在嵌套模板中引用 listKeys()
[英]Reference listKeys() in nested templates
问题描述
我正在创建一个 ARM 模板,该模板在不同的资源组中部署了大量资源。 实际上,资源组本身就是部署的一部分。 在一个简单的版本中,我只创建了两个资源组( masterRG和dependentRG ),然后创建了两个嵌套(内联)部署。 第一个内联部署将存储帐户 ( testsadj1604 ) 放在masterRG中。 此部署依赖于 masterRG。
第二个部署创建一个 keyvault 并尝试将来自testsadj1604的连接字符串存储在该 vault 中。
在我的真实案例中,我有更多的资源组,我实际上尝试部署一个 Function 应用程序,其连接字符串为“appsetting”。 方法是一样的。
我得到的错误如下:
Deployment failed. Correlation ID: 9c359e8e-8657-4756-a5a3-f9c5698fbb46. {
"error": {
"code": "ResourceNotFound",
"message": "The Resource 'Microsoft.Storage/storageAccounts/testsadj1604' under resource group '<null>' was not found."
}
}
这是我的代码:
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"name": "masterRG",
"location": "West Europe",
"properties": {}
},
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"name": "dependentRG",
"location": "West Europe",
"properties": {}
},
{
"name": "masterRgDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"resourceGroup": "masterRG",
"dependsOn": [
"masterRG"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2019-06-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "testsadj1604",
"location": "West Europe",
"sku": {
"name": "Standard_GRS"
},
"kind": "StorageV2",
"properties": {
"supportsHttpsTrafficOnly": true
}
}
]
}
}
},
{
"name": "dependentRgDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"resourceGroup": "dependentRG",
"dependsOn": [
"dependentRG",
"masterRgDeployment"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"name": "kvaNameTest1604",
"apiVersion": "2015-06-01",
"location": "West Europe",
"properties": {
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": true,
"tenantId": "[subscription().tenantId]",
"accessPolicies": [
{
"objectId": "fc05639d-70eb-4175-a89b-eab7f883c691",
"tenantId": "[subscription().tenantId]",
"permissions": {
"keys": [
"get",
"list",
"update"
],
"secrets": [
"get",
"list",
"update"
]
}
}
],
"sku": {
"name": "Standard",
"family": "A"
},
"networkAcls": {
"defaultAction": "Allow",
"bypass": "AzureServices"
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "kvaNameTest1604/saConnectionString",
"apiVersion": "2018-02-14",
"location": "West Europe",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', 'kvaNameTest1604')]"
],
"properties": {
"value": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', 'testsadj1604'), '2019-06-01').keys[0].value]"
}
}
]
}
}
}
]
}
我很确定错误来自底部的 listKeys(),在我的真实模板中进行了我一整天的反复试验(和谷歌狂热)。 使用 listKeys() 和嵌套部署很麻烦,但我真的不明白为什么它不应该工作。 我确保在第二次部署中有一个dependsOn。
这让我大吃一惊,有什么方法可以使用嵌套(内联)模板并引用不同资源组中的存储帐户密钥(但是整体部署的一部分)? 我还尝试在第一次部署中创建 output 并在第二次部署中引用它,但这没有效果。 我完全不知所措,欢迎任何帮助!
1 个解决方案
解决方案1
2 已采纳 2020-04-20 17:23:47
要在单个模板中工作,您需要做一些事情:
- 在您的 keyvault 机密部署中设置此属性:
"expressionEvaluationOptions": {
"scope": "inner"
},
这将延迟表达式的评估,直到部署开始。
- 当您设置 #1 时,您需要为您需要的值定义参数(您不能再使用“全局”参数/变量),您可以像示例中那样对所有字符串进行硬编码,但我猜这不是您在“真正的”部署中做。 定义参数并将值传递到该部署中。
- 您的 listKeys() 调用需要包含 storageAccount 的完整 resourceId,因为它位于单独/不同的部署中-因此您需要提供 resourceGroup 名称参数-如果您在部署中交叉订阅(您的示例没有)您需要提供 subscriptionId 参数。
下面是一个工作示例...
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string",
"defaultValue": "[concat('scratch', uniqueString(newGuid()))]"
}
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"name": "masterRG",
"location": "West Europe",
"properties": {
}
},
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"name": "dependentRG",
"location": "West Europe",
"properties": {
}
},
{
"name": "masterRgDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"resourceGroup": "masterRG",
"dependsOn": [
"masterRG"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2019-06-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"location": "West Europe",
"sku": {
"name": "Standard_GRS"
},
"kind": "StorageV2",
"properties": {
"supportsHttpsTrafficOnly": true
}
}
]
}
}
},
{
"name": "dependentRgDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"resourceGroup": "dependentRG",
"dependsOn": [
"dependentRG",
"masterRgDeployment"
],
"properties": {
"mode": "Incremental",
"expressionEvaluationOptions": {
"scope": "inner"
},
"parameters":{
"storageAccountName": {
"value": "[parameters('storageAccountName')]"
},
"storageAccountResourceGroupName": {
"value": "masterRG"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string"
},
"storageAccountResourceGroupName": {
"type": "string"
}
},
"variables": {
"vaultName": "[concat('kv-', parameters('storageAccountName'))]"
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"name": "[variables('vaultName')]",
"apiVersion": "2019-09-01",
"location": "West Europe",
"properties": {
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": true,
"tenantId": "[subscription().tenantId]",
"accessPolicies": [ ],
"sku": {
"name": "Standard",
"family": "A"
},
"networkAcls": {
"defaultAction": "Allow",
"bypass": "AzureServices"
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('vaultName'), '/saConnectionString')]",
"apiVersion": "2019-09-01",
"location": "West Europe",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', variables('vaultName'))]"
],
"properties": {
"value": "[listKeys(resourceId(parameters('storageAccountResourceGroupName'),'Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2019-06-01').keys[0].value]"
}
}
]
}
}
}
]
}
ARM嵌套模板:部署带有嵌套模板的模板时,_artifactLocation参数未正确填充
[英]ARM nested templates: _artifactLocation parameter is not populated correctly when deploying template with nested templates
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.