Azure LogicApp ARM模板和AzSK检查器

时间:2019-05-01 19:48:09

标签: azure azure-logic-apps arm-template

我正在为LogicApp开发ARM模板,并希望向AzSk投诉我的ARM模板。

在我的模板中,该组件具有以下必需的对象:

        "ipAddressRangeForContents": {
            "type": "array",
            "defaultValue": [],
            "metadata": {
              "description": "(AzSk required this parameter to be set) IPv4 or IPv6 address range, this will restrict content IP range. This array should have object as a member with following key 'addressRange'. You can specify as many subnets as you want"
            }
        },
        "ipAddressRangeForInbound": {
          "type": "array",
          "defaultValue": [],
          "metadata": {
            "description": "(AzSk required this parameter to be set) IPv4 or IPv6 address range, this will restrict inbound IP range. This array should have object as a member with following key 'addressRange'. You can specify as many subnets as you want. Default value is empty array which will restric access to 'Only other Logic Apps'."
          }

这是参数文件中同一部分的示例:

        "ipAddressRangeForContents": {
            "value": [
                {
                    "addressRange": "10.123.0.0/24"
                },
                {
                    "addressRange": "10.124.0.0/24"
                }
            ]
        },
        "ipAddressRangeForInbound": {
            "value": [
                {
                    "addressRange": "10.135.0.0/24"
                },
                {    
                    "addressRange": "10.136.0.0/24"
                }
            ]
        }

之所以采用这种方式,是因为用户可以灵活地指定所需的地址范围。

如果我扫描我的ARM模板,AzSk返回一个错误:

Starting analysis: [FileName: .\logicapp.json]
--------------------------------------------------------------------------------
Failed: [Azure_LogicApps_AuthZ_Provide_Triggers_Access_Control]
Failed: [Azure_LogicApps_AuthZ_Provide_Contents_Access_Control]
--------------------------------------------------------------------------------
Summary  Total Failed
-------  ----- ------
High         2      2
------  ------ ------
Total        2      2
------  ------ ------

即使我的模板具有这些参数。

失败的原因无法在ARM模板中找到属性addressRange:

ExpectedProperty
$.properties.accessControl.triggers.allowedCallerIpAddresses.addressRange
$.properties.accessControl.contents.allowedCallerIpAddresses.addressRange

我可以通过将模板硬编码为以下内容来修复它:

"properties": {
                "accessControl": {
                  "contents": {
                    "allowedCallerIpAddresses": {
                        "addressRange": "[variables('some_range')]"
                    }

但这会使其功能降低,因为在部署阶段它只能接受一个addressRange。

有没有办法使模板投诉同时灵活?

先谢谢您!

0 个答案:

没有答案