[英]azure arm template nested array as parameter
我试图创建一个包含多个网络安全组(NSG),以建立他们,并使用“计数”,以尽量减少模板代码应用到的vNet子网的JSON对象。 Microsoft文档在“在复制循环中使用属性对象”部分下介绍了如何为一个NSG设置创建对象 。 这将需要我为我需要的每个NSG创建一个新的参数对象,并为每个NSG创建冗长的模板代码。
我目前正在使用以下参数对象来保存有关虚拟网络(包括NSG)的所有信息。 NSG将绑定到子网,而第一个子网“ GatewaySubnet”将不再需要NSG
"vNetProperties": {
"value": {
"vNetAddressSpace": "10.136.0.0/16",
"subnetNames": [
"GatewaySubnet",
"Kemp-frontend-subnet",
"AD-backend-subnet"
],
"subnetRanges": [
"10.136.0.0/27",
"10.136.1.0/24",
"10.136.2.0/24"
],
"networkSecurityGroups": {
"value": {
"kempNSG": {
"value": {
"securityRules": [
{
"name": "HTTPS",
"description": "allow HTTPS connections",
"direction": "Inbound",
"priority": 100,
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "10.0.0.0/24",
"sourcePortRange": "*",
"destinationPortRange": "443",
"access": "Allow",
"protocol": "Tcp"
},
{
"name": "HTTP",
"description": "allow HTTP connections",
"direction": "Inbound",
"priority": 100,
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "10.0.0.0/24",
"sourcePortRange": "*",
"destinationPortRange": "80",
"access": "Allow",
"protocol": "Tcp"
}
]
}
},
"adNSG": {
"value": {
"securityRules": [
{
"name": "RDPAllow",
"description": "allow RDP connections",
"direction": "Inbound",
"priority": 100,
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "10.0.0.0/24",
"sourcePortRange": "*",
"destinationPortRange": "3389",
"access": "Allow",
"protocol": "Tcp"
}
]
}
}
}
}
}
}
我用于处理该对象的模板代码如下:
{
"apiVersion": "2016-06-01",
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[concat(parameters('vNetProperties').subnetNames[copyIndex(1)], '-nsg')]",
"location": "[resourceGroup().location]",
"copy": {
"name": "NSGs",
"count": "[length(array(parameters('vNetProperties').networkSecurityGroups))]"
},
"properties": {
"copy": [
{
"name": "securityRules",
"count": "[length(array(parameters('vNetProperties').networkSecurityGroups[copyIndex('securityRules')]))]",
"input": {
"description": "[parameters('vNetProperties').networkSecurityGroups[0].securityRules[0].description]",
"priority": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].priority]",
"protocol": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].protocol]",
"sourcePortRange": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].sourcePortRange]",
"destinationPortRange": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].destinationPortRange]",
"sourceAddressPrefix": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].sourceAddressPrefix]",
"destinationAddressPrefix": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].destinationAddressPrefix]",
"access": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].access]",
"direction": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].direction]"
}
}
]
}
}
我现在的代码绝对不能正常工作。 目前,我需要甚至可以在ARM中验证这种类型的逻辑。 是否有可能有一个阵列,其中该阵列中的每个项目是一个数组本身,并作为ARRAY1 [I] .array2 [j]的。名称以这样的方式参考阵列的两个级别?
这种方法行不通,您不能在同一个资源和引用对象中同时出现循环和属性复制循环(可悲)。
解决方法是为每个父对象(networkSecurityGroups)创建一个嵌套部署,然后在该部署中创建一个属性复制循环(安全规则)。 这将起作用,因为您只有一个复制循环。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.