![](/img/trans.png)
[英]ARM Template: Resource Not Found Errors when grabbing outputs from Vault and Secrets
[英]ARM Resource Not Found when trying to use Outputs, have tried a lot
我有一個嵌套的 ARM 模板(一個文件)。 在父作用域中,只有 2 個資源被部署:
在子模板中,我部署了一堆 Vault 和 Secret。 我試圖在輸出中獲取秘密和保險庫的一些屬性(保險庫名稱、秘密 URI 等)。 我嘗試了一堆不同的語法,它們都為我產生了錯誤。 不知道我還能嘗試什么,所以我決定來這里尋求一些建議。
嘗試從保管庫中獲取數據(在本例中為名稱,但只是測試):
"vaultName": {
"type": "string",
"value": "[reference(resourceId('Microsoft.KeyVault/vaults','TestVault123123'), '2017-05-10', 'Full').name]"
}
錯誤:未找到資源組 null 下的資源“Microsoft.KeyVault/vaults/TestVault123124”。 有關詳細信息,請 go 到https://aka.ms/ARMResourceNotFoundFix
"value": "[reference(resourceId('redacted-for-stackoverflow', parameters('rgName'), 'Microsoft.KeyVault/vaults','TestVault123124'), '2017-05-10', 'Full').name]"
錯誤:2021-05-10T18:41:03.6121120Z ##[錯誤]部署模板驗證失敗:'模板 output'resourceGroupName2' 在第 '1' 行和列 '26299' 無效:無法評估模板語言 ZC1C4252674C17938 resourceId': function requires fully qualified resource type 'Microsoft.KeyVault/vaults' as one of first three arguments for resource at resource group scope, or first two arguments for resource at subscription scope. 請參閱https://aka.ms/arm-template-expressions/#resourceid了解使用詳情。請參閱https://aka.ms/arm-template-expressions了解使用詳情。
嘗試從 Secret 獲取 output (URI)(TestVault123123 與密鑰位於相同的“部署”資源中:
"mySecretUri": {
"type": "string",
"value": "[reference(resourceId('Microsoft.KeyVault/vaults/secrets', 'TestVault123123', 'TestSecret123123'), '2017-05-10').secretUri]"
},
錯誤:“錯誤”:{“代碼”:“ParentResourceNotFound”,“消息”:“無法對嵌套資源執行請求的操作。找不到父資源'TestVault123123'。” } }
編輯:完整模板 注意:ID 已替換為“redacted-guid”。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"rgName": {
"type": "string",
"defaultValue": "sample"
},
"vaultName": {
"type": "string",
"defaultValue": "TestVault333555"
}
},
"variables": {
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"location": "West US",
"name": "[parameters('rgName')]",
"properties": {}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"name": "keyVaultsDeployment",
"resourceGroup": "[parameters('rgName')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2020-04-01-preview",
"name": "[parameters('vaultName')]",
"location": "westus",
"tags": {
"Environment": "Development",
"ResourceType": "Vaults"
},
"properties": {
"sku": {
"family": "A",
"name": "Standard"
},
"tenantId": "redacted-guid",
"accessPolicies": [
{
"tenantId": "redacted-guid",
"objectId": "redacted-guid",
"permissions": {
"keys": [
"Get"
],
"secrets": [
"Get"
],
"certificates": []
}
},
{
"tenantId": "redacted-guid",
"objectId": "redacted-guid",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers"
]
}
}
],
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": false,
"enableSoftDelete": true,
"softDeleteRetentionInDays": 90,
"enableRbacAuthorization": false,
"enablePurgeProtection": true,
"provisioningState": "Succeeded"
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"apiVersion": "2020-04-01-preview",
"name": "[concat(parameters('vaultName'), '/SECRET')]",
"location": "westus",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaultName'))]"
],
"properties": {
"attributes": {
"enabled": true
},
"value": "redacted-guid"
}
}
],
"outputs": {
"secret": {
"type": "string",
"value": "[reference(resourceId('Microsoft.KeyVault/vaults/secrets', parameters('vaultName'), 'SECRET'), '2017-05-10', 'Full').secretUri]"
},
"vaultLocation": {
"type": "string",
"value": "[reference(resourceId('Microsoft.KeyVault/vaults', parameters('vaultName')), '2017-05-10', 'Full').location]"
}
}
}
}
}
],
"outputs": {
}
}
Errors:
2021-05-11T20:54:39.6696772Z ##[error]NotFound: {
"error": {
"code": "ResourceNotFound",
"message": "The Resource 'Microsoft.KeyVault/vaults/TestVault333555' under resource group '<null>' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix"
}
}
2021-05-11T20:54:39.6698437Z ##[error]NotFound: {
"error": {
"code": "ParentResourceNotFound",
"message": "Can not perform requested operation on nested resource. Parent resource 'TestVault333555' not found."
}
}
在 Azure 上,在發布管道中,在 ARM 模板部署作業中,部署 scope 設置為“訂閱”。 據我了解,這是必要的,因為我想創建一個全新的資源組並在其下部署資源。 如果部署 scope 設置為“資源組”,則需要我在管道中指定 RG,這是我不想要的,因為我想在執行時創建它。
我已經使用 Powershell SDK 和您提供的模板進行了一些測試,並設法擺脫了“找不到資源組 null”錯誤。
所以有幾件事 - 因為這不是資源組部署,您需要更改 $schema(例如訂閱范圍):
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
至
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
有關部署范圍和 ARM 模板的詳細信息,請參閱范圍格式
其次,在您的部署資源中,您沒有設置“expressionEvaluationOptions”屬性,這意味着您不能在 output 部分中使用參考 function。 您必須在“原始”模板中聲明它們或將“expressionEvaluationOptions”屬性設置為“內部”。 有關您的問題,請參閱文檔。
我還注意到“provisioningState”屬性,因此您粘貼了之前部署門戶的模板。 這並不總是有效,並且您的大多數“apiVersions”屬性都已過時
所以 TLDR:
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.