aabgwu
October 16, 2020, 1:57pm
1
--- VAULT AZURE SECRETS BACKEND
--- ./vault/az-backend/maint.tf
terraform {
backend "local" {
path = ".az.backend.terraform.tfstate"
}
}
provider "vault" { }
resource "vault_azure_secret_backend" "creds" {
subscription_id = var.azure_subscr_id
tenant_id = var.azure_tenant_id
client_id = var.azure_client_id
client_secret = var.azure_secret_id
path = "${var.path}-creds"
}
resource "vault_azure_secret_backend_role" "creds" {
backend = vault_azure_secret_backend.creds.path
role = "${var.path}-role"
application_object_id = var.azure_object_id
}
output "backend" {
value = vault_azure_secret_backend.creds.path
}
output "role" {
value = vault_azure_secret_backend_role.creds.role
}
--- EOC
--- TERRAFORM PROVIDER
--- ./terraform/az-provider/maint.tf
terraform {
backend "local" {
path = ".az.provider.terraform.tfstate"
}
}
data "terraform_remote_state" "creds" {
backend = "local"
config = {
path = "${var.path}${var.state}"
}
}
data "vault_azure_access_credentials" "creds" {
backend = data.terraform_remote_state.creds.outputs.backend
role = data.terraform_remote_state.creds.outputs.role
}
provider "azurerm" {
features {}
client_id = data.vault_azure_access_credentials.creds.client_id
client_secret = data.vault_azure_access_credentials.creds.client_secret
tenant_id = data.vault_azure_access_credentials.creds.tenant_id
subscription_id = data.vault_azure_access_credentials.creds.subscription_id
}
--- CREATE STORAGE ACCOUNT FROM EXISTING RESOURCE GROUP
resource "azurerm_storage_account" "savault" {
name = "${var.name}"
resource_group_name = "${var.name}-rg"
location = var.location
account_tier = "Standard"
account_kind = "Storage"
account_replication_type = "LRS"
}
--- EOC
--- ERROR
Error: Unsupported attribute
on main.tf line 51, in provider "azurerm":
51: tenant_id = data.vault_azure_access_credentials.creds.tenant_id
This object has no argument, nested block, or exported attribute named
"tenant_id".
Error: Unsupported attribute
on main.tf line 52, in provider "azurerm":
52: subscription_id = data.vault_azure_access_credentials.creds.subscription_id
This object has no argument, nested block, or exported attribute named
"subscription_id".
--- EOC