Environment:

Terraform v0.11.11
+ provider.azurerm v1.21.0
+ provider.random v2.0.0
+ provider.template v2.0.0

**Problem:**

Greetings,

Trying to configure TF to access Azure Vault Key. This is my snippet:

Configure Azure Vault Service

resource "random_id" "keyvault" { byte_length = 4 }

data "azurerm_client_config" "current" {}

resource "azurerm_key_vault" "vault" { name = "consul-test" #name = "${var.env_name}-vault-${random_id.keyvault.hex}" location = "${var.deployment_location}" resource_group_name = "${var.resource_group_name}" enabled_for_deployment = true enabled_for_disk_encryption = true tenant_id = "${var.tenant_id}"

sku { name = "standard" }

tags { environment = "${var.env_name}" }

access_policy { tenant_id = "${var.tenant_id}" object_id = "${data.azurerm_client_config.current.service_principal_object_id}"

certificate_permissions = [
  "get",
  "list",
  "create",
  "delete",
  "update",
]

key_permissions = [
  "get",
  "list",
  "create",
  "delete",
  "update",
  "wrapKey",
  "unwrapKey",
]

secret_permissions = [
  "get",
  "list",
  "set",
  "delete",
]

}

network_acls { default_action = "Allow" bypass = "AzureServices" } }

resource "azurerm_key_vault_key" "generated" { name = "${var.key_name}" vault_uri = "${azurerm_key_vault.vault.vault_uri}" key_type = "RSA" key_size = 2048

key_opts = [ "decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey", ] }

output "key_vault_name" { value = "${azurerm_key_vault.vault.name}" }

Create Render Data off Template

data "template_file" "init" { template = "${file("./init-cluster.tpl")}"

vars = { cluster_size = "${var.consul_instance_count}" consul_version = "${var.consul_version}" consul_datacenter = "${var.consul_datacenter}" vault_version = "${var.vault_version}" vault_datacenter = "${var.consul_datacenter}" consul_join_wan = "${join(" ", var.consul_join_wan)}" auto_join_subscription_id = "${var.auto_join_subscription_id}" auto_join_tenant_id = "${var.auto_join_tenant_id}" auto_join_client_id = "${var.auto_join_client_id}" auto_join_secret_access_key = "${var.auto_join_client_secret}" tenant_id = "${var.tenant_id}" subscription_id = "${var.subscription_id}" client_id = "${var.client_id}" client_secret = "${var.client_secret}" vault_name = "${azurerm_key_vault.vault.name}" key_name = "${var.key_name}" } }

My template file looks as follows:

**File: init-cluster.tpl**

Prepare Vault Service for Auto-Unseal and Unseal Script

sudo cat << EOF > /tmp/azure_auth.sh set -v export VAULT_ADDR="http://127.0.0.1:8200" vault auth enable azure vault write auth/azure/config tenant_id="${tenant_id}" resource="https://management.azure.com/" client_id="${client_id}" client_secret="${client_secret}" vault write auth/azure/role/dev-role policies="default" bound_subscription_ids="${subscription_id}" bound_resource_groups="${resource_group_name}" vault write auth/azure/login role="dev-role" \ jwt="$(curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F' -H Metadata:true -s | jq -r .access_token)" \ subscription_id="${subscription_id}" \ resource_group_name="${resource_group_name}" \ vm_name="${vm_name}" EOF sudo chmod +x /tmp/azure_auth.sh

Now, running 

terraform plan

 gives me the following error:

Error: Error running plan: 3 error(s) occurred:

• output.key_vault_name: Resource 'azurerm_key_vault.vault' not found for variable 'azurerm_key_vault.vault.name'

• azurerm_key_vault_key.generated: 1 error(s) occurred:

• azurerm_key_vault_key.generated: Resource 'azurerm_key_vault.vault' not found for variable 'azurerm_key_vault.vault.vault_uri'

• data.template_file.init: 1 error(s) occurred:

• data.template_file.init: Resource 'azurerm_key_vault.vault' not found for variable 'azurerm_key_vault.vault.name'

I am nearly going cross-eyed looking at the problem. Variables are defined. I do not understand why would it not find 

azurem_key_vault.vault```. It is right there.

Any help would be tremendously appreciated.

该提问来源于开源项目：terraform-providers/terraform-provider-azurerm