[英]ARM Template: Resource Not Found Errors when grabbing outputs from Vault and Secrets
[英]ARM Resource Not Found when trying to use Outputs, have tried a lot
我有一个嵌套的 ARM 模板(一个文件)。 在父作用域中,只有 2 个资源被部署:
在子模板中,我部署了一堆 Vault 和 Secret。 我试图在输出中获取秘密和保险库的一些属性(保险库名称、秘密 URI 等)。 我尝试了一堆不同的语法,它们都为我产生了错误。 不知道我还能尝试什么,所以我决定来这里寻求一些建议。
尝试从保管库中获取数据(在本例中为名称,但只是测试):
"vaultName": {
"type": "string",
"value": "[reference(resourceId('Microsoft.KeyVault/vaults','TestVault123123'), '2017-05-10', 'Full').name]"
}
错误:未找到资源组 null 下的资源“Microsoft.KeyVault/vaults/TestVault123124”。 有关详细信息,请 go 到https://aka.ms/ARMResourceNotFoundFix
"value": "[reference(resourceId('redacted-for-stackoverflow', parameters('rgName'), 'Microsoft.KeyVault/vaults','TestVault123124'), '2017-05-10', 'Full').name]"
错误:2021-05-10T18:41:03.6121120Z ##[错误]部署模板验证失败:'模板 output'resourceGroupName2' 在第 '1' 行和列 '26299' 无效:无法评估模板语言 ZC1C4252674C17938 resourceId': function requires fully qualified resource type 'Microsoft.KeyVault/vaults' as one of first three arguments for resource at resource group scope, or first two arguments for resource at subscription scope. 请参阅https://aka.ms/arm-template-expressions/#resourceid了解使用详情。请参阅https://aka.ms/arm-template-expressions了解使用详情。
尝试从 Secret 获取 output (URI)(TestVault123123 与密钥位于相同的“部署”资源中:
"mySecretUri": {
"type": "string",
"value": "[reference(resourceId('Microsoft.KeyVault/vaults/secrets', 'TestVault123123', 'TestSecret123123'), '2017-05-10').secretUri]"
},
错误:“错误”:{“代码”:“ParentResourceNotFound”,“消息”:“无法对嵌套资源执行请求的操作。找不到父资源'TestVault123123'。” } }
编辑:完整模板 注意:ID 已替换为“redacted-guid”。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"rgName": {
"type": "string",
"defaultValue": "sample"
},
"vaultName": {
"type": "string",
"defaultValue": "TestVault333555"
}
},
"variables": {
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"location": "West US",
"name": "[parameters('rgName')]",
"properties": {}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"name": "keyVaultsDeployment",
"resourceGroup": "[parameters('rgName')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2020-04-01-preview",
"name": "[parameters('vaultName')]",
"location": "westus",
"tags": {
"Environment": "Development",
"ResourceType": "Vaults"
},
"properties": {
"sku": {
"family": "A",
"name": "Standard"
},
"tenantId": "redacted-guid",
"accessPolicies": [
{
"tenantId": "redacted-guid",
"objectId": "redacted-guid",
"permissions": {
"keys": [
"Get"
],
"secrets": [
"Get"
],
"certificates": []
}
},
{
"tenantId": "redacted-guid",
"objectId": "redacted-guid",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers"
]
}
}
],
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": false,
"enableSoftDelete": true,
"softDeleteRetentionInDays": 90,
"enableRbacAuthorization": false,
"enablePurgeProtection": true,
"provisioningState": "Succeeded"
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"apiVersion": "2020-04-01-preview",
"name": "[concat(parameters('vaultName'), '/SECRET')]",
"location": "westus",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaultName'))]"
],
"properties": {
"attributes": {
"enabled": true
},
"value": "redacted-guid"
}
}
],
"outputs": {
"secret": {
"type": "string",
"value": "[reference(resourceId('Microsoft.KeyVault/vaults/secrets', parameters('vaultName'), 'SECRET'), '2017-05-10', 'Full').secretUri]"
},
"vaultLocation": {
"type": "string",
"value": "[reference(resourceId('Microsoft.KeyVault/vaults', parameters('vaultName')), '2017-05-10', 'Full').location]"
}
}
}
}
}
],
"outputs": {
}
}
Errors:
2021-05-11T20:54:39.6696772Z ##[error]NotFound: {
"error": {
"code": "ResourceNotFound",
"message": "The Resource 'Microsoft.KeyVault/vaults/TestVault333555' under resource group '<null>' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix"
}
}
2021-05-11T20:54:39.6698437Z ##[error]NotFound: {
"error": {
"code": "ParentResourceNotFound",
"message": "Can not perform requested operation on nested resource. Parent resource 'TestVault333555' not found."
}
}
在 Azure 上,在发布管道中,在 ARM 模板部署作业中,部署 scope 设置为“订阅”。 据我了解,这是必要的,因为我想创建一个全新的资源组并在其下部署资源。 如果部署 scope 设置为“资源组”,则需要我在管道中指定 RG,这是我不想要的,因为我想在执行时创建它。
我已经使用 Powershell SDK 和您提供的模板进行了一些测试,并设法摆脱了“找不到资源组 null”错误。
所以有几件事 - 因为这不是资源组部署,您需要更改 $schema(例如订阅范围):
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
至
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
有关部署范围和 ARM 模板的详细信息,请参阅范围格式
其次,在您的部署资源中,您没有设置“expressionEvaluationOptions”属性,这意味着您不能在 output 部分中使用参考 function。 您必须在“原始”模板中声明它们或将“expressionEvaluationOptions”属性设置为“内部”。 有关您的问题,请参阅文档。
我还注意到“provisioningState”属性,因此您粘贴了之前部署门户的模板。 这并不总是有效,并且您的大多数“apiVersions”属性都已过时
所以 TLDR:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.