问题
I am building a production infrastructure in Azure cloud with terraform. My requirements are below.
Azure key vault should be provision first, as I will utilize a secret from there. But as terraform module doesn't support depend_on. Any workaround will be highly appricaiable.
source = "./../modules/azurekeyvault/"
username = "${var.username}"
tags_environment = "${var.tags_environment}"
}
module "mysql" {
source = "./../modules/mysql/"
}
Azure key vault module.
name = "${var.lsrkeyvault}"
location = "${data.azurerm_resource_group.lsr.location}"
resource_group_name = "${data.azurerm_resource_group.lsr.name}"
enabled_for_disk_encryption = true
tenant_id = "${data.azurerm_client_config.current.tenant_id}"
sku_name = "standard
resource "azurerm_key_vault_secret" "userlist" {
count = length(var.username)
name = "${var.username[count.index]}"
value = "${bcrypt(random_string.password.result)}"
key_vault_id = "${azurerm_key_vault.kvlsr.id}"
tags = {
environment = "${var.tags_environment}"
}
}
Mysql Module code:
name = "kyv-lsr-dev"
resource_group_name = "rgroup"
}
data "azurerm_key_vault_secret" "userlist" {
name = "mylab"
key_vault_id = "${data.azurerm_key_vault.keyvault.id}"
回答1:
I don't know if this would work, but here is what I would recommend trying to help TF build out the correct dependency graph. I would make the keyvault id a variable in your module. That way when you use the module you will be explicitly calling the keyvault which should trigger it to be created before the module is executed.
module "mysql" {
source = "./../modules/mysql/"
keyvault_id = "${module.keyvault.id}"
}
This would require your mysql module to take keyvault_id as a variable and use that instead of the data resoruce. It would also require your keyvault module to output the keyvault id. Again, this may not work, but I think it will.
来源:https://stackoverflow.com/questions/58984760/terraform-module-depends-on-azure