ARM 模板：从 Vault 和 Secrets 获取输出时找不到资源错误

Question

复制问题的示例模板（ID 已替换为“redacted-guid”）：

{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
    "rgName": {
        "type": "string",
        "defaultValue": "sample"
    },
    "vaultName": {
        "type": "string",
        "defaultValue": "TestVault333555"
    }
},
"variables": {

},
"resources": [
    {
        "type": "Microsoft.Resources/resourceGroups",
        "apiVersion": "2018-05-01",
        "location": "West US",
        "name": "[parameters('rgName')]",
        "properties": {}
    },
    {
        "type": "Microsoft.Resources/deployments",
        "apiVersion": "2017-05-10",
        "name": "keyVaultsDeployment",
        "resourceGroup": "[parameters('rgName')]",
        "dependsOn": [
            "[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]"
        ],
        "properties": {
            "mode": "Incremental",
            "template": {
                "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {},
                "variables": {},
                "resources": [
                    {
                        "type": "Microsoft.KeyVault/vaults",
                        "apiVersion": "2020-04-01-preview",
                        "name": "[parameters('vaultName')]",
                        "location": "westus",
                        "tags": {
                            "Environment": "Development",
                            "ResourceType": "Vaults"
                        },
                        "properties": {
                            "sku": {
                                "family": "A",
                                "name": "Standard"
                            },
                            "tenantId": "redacted-guid",
                            "accessPolicies": [
                                {
                                    "tenantId": "redacted-guid",
                                    "objectId": "redacted-guid",
                                    "permissions": {
                                        "keys": [
                                            "Get"
                                        ],
                                        "secrets": [
                                            "Get"
                                        ],
                                        "certificates": []
                                    }
                                },
                                {
                                    "tenantId": "redacted-guid",
                                    "objectId": "redacted-guid",
                                    "permissions": {
                                        "keys": [
                                            "Get",
                                            "List",
                                            "Update",
                                            "Create",
                                            "Import",
                                            "Delete",
                                            "Recover",
                                            "Backup",
                                            "Restore"
                                        ],
                                        "secrets": [
                                            "Get",
                                            "List",
                                            "Set",
                                            "Delete",
                                            "Recover",
                                            "Backup",
                                            "Restore"
                                        ],
                                        "certificates": [
                                            "Get",
                                            "List",
                                            "Update",
                                            "Create",
                                            "Import",
                                            "Delete",
                                            "Recover",
                                            "Backup",
                                            "Restore",
                                            "ManageContacts",
                                            "ManageIssuers",
                                            "GetIssuers",
                                            "ListIssuers",
                                            "SetIssuers",
                                            "DeleteIssuers"
                                        ]
                                    }
                                }
                            ],
                            "enabledForDeployment": false,
                            "enabledForDiskEncryption": false,
                            "enabledForTemplateDeployment": false,
                            "enableSoftDelete": true,
                            "softDeleteRetentionInDays": 90,
                            "enableRbacAuthorization": false,
                            "enablePurgeProtection": true,
                            "provisioningState": "Succeeded"
                        }
                    },
                    {
                        "type": "Microsoft.KeyVault/vaults/secrets",
                        "apiVersion": "2020-04-01-preview",
                        "name": "[concat(parameters('vaultName'), '/SECRET')]",
                        "location": "westus",
                        "dependsOn": [
                            "[resourceId('Microsoft.KeyVault/vaults', parameters('vaultName'))]"
                        ],
                        "properties": {
                            "attributes": {
                                "enabled": true
                            },
                            "value": "redacted-guid"
                        }
                    }
                ],
                "outputs": {
                    "secret": {
                        "type": "string",
                        "value": "[reference(resourceId('Microsoft.KeyVault/vaults/secrets', parameters('vaultName'), 'SECRET'), '2017-05-10', 'Full').secretUri]"
                    },
                    "vaultLocation": {
                        "type": "string",
                        "value": "[reference(resourceId('Microsoft.KeyVault/vaults', parameters('vaultName')), '2017-05-10', 'Full').location]"
                    }
                }
            }
        }
    }
],
"outputs": {

}
}

错误：

2021-05-11T20:54:39.6696772Z ##[error]NotFound: {
"error": {
"code": "ResourceNotFound",
"message": "The Resource 'Microsoft.KeyVault/vaults/TestVault333555' under resource group '<null>' 
 was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix"
 }
 }
 2021-05-11T20:54:39.6698437Z ##[error]NotFound: {
 "error": {
"code": "ParentResourceNotFound",
"message": "Can not perform requested operation on nested resource. Parent resource 'TestVault333555' 
not found."
}
}

我已经尝试了很多 Output 语法的变体，以及尝试其他 output 阵列，但没有提出任何结果。

在 DevOps 的发布管道下，在“ARM 模板部署”作业中，我已将部署 scope 设置为“订阅”，因为我正在尝试创建参数化资源组并在该新资源组下部署 Vaults/Secrets。我的理解是这就是我想要的，因为在 DevOps 中，如果我将部署 Scope 设置为“资源组”，它需要我在管道中实际指定资源组，这不是我想要的我想创建一个新的资源组。

任何有关克服这些错误的帮助或建议将不胜感激。 一般来说，我对 ARM 比较陌生。 我的理解是，我应该能够 output 显示在 Azure 的“JSON 视图”中的资源中的任何数据，对吗？

我主要在寻找 3 条信息：

Vault Name（这个很简单，我可以将output Vault Name参数设为output，这样不会报错）
秘密名称（在这种情况下：秘密）
秘密 URI（在下面尝试）

Answer 1

刚刚回答了关于同一问题的最后一个问题。 正如此链接所述，当您尚未在部署资源中设置 expressionEvaluationOptions'-property 时，您不能在输出部分中使用 reference()-function。 未设置时，默认值为“外部”。

所以 2 个选项：在父模板中声明您的输出，或者从那里将 expressionEvaluationOptions'-property 设置为 'inner' 和 go

{
    "type": "Microsoft.Resources/deployments",
    "apiVersion": "2021-04-01",
    "name": "keyVaultsDeployment",
    "resourceGroup": "[parameters('rgName')]",
    "dependsOn": [
        "[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]"
    ],
    "properties": {"expressionEvaluationOptions": {
  "scope": "inner"}

ARM 模板：从 Vault 和 Secrets 获取输出时找不到资源错误

问题描述

1 个解决方案

解决方案1
0 2021-05-13 21:49:33

ARM 模板：从 Vault 和 Secrets 获取输出时找不到资源错误

问题描述

1 个解决方案

解决方案1 0 2021-05-13 21:49:33

解决方案1
0 2021-05-13 21:49:33