我正在Azure中部署虚拟机。用户名和密码是自动创建的,并在部署时作为参数传递。部署vm的资源组也作为参数传递,因此可以是任何内容。
我的Keyvault位于特定的资源组中,vm的用户名和密码应存储在此处。
当Keyvault与vm在同一资源组中时,它可以正常工作。但是当它在不同的资源组中时,我会收到以下错误:
"error": {
"code": "ParentResourceNotFound",
"message": "Can not perform requested operation on nested resource. Parent resource 'mykeyvault' not found."
}
} undefined
这是我创建秘密的ARM模板的一部分。
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('AdminUsername'))]",
"apiVersion": "2018-02-14",
"properties": {
"contentType": "Secret",
"value": "[variables('AdminUsername')]"
},
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('VMName'))]"
]
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', parameters('VMName'),'-AdminPassword')]",
"apiVersion": "2018-02-14",
"properties": {
"contentType": "Secret",
"value": "[parameters('AdminPassword')]"
},
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('VMName'))]"
]
},
我还尝试用keyvault的resourceID替换keyVaultName变量,但这会产生不同的错误“段长度不正确”
这是因为ARM模板将资源部署到特定资源组。如果KV位于不同的资源组中,则需要使用嵌套部署并定位该资源组,如下所示:
{
"apiVersion": "2017-05-10",
"name": "nestedTemplate",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('kvResourceGroup')]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('AdminUsername'))]",
"apiVersion": "2018-02-14",
"properties": {
"contentType": "Secret",
"value": "[variables('AdminUsername')]"
},
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('VMName'))]"
]
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', parameters('VMName'),'-AdminPassword')]",
"apiVersion": "2018-02-14",
"properties": {
"contentType": "Secret",
"value": "[parameters('AdminPassword')]"
},
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('VMName'))]"
]
}
]
}
}
},