Azure部署-具有ARM函数的Overide参数

时间:2018-07-04 13:59:27

标签: azure deployment

我正在使用VSTS部署天蓝色资源。 我使用任务“ Azure资源组部署”来部署ARM模板。 对于一个特定参数,如何使用ARM函数(concat,listkeys等)覆盖该值?

示例:我的ARM模板具有一个参数,该参数是存储帐户密钥,而不是直接提供密钥,我想通过传递[listkeys(...)]

来提供它

2 个答案:

答案 0 :(得分:1)

您不能这样做,只有在运行时才评估几个函数(例如"password": { "reference": { "keyVault": { "id": "[resourceId('kvGroup', 'Microsoft.KeyVault/vaults', 'kvName')]" }, "secretName": "secret" } }, )。我不知道您要达到的目标,所以可能有一些方法可以达到目标。

如果要隐藏密钥,可以将其存储在Key Vault中并在部署时进行检索:

x = [0.0    1.2
     0.0    2.3
     0.0    1.5
     0.1    1.0
     0.1    1.2
     0.1    1.4
     0.1    1.7
     0.4    1.1
     0.4    1.3
     0.4    1.5]; % data
[~, ~, w] = unique(x(:,1)); % labels of unique elements
result = accumarray(w, x(:,2)); % sum using the above as grouping variable

答案 1 :(得分:0)

如果未在同一ARM模板中创建存储帐户,则可以使用参数提供存储帐户的名称,然后使用ARM模板中的listkeys()获取存储帐户连接字符串。 / p>

如果要在管道中的先前ARM模板部署中创建存储帐户,则可以use output parameters to make the connection string available in the pipeline。这是一个示例,其中xxx代表您的公司命名前缀:

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "environment": {
      "type": "string",
      "defaultValue": "d",
      "metadata": {
        "description": "The deployment environment, given by develop (d), testing (t), production (p) or quality assurance (q)"
      }
    }
  },
  "variables": {
    "busUnit": "vendor_name_here",

    //storage account names must be lowercase and are limited to 24 alpha numeric characters
    "storage_account_name": "[concat('xxx', parameters('environment'), variables('busUnit'), 'stor')]"        
  },
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "sku": {
        "name": "Standard_LRS", //this is a hard coded SKU
        "tier": "Standard" //general purpose versus blob-only
      },
      "kind": "Storage", 
      "name": "[variables('storage_account_name')]",
      "apiVersion": "2017-06-01",
      "location": "[resourceGroup().location]", //add it to the same region/location as the resource group
      "properties": {
        "encryption": {
          "keySource": "Microsoft.Storage",
          "services": {
            "blob": {
              "enabled": true
            }
          }
        },
        "networkAcls": {
          "bypass": "AzureServices",
          "defaultAction": "Allow",
          "ipRules": [],
          "virtualNetworkRules": []
        }
      },
      "dependsOn": []
    }
  ],
  "outputs": {
    "storageAccountKey": {
      //"description": "This works if the storage account is in the same resource group. It returns the access key for the account",
      "type": "securestring",
      "value": "[listKeys(variables('storage_account_name'),'2015-05-01-preview').key1]"
    },
    "storageAccountName": {
      //"description": "This is the computed name of the storage account, based on naming conventions in the variables",
      "type": "string",
      "value": "[variables('storage_account_name')]"
    }
  }
}
相关问题
最新问题