Terraform-如何为现有存储帐户配置生命周期策略

Question

我在 azure 门户中创建了一个存储帐户（在 terraform 之外）。我想配置生命周期管理策略来删除旧的 blob。我已经尝试terraform import 导入资源（存储帐户），但似乎设置是不同的 terraform 计划，当我运行 terraform plan 它说，它将替换或创建存储帐户。

但我不想重新创建包含日期的存储帐户。

provider "azurerm" {
  features {}
  skip_provider_registration = "true"
}

variable "LOCATION" {
  default     = "northeurope"
  description = "Region to deploy into"
}

variable "RESOURCE_GROUP" {
  default     = "[RETRACTED]" # The value is same in azure portal
  description = "Name of the resource group"
}

variable "STORAGE_ACCOUNT" {
  default     = "[RETRACTED]" # The value is same in azure portal
  description = "Name of the storage account where to store the backup"
}

variable "STORAGE_ACCOUNT_RETENTION_DAYS" {
  default     = "180"
  description = "Number of days to keep the backups"
}

resource "azurerm_resource_group" "storage-account" {
  name     = var.RESOURCE_GROUP
  location = var.LOCATION
}

resource "azurerm_storage_account" "storage-account-lifecycle" {
  name                     = var.STORAGE_ACCOUNT
  location                 = azurerm_resource_group.storage-account.location
  resource_group_name      = azurerm_resource_group.storage-account.name
  account_tier             = "Standard"
  account_replication_type = "RAGRS" #Read-access geo-redundant storage

}

resource "azurerm_storage_management_policy" "storage-account-lifecycle-management-policy" {
  storage_account_id = azurerm_storage_account.storage-account-lifecycle.id

  rule {
    name    = "DeleteOldBackups"
    enabled = true
    filters {
      blob_types = ["blockBlob"]
    }
    actions {
      base_blob {
        delete_after_days_since_modification_greater_than = var.STORAGE_ACCOUNT_RETENTION_DAYS
      }
    }
  }
}

导入资源

$ terraform import azurerm_storage_account.storage-account-lifecycle /subscriptions/[RETRACTED]
azurerm_storage_account.storage-account-lifecycle: Importing from ID "/subscriptions/[RETRACTED]...
azurerm_storage_account.storage-account-lifecycle: Import prepared!
  Prepared azurerm_storage_account for import
azurerm_storage_account.storage-account-lifecycle: Refreshing state... [id=/subscriptions/[RETRACTED]]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

计划如下

$ terraform plan
azurerm_storage_account.storage-account-lifecycle: Refreshing state... [id=/subscriptions/[RETRACTED]]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply":


Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following
plan may include actions to undo or respond to these changes.

────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
  + create

Terraform will perform the following actions:

  # azurerm_resource_group.storage-account will be created
  + resource "azurerm_resource_group" "storage-account" {
      + id       = (known after apply)
      + location = "northeurope"
      + name     = "[RETRACTED]"
    }

  # azurerm_storage_management_policy.storage-account-lifecycle-management-policy will be created
  + resource "azurerm_storage_management_policy" "storage-account-lifecycle-management-policy" {
      + id                 = (known after apply)
      + storage_account_id = "/subscriptions/[RETRACTED]"

      + rule {
          + enabled = true
          + name    = "DeleteOldBackups"

          + actions {
              + base_blob {
                  + delete_after_days_since_modification_greater_than = 180
                }
            }

          + filters {
              + blob_types = [
                  + "blockBlob",
                ]
            }
        }
    }

Plan: 2 to add, 0 to change, 0 to destroy.

────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform
apply" now.

从计划中，我看到它将创建“存储帐户”。我还尝试删除azurerm_storage_account 部分并为azurerm_storage_management_policy 部分中的var storage_account_id 指定资源ID，但它仍然是# azurerm_resource_group.storage-account will be created。

如何在不修改/创建现有存储帐户的情况下配置生命周期管理策略。

PS：这是我的第一个 terraform 脚本

Answer 1

好的，我看到了@Jim Xu 在评论中指出的问题。我没有导入它所说的资源组。我导入了类似的资源组并运行terraform plan

$ terraform import azurerm_resource_group.storage-account /subscriptions/[RETRACTED]
$ $ terraform plan
azurerm_resource_group.storage-account: Refreshing state... [id=/subscriptions/[RETRACTED]]
azurerm_storage_account.storage-account-lifecycle: Refreshing state... [id=/subscriptions/[RETRACTED]]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply":


Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following
plan may include actions to undo or respond to these changes.

────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
  + create

Terraform will perform the following actions:

  # azurerm_storage_management_policy.storage-account-lifecycle-management-policy will be created
  + resource "azurerm_storage_management_policy" "storage-account-lifecycle-management-policy" {
      + id                 = (known after apply)
      + storage_account_id = "/subscriptions/[RETRACTED]"

      + rule {
          + enabled = true
          + name    = "DeleteOldBackups"

          + actions {
              + base_blob {
                  + delete_after_days_since_modification_greater_than = 180
                }
            }

          + filters {
              + blob_types = [
                  + "blockBlob",
                ]
            }
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.