是否可以在变量中连接密钥库URL的id
路径?目前,我在parameters.json
文件中有adminUsername
和adminPassword
参数,并且id
已完全键入。但是,我可以根据已知信息填写id
,这样部署就更容易了。以下是我的parameters.json
文件(删除了重要信息(:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminUsername": {
"reference": {
"keyVault": {
"id": "/subscriptions/<SubID>/resourceGroups/<RG>/providers/Microsoft.KeyVault/vaults/<KV>"
},
"secretName": "LocalAdminUsername"
}
},
"adminPassword": {
"reference": {
"keyVault": {
"id": "/subscriptions/<SubID>/resourceGroups/<RG>/providers/Microsoft.KeyVault/vaults/<KV>"
},
"secretName": "LocalAdminPassword"
}
}
}
}
我想在id
中包含变量——可能吗?谢谢
您只能在参数文件中指定静态值。但是,可以使用嵌套展开动态生成KeyVault资源ID(以下示例(。
简而言之;
- 为资源标识符的部分定义参数
- 尽可能使用模板函数分配默认值
- 使用
concat()
在变量中构造标识符 - 使用嵌套展开引用使用变量的密钥保管库
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"kvSubscriptionId": {
"type": "string",
"defaultValue": "[subscription().id]"
},
"kvResourceGroupName": {
"type": "string",
"defaultValue": "[resourceGroup().name]"
},
"kvResourceName": {
"type": "string",
"defaultValue": "kv-resource-name"
}
},
"functions": [],
"variables": {
"kvResourceId": "[concat('/subscriptions/', parameters('kvSubscriptionId'), '/resourceGroups/', parameters('kvResourceGroupName'), '/providers/Microsoft.KeyVault/vaults/', parameters('kvResourceName'))]"
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"apiVersion": "2018-05-01",
"name": "nested",
"properties": {
"mode": "Incremental",
"template": {
"parameters": {
"adminUsername": {
"type": "string"
}
},
"resources": [...]
}
},
"parameters": {
"adminUsername": {
"reference": {
"keyVault": {
"id": "[variables('kvResourceId')]"
},
"secretName": "LocalAdminUserName"
}
}
}
}
]
}
这里记录了这项技术:使用动态ID引用机密。