我尝试创建一个包含多个网络安全组(NSG)的json对象,以便构建它们并使用" count"来应用于vNet子网。最小化模板代码。 &{34;在复制循环中使用属性对象"}下的The Microsoft Documentation covers how to create an object for one NSG's settings部分。这需要我为每个需要的NSG创建一个新的参数对象,并为每个NSG创建冗长的模板代码。
我目前正在使用以下参数对象来保存有关包括NSG的虚拟网络的所有信息。 NSG将与子网绑定,第一个子网" GatewaySubnet"被排除在需要NSG之外
"vNetProperties": {
"value": {
"vNetAddressSpace": "10.136.0.0/16",
"subnetNames": [
"GatewaySubnet",
"Kemp-frontend-subnet",
"AD-backend-subnet"
],
"subnetRanges": [
"10.136.0.0/27",
"10.136.1.0/24",
"10.136.2.0/24"
],
"networkSecurityGroups": {
"value": {
"kempNSG": {
"value": {
"securityRules": [
{
"name": "HTTPS",
"description": "allow HTTPS connections",
"direction": "Inbound",
"priority": 100,
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "10.0.0.0/24",
"sourcePortRange": "*",
"destinationPortRange": "443",
"access": "Allow",
"protocol": "Tcp"
},
{
"name": "HTTP",
"description": "allow HTTP connections",
"direction": "Inbound",
"priority": 100,
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "10.0.0.0/24",
"sourcePortRange": "*",
"destinationPortRange": "80",
"access": "Allow",
"protocol": "Tcp"
}
]
}
},
"adNSG": {
"value": {
"securityRules": [
{
"name": "RDPAllow",
"description": "allow RDP connections",
"direction": "Inbound",
"priority": 100,
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "10.0.0.0/24",
"sourcePortRange": "*",
"destinationPortRange": "3389",
"access": "Allow",
"protocol": "Tcp"
}
]
}
}
}
}
}
}
我处理对象的模板代码如下:
{
"apiVersion": "2016-06-01",
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[concat(parameters('vNetProperties').subnetNames[copyIndex(1)], '-nsg')]",
"location": "[resourceGroup().location]",
"copy": {
"name": "NSGs",
"count": "[length(array(parameters('vNetProperties').networkSecurityGroups))]"
},
"properties": {
"copy": [
{
"name": "securityRules",
"count": "[length(array(parameters('vNetProperties').networkSecurityGroups[copyIndex('securityRules')]))]",
"input": {
"description": "[parameters('vNetProperties').networkSecurityGroups[0].securityRules[0].description]",
"priority": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].priority]",
"protocol": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].protocol]",
"sourcePortRange": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].sourcePortRange]",
"destinationPortRange": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].destinationPortRange]",
"sourceAddressPrefix": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].sourceAddressPrefix]",
"destinationAddressPrefix": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].destinationAddressPrefix]",
"access": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].access]",
"direction": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].direction]"
}
}
]
}
}
我的代码现在肯定不起作用。我现在甚至可以在ARM中验证这种类型的逻辑。是否有可能有一个数组,其中数组中的每个项目本身就是一个数组,并以array1 [i] .array2 [j] .name?
的方式引用两个级别的数组。答案 0 :(得分:0)
这种方法不起作用,你不能在相同的资源和引用对象中使用循环和属性复制循环(遗憾的是)。
您可以解决的问题是为每个父对象(networkSecurityGroups)创建嵌套部署,并在该部署中创建属性复制循环(安全规则)。这样可行,因为你只有一个复制循环。