Azure ARM模板 - 在不同资源组中的Keyvault中创建KeyVault秘密

问题描述 投票:0回答:1

我正在Azure中部署虚拟机。用户名和密码是自动创建的,并在部署时作为参数传递。部署vm的资源组也作为参数传递,因此可以是任何内容。

我的Keyvault位于特定的资源组中,vm的用户名和密码应存储在此处。

当Keyvault与vm在同一资源组中时,它可以正常工作。但是当它在不同的资源组中时,我会收到以下错误:

"error": {
    "code": "ParentResourceNotFound",
    "message": "Can not perform requested operation on nested resource. Parent resource 'mykeyvault' not found."
  }
} undefined

这是我创建秘密的ARM模板的一部分。

{
      "type": "Microsoft.KeyVault/vaults/secrets",
      "name": "[concat(variables('keyVaultName'), '/', variables('AdminUsername'))]",
      "apiVersion": "2018-02-14",
      "properties": {
        "contentType": "Secret",
        "value": "[variables('AdminUsername')]"
      },
      "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/', parameters('VMName'))]"
      ]
    },
    {
      "type": "Microsoft.KeyVault/vaults/secrets",
      "name": "[concat(variables('keyVaultName'), '/', parameters('VMName'),'-AdminPassword')]",
      "apiVersion": "2018-02-14",
      "properties": {
        "contentType": "Secret",
        "value": "[parameters('AdminPassword')]"
      },
      "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/', parameters('VMName'))]"
      ]
    },

我还尝试用keyvault的resourceID替换keyVaultName变量,但这会产生不同的错误“段长度不正确”

json azure arm-template
1个回答
0
投票

这是因为ARM模板将资源部署到特定资源组。如果KV位于不同的资源组中,则需要使用嵌套部署并定位该资源组,如下所示:

{
    "apiVersion": "2017-05-10",
    "name": "nestedTemplate",
    "type": "Microsoft.Resources/deployments",
    "resourceGroup": "[parameters('kvResourceGroup')]",
    "properties": {
        "mode": "Incremental",
        "template": {
            "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
            "contentVersion": "1.0.0.0",
            "parameters": {},
            "variables": {},
            "resources": [
                {
                    "type": "Microsoft.KeyVault/vaults/secrets",
                    "name": "[concat(variables('keyVaultName'), '/', variables('AdminUsername'))]",
                    "apiVersion": "2018-02-14",
                    "properties": {
                        "contentType": "Secret",
                        "value": "[variables('AdminUsername')]"
                    },
                    "dependsOn": [
                        "[concat('Microsoft.Compute/virtualMachines/', parameters('VMName'))]"
                    ]
                },
                {
                    "type": "Microsoft.KeyVault/vaults/secrets",
                    "name": "[concat(variables('keyVaultName'), '/', parameters('VMName'),'-AdminPassword')]",
                    "apiVersion": "2018-02-14",
                    "properties": {
                        "contentType": "Secret",
                        "value": "[parameters('AdminPassword')]"
                    },
                    "dependsOn": [
                        "[concat('Microsoft.Compute/virtualMachines/', parameters('VMName'))]"
                    ]
                }
            ]
        }
    }
},
© www.soinside.com 2019 - 2024. All rights reserved.