是否可以将 Key Vault URL 的 id 路径连接到一个变量中?目前我在 adminUsername 文件中有 adminPassword 和 parameters.json 参数,并且 id 完全输入。但是,我可以根据已知信息填写 id,以便更轻松地部署。以下是我的 parameters.json 文件(删除了重要信息):
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminUsername": {
"reference": {
"keyVault": {
"id": "/subscriptions/<SubID>/resourceGroups/<RG>/providers/Microsoft.KeyVault/vaults/<KV>"
},
"secretName": "LocalAdminUsername"
}
},
"adminPassword": {
"reference": {
"keyVault": {
"id": "/subscriptions/<SubID>/resourceGroups/<RG>/providers/Microsoft.KeyVault/vaults/<KV>"
},
"secretName": "LocalAdminPassword"
}
}
}
}
这是我想要包含变量的 id - 可能吗?谢谢。
答案 0 :(得分:0)
您只能在参数文件中指定静态值。但是,您可以使用嵌套部署来动态生成 KeyVault 资源 ID(以下示例)。
简而言之;
concat() 在变量中构造标识符{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"kvSubscriptionId": {
"type": "string",
"defaultValue": "[subscription().id]"
},
"kvResourceGroupName": {
"type": "string",
"defaultValue": "[resourceGroup().name]"
},
"kvResourceName": {
"type": "string",
"defaultValue": "kv-resource-name"
}
},
"functions": [],
"variables": {
"kvResourceId": "[concat('/subscriptions/', parameters('kvSubscriptionId'), '/resourceGroups/', parameters('kvResourceGroupName'), '/providers/Microsoft.KeyVault/vaults/', parameters('kvResourceName'))]"
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"apiVersion": "2018-05-01",
"name": "nested",
"properties": {
"mode": "Incremental",
"template": {
"parameters": {
"adminUsername": {
"type": "string"
}
},
"resources": [...]
}
},
"parameters": {
"adminUsername": {
"reference": {
"keyVault": {
"id": "[variables('kvResourceId')]"
},
"secretName": "LocalAdminUserName"
}
}
}
}
]
}
此处记录了此技术:Reference secrets with dynamic ID。