azure arm template嵌套数组作为参数

时间:2017-10-27 14:59:12

标签: arrays json azure azure-resource-manager

我尝试创建一个包含多个网络安全组(NSG)的json对象,以便构建它们并使用" count"来应用于vNet子网。最小化模板代码。 &{34;在复制循环中使用属性对象"}下的The Microsoft Documentation covers how to create an object for one NSG's settings部分。这需要我为每个需要的NSG创建一个新的参数对象,并为每个NSG创建冗长的模板代码。

我目前正在使用以下参数对象来保存有关包括NSG的虚拟网络的所有信息。 NSG将与子网绑定,第一个子网" GatewaySubnet"被排除在需要NSG之外

"vNetProperties": {
    "value": {
        "vNetAddressSpace": "10.136.0.0/16",
        "subnetNames": [
            "GatewaySubnet",
            "Kemp-frontend-subnet",
            "AD-backend-subnet"
        ],
        "subnetRanges": [
            "10.136.0.0/27",
            "10.136.1.0/24",
            "10.136.2.0/24"
        ],
        "networkSecurityGroups": {
            "value": {
                "kempNSG": {
                    "value": {
                        "securityRules": [
                            {
                                "name": "HTTPS",
                                "description": "allow HTTPS connections",
                                "direction": "Inbound",
                                "priority": 100,
                                "sourceAddressPrefix": "*",
                                "destinationAddressPrefix": "10.0.0.0/24",
                                "sourcePortRange": "*",
                                "destinationPortRange": "443",
                                "access": "Allow",
                                "protocol": "Tcp"
                            },
                            {
                                "name": "HTTP",
                                "description": "allow HTTP connections",
                                "direction": "Inbound",
                                "priority": 100,
                                "sourceAddressPrefix": "*",
                                "destinationAddressPrefix": "10.0.0.0/24",
                                "sourcePortRange": "*",
                                "destinationPortRange": "80",
                                "access": "Allow",
                                "protocol": "Tcp"
                            }
                        ]
                    }
                },
                "adNSG": {
                    "value": {
                        "securityRules": [
                            {
                                "name": "RDPAllow",
                                "description": "allow RDP connections",
                                "direction": "Inbound",
                                "priority": 100,
                                "sourceAddressPrefix": "*",
                                "destinationAddressPrefix": "10.0.0.0/24",
                                "sourcePortRange": "*",
                                "destinationPortRange": "3389",
                                "access": "Allow",
                                "protocol": "Tcp"
                            }
                        ]
                    }
                }
            }
        }
    }
}

我处理对象的模板代码如下:

{
      "apiVersion": "2016-06-01",
      "type": "Microsoft.Network/networkSecurityGroups",
      "name": "[concat(parameters('vNetProperties').subnetNames[copyIndex(1)], '-nsg')]",
      "location": "[resourceGroup().location]",
      "copy": {
        "name": "NSGs",
        "count": "[length(array(parameters('vNetProperties').networkSecurityGroups))]"
      },
      "properties": {
        "copy": [
          {
            "name": "securityRules",
            "count": "[length(array(parameters('vNetProperties').networkSecurityGroups[copyIndex('securityRules')]))]",
            "input": {
              "description": "[parameters('vNetProperties').networkSecurityGroups[0].securityRules[0].description]",
              "priority": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].priority]",
              "protocol": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].protocol]",
              "sourcePortRange": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].sourcePortRange]",
              "destinationPortRange": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].destinationPortRange]",
              "sourceAddressPrefix": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].sourceAddressPrefix]",
              "destinationAddressPrefix": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].destinationAddressPrefix]",
              "access": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].access]",
              "direction": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].direction]"
            }
          }
        ]
      }
    }

我的代码现在肯定不起作用。我现在甚至可以在ARM中验证这种类型的逻辑。是否有可能有一个数组,其中数组中的每个项目本身就是一个数组,并以array1 [i] .array2 [j] .name?

的方式引用两个级别的数组。

1 个答案:

答案 0 :(得分:0)

这种方法不起作用,你不能在相同的资源和引用对象中使用循环和属性复制循环(遗憾的是)。

您可以解决的问题是为每个父对象(networkSecurityGroups)创建嵌套部署,并在该部署中创建属性复制循环(安全规则)。这样可行,因为你只有一个复制循环。