构是:

root module (has the provider and the alias provider block for the deployment)
  |
  + -- module x
  + -- module y (creates the storage account and references the alias provider)
azure terraform-provider-azure
1个回答
0
投票

通过 terraform 在订阅 B 中使用订阅 A 中的资源。

要解决该错误,请将别名提供程序显式传递给创建存储帐户的模块。在根模块中,定义提供程序映射以包括默认提供程序和别名提供程序。确保存储模块包含引用别名提供程序的提供程序块。此配置允许 Terraform 正确设置和使用模块内的别名提供程序。

我尝试了以下配置来显式传递别名提供程序并克服此问题。

文件结构:

.
├── main.tf
└── modules
    └── storage
        ├── main.tf
        └── versions.tf

地形配置:

main.tf:

provider "azurerm" {
  features {}
}

provider "azurerm" {
  alias           = "backup"
  subscription_id = "xxxx-xxx-xxx-xxxxx"
  features {}
}

module "storage_module" {
  source = "./modules/storage"
  
  storage_account_name = "mystorageaccount"
  resource_group_name  = "vksb-rg"
  location             = "East US"
  backup_vault_name    = "vkServicesVault"
  vault_resource_group = "vksb-rg"
}

模块/存储/main.tf

provider "azurerm" {
  alias = "backup"
  features { 
  }
}

variable "storage_account_name" {
  type = string
}

variable "resource_group_name" {
  type = string
}

variable "location" {
  type = string
}

variable "backup_vault_name" {
  type = string
}

variable "vault_resource_group" {
  type = string
}

resource "azurerm_resource_group" "rg" {
  name     = var.resource_group_name
  location = var.location
}

resource "azurerm_storage_account" "storage_account" {
  name                     = var.storage_account_name
  resource_group_name      = azurerm_resource_group.rg.name
  location                 = azurerm_resource_group.rg.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

data "azurerm_data_protection_backup_vault" "backup_vault" {
  provider            = azurerm.backup
  name                = var.backup_vault_name
  resource_group_name = var.vault_resource_group
}

resource "azurerm_role_assignment" "storage_account_backup_contributor" {
  scope                = azurerm_storage_account.storage_account.id
  role_definition_name = "Storage Account Backup Contributor"
  principal_id         = data.azurerm_data_protection_backup_vault.backup_vault.identity[0].principal_id
}

部署:

enter image description here

enter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.