我们有以下 terraform 代码,用于在 appinsight 创建过程中为 appinsight 创建 AzureAPIM 记录器配置。但在这里,我们面临着将 Appinsight Instrumentation Key 配置为现有 keyvault 之一的命名值的挑战。
在应用程序洞察创建本身的过程中,使用仪器密钥(来自 kv)的命名值来查找 appinsight 和记录器添加,而不是在创建 Appinsight 后通过在 Keyvault 中创建机密的手动任务。
resource "azurerm_application_insights" "appinsights" {
name = var.appinsights_name
location = var.location
resource_group_name = var.rg_name
application_type = var.application_type
retention_in_days = var.retention_in_days
workspace_id = data.azurerm_log_analytics_workspace.laworkspace.id
internet_ingestion_enabled = var.internet_ingestion_enabled
disable_ip_masking = var.disable_ip_masking
tags = var.appinsights_tags
lifecycle {
ignore_changes = [
tags,
disable_ip_masking
]
}
}
resource "azurerm_api_management_logger" "logger" {
count = var.add_to_apim ? 1 : 0
api_management_name = var.apim_name
resource_group_name = var.apim_rg
name = azurerm_application_insights.appinsights.name
resource_id = azurerm_application_insights.appinsights.id
application_insights {
instrumentation_key = azurerm_application_insights.appinsights.instrumentation_key
}
lifecycle {
ignore_changes = [
resource_id
]
}
}
使用 azurerm_key_vault_secret 资源为检测密钥或连接字符串创建机密非常简单:
resource "azurerm_key_vault_secret" "app_insights_instrumentation_key" {
name = "${var.appinsights_name}-instrumentation-key"
value = azurerm_application_insights.appinsights.instrumentation_key
content_type = "Instrumentation Key for Application Insights ${var.appinsights_name}"
expiration_date = "2099-12-31T23:59:59+00:00"
key_vault_id = var.key_vault_id
}
resource "azurerm_key_vault_secret" "app_insights_connection_string" {
name = "${var.appinsights_name}-connection-string"
value = azurerm_application_insights.appinsights.connection_string
content_type = "Connection String for Application Insights ${var.appinsights_name}"
expiration_date = "2099-12-31T23:59:59+00:00"
key_vault_id = var.key_vault_id
}
关于记录器,考虑到它是在与 App Insights 实例相同的模块中创建的,您可以使用
azurerm_application_insights.appinsights.instrumentation_key
引用检测密钥,如代码示例中所示。
作为替代方案,请使用:
resource "azurerm_api_management_logger" "logger" {
# ...
application_insights {
instrumentation_key = azurerm_key_vault_secret.app_insights_instrumentation_key.value
}
}