![](/img/trans.png)
[英]Azure CLI ARM parameters json using variables to retrieve keyvault secrets
[英]Azure ARM Template - Create KeyVault Secrets in Keyvault in different Resource Group
我正在 Azure 中部署虛擬機。 用戶名和密碼是自動創建的,並在部署時作為參數傳遞。 部署虛擬機的資源組也作為參數傳遞,因此可以是任何內容。
我的 Keyvault 在一個特定的資源組中,虛擬機的用戶名和密碼應該存儲在這里。
當 Keyvault 與虛擬機位於同一資源組時,它工作正常。 但是當它在不同的資源組中時,我會收到以下錯誤:
"error": {
"code": "ParentResourceNotFound",
"message": "Can not perform requested operation on nested resource. Parent resource 'mykeyvault' not found."
}
} undefined
這是我創建機密的 ARM 模板的一部分。
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('AdminUsername'))]",
"apiVersion": "2018-02-14",
"properties": {
"contentType": "Secret",
"value": "[variables('AdminUsername')]"
},
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('VMName'))]"
]
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', parameters('VMName'),'-AdminPassword')]",
"apiVersion": "2018-02-14",
"properties": {
"contentType": "Secret",
"value": "[parameters('AdminPassword')]"
},
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('VMName'))]"
]
},
我還嘗試用 keyvault 的 resourceID 替換 keyVaultName 變量,但這會產生不同的錯誤“Incorrect Segment Lengths”
發生這種情況是因為 ARM 模板將資源部署到特定資源組。 如果 KV 在不同的資源組中,您需要使用嵌套部署並以該資源組為目標,如下所示:
{
"apiVersion": "2017-05-10",
"name": "nestedTemplate",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('kvResourceGroup')]",
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines', parameters('VMName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[format('{0}/{1}', variables('keyVaultName'), variables('AdminUsername'))]",
"apiVersion": "2018-02-14",
"properties": {
"contentType": "Secret",
"value": "[variables('AdminUsername')]"
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[format('{0}/{1}-AdminPassword', variables('keyVaultName'), parameters('VMName'))]",
"apiVersion": "2018-02-14",
"properties": {
"contentType": "Secret",
"value": "[parameters('AdminPassword')]"
}
}
]
}
}
},
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.