您如何在ARM模板中有多个添加访问策略

问题描述 投票:0回答:1

我试图有条件地将访问策略添加到Key Vault,问题是模板中名称为KeyVault / accessPolicies / add的资源不能超过1个>

这实际上是我想要实现的目标:

{
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "vaultName": {
            "type": "string"
        }
    },
    "resources": [
        {
            "condition": "[parameters('someCondition')]",
            "type": "Microsoft.KeyVault/vaults/accessPolicies",
            "name": "[concat(parameters('vaultName'), '/add')]",
            "apiVersion": "2016-10-01",
            "properties": {
                "accessPolicies": [
                    {
                        "tenantId": "[if(parameters('someCondition'), reference(variables('someAppServiceResourceId'), '2015-08-31-PREVIEW').tenantId, json('null'))]",
                        "objectId": "[if(parameters('someCondition'), reference(variables('someAppServiceResourceId'), '2015-08-31-PREVIEW').principalId, json('null'))]",
                        "permissions": {
                            "keys": ["all"],
                            "secrets": ["all"],
                            "certificates": ["all"],
                            "storage": ["all"]
                        }
                    }
                ]
            }
        },
        {
            "condition": "[parameters('otherCondition')]",
            "type": "Microsoft.KeyVault/vaults/accessPolicies",
            "name": "[concat(parameters('vaultName'), '/add')]",
            "apiVersion": "2016-10-01",
            "properties": {
                "accessPolicies": [
                    {
                        "tenantId": "[if(parameters('otherCondition'), reference(variables('someOTHERAppServiceResourceId'), '2015-08-31-PREVIEW').tenantId, json('null'))]",
                        "objectId": "[if(parameters('otherCondition'), reference(variables('someOTHERAppServiceResourceId'), '2015-08-31-PREVIEW').principalId, json('null'))]",
                        "permissions": {
                            "keys": ["all"],
                            "secrets": ["all"],
                            "certificates": ["all"],
                            "storage": ["all"]
                        }
                    }
                ]
            }
        }
    ],
    "outputs": {
    }
}

但是,在此部署中,我只能使用一个名称为'KeyVaultName / add'的资源。

我以为我可以有条件地在变量中构建访问策略数组并执行一些数组串联操作,但是由于我使用访问策略中的reference()函数来获取租户和主体ID,因此该方法不起作用。

我正在尝试有条件地将访问策略添加到Key Vault,问题是模板中名称为KeyVault / accessPolicies / add的资源不能超过1个。...]]

azure azure-keyvault arm-template
1个回答
0
投票

您为什么认为这不起作用?

"properties": {
    "copy": [
        {
            "name": "accessPolicies",
            "count": "[xxx]",
            "input": {
                "tenantId": "[if(parameters('otherCondition'), reference(variables('someOTHERAppServiceResourceId'), '2015-08-31-PREVIEW').tenantId, json('null'))]",
                "objectId": "[if(parameters('otherCondition'), reference(variables('someOTHERAppServiceResourceId'), '2015-08-31-PREVIEW').principalId, json('null'))]",
                "permissions": {
                    "keys": ["all"],
                    "secrets": ["all"],
                    "certificates": ["all"],
                    "storage": ["all"]
                }
            }
        }
    ]
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.