以下是我的演示沙盒代码,介绍如何使用Bicep进行部署。我正在使用此的自定义证书
param profileName string='testresearchcdn'
@allowed([
'Standard_Verizon'
'Premium_Verizon'
'Custom_Verizon'
'Standard_Akamai'
'Standard_ChinaCdn'
'Standard_Microsoft'
'Premium_ChinaCdn'
'Standard_AzureFrontDoor'
'Premium_AzureFrontDoor'
'Standard_955BandWidth_ChinaCdn'
'Standard_AvgBandWidth_ChinaCdn'
'StandardPlus_ChinaCdn'
'StandardPlus_955BandWidth_ChinaCdn'
'StandardPlus_AvgBandWidth_ChinaCdn'
])
param sku string = 'Standard_Microsoft'
param endpointName string = 'testresearchcdn'
@description('Whether the HTTP traffic is allowed.')
param isHttpAllowed bool = true
@description('Whether the HTTPS traffic is allowed.')
param isHttpsAllowed bool = true
@description('Query string caching behavior.')
@allowed([
'IgnoreQueryString'
'BypassCaching'
'UseQueryString'
])
param queryStringCachingBehavior string = 'IgnoreQueryString'
@description('Content type that is compressed.')
param contentTypesToCompress array = [
'text/plain'
'text/html'
'text/css'
'application/x-javascript'
'text/javascript'
]
@description('Whether the compression is enabled')
param isCompressionEnabled bool = true
@description('Location for all resources.')
param location string = 'global'
resource testresearchcdn 'Microsoft.Cdn/profiles@2020-09-01' = {
name: profileName
location: location
properties: {}
sku: {
name: sku
}
}
resource Microsoft_Cdn_profiles_endpoints_testresearchcdn 'Microsoft.Cdn/profiles/endpoints@2020-09-01' = {
name: endpointName
parent: testresearchcdn
location: location
properties: {
originHostHeader: 'testresearchcdn.blob.core.windows.net'
isHttpAllowed: isHttpAllowed
isHttpsAllowed: isHttpsAllowed
queryStringCachingBehavior: queryStringCachingBehavior
contentTypesToCompress: contentTypesToCompress
isCompressionEnabled: isCompressionEnabled
origins: [
{
name: 'testresearchcdn-blob-core-windows-net'
properties: {
hostName: 'testresearchcdn.blob.core.windows.net'
}
}
]
}
}
resource test_researchcdn_example_com 'Microsoft.Cdn/profiles/endpoints/customDomains@2016-04-02' = {
name: 'test-researchcdn-example-com'
parent: Microsoft_Cdn_profiles_endpoints_testresearchcdn
properties: {
hostName: 'test-researchcdn.example.com'
}
}
resource example_wildcard_2019 'Microsoft.Cdn/profiles/secrets@2020-09-01' = {
name: 'DDKeyVault1'
parent: testresearchcdn
properties: {
parameters: {
type: 'CustomerCertificate'
certificateAuthority: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
secretSource: {
id: 'https://DDkeyvault1.vault.azure.net/certificates/example-wildcard-2019/xxxxxxxxxxxxxxxxxxxxx'
}
secretVersion: ''
subjectAlternativeNames: [
'*.example.com'
'example.com'
]
useLatestVersion: false
}
}
dependsOn: [
test_researchcdn_example_com
]
}
这是我的错误:
"代码":"BadRequest";,"消息":"SecretSource id无效">
我已经为SecretSource使用了证书标识符、密钥标识符和密钥所在的kvID,但我得到了同样的错误。我错过了什么?
您以错误的方式定义Secret SourceId。在ARM模板中,我们不能将id指定为https:///certificates/certificateName,而必须指定为/subscriptions/<SubscriptionID>/resourceGroups/<resourceGroupName>/providers/Microsoft.KeyVault/vaults/<KeyvaultName>/certificates/<CertificateName>
因此,在您的代码中而不是以下代码:
secretSource: {
id: 'https://DDkeyvault1.vault.azure.net/certificates/example-wildcard-2019/xxxxxxxxxxxxxxxxxxxxx'
}
你必须使用这个:
secretSource: {
id: '/subscriptions/<YOUR-SUBSCRIPTION-ID>/resourceGroups/<YOUR-KEYVAULT-RESOURCE-GROUP-NAME>/providers/Microsoft.KeyVault/vaults/DDkeyvault1/certificates/example-wildcard-2019/xxxxxxxxxxxxxxxxxxxxx'
}
注意:请确保在运行上述程序之前,您必须Grant Azure CDN access to your key vault。