我试图有条件地将访问策略添加到Key Vault,问题是模板中名称为KeyVault / accessPolicies / add的资源不能超过1个>
这实际上是我想要实现的目标:
{ "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "vaultName": { "type": "string" } }, "resources": [ { "condition": "[parameters('someCondition')]", "type": "Microsoft.KeyVault/vaults/accessPolicies", "name": "[concat(parameters('vaultName'), '/add')]", "apiVersion": "2016-10-01", "properties": { "accessPolicies": [ { "tenantId": "[if(parameters('someCondition'), reference(variables('someAppServiceResourceId'), '2015-08-31-PREVIEW').tenantId, json('null'))]", "objectId": "[if(parameters('someCondition'), reference(variables('someAppServiceResourceId'), '2015-08-31-PREVIEW').principalId, json('null'))]", "permissions": { "keys": ["all"], "secrets": ["all"], "certificates": ["all"], "storage": ["all"] } } ] } }, { "condition": "[parameters('otherCondition')]", "type": "Microsoft.KeyVault/vaults/accessPolicies", "name": "[concat(parameters('vaultName'), '/add')]", "apiVersion": "2016-10-01", "properties": { "accessPolicies": [ { "tenantId": "[if(parameters('otherCondition'), reference(variables('someOTHERAppServiceResourceId'), '2015-08-31-PREVIEW').tenantId, json('null'))]", "objectId": "[if(parameters('otherCondition'), reference(variables('someOTHERAppServiceResourceId'), '2015-08-31-PREVIEW').principalId, json('null'))]", "permissions": { "keys": ["all"], "secrets": ["all"], "certificates": ["all"], "storage": ["all"] } } ] } } ], "outputs": { } }
但是,在此部署中,我只能使用一个名称为'KeyVaultName / add'的资源。
我以为我可以有条件地在变量中构建访问策略数组并执行一些数组串联操作,但是由于我使用访问策略中的reference()函数来获取租户和主体ID,因此该方法不起作用。
我正在尝试有条件地将访问策略添加到Key Vault,问题是模板中名称为KeyVault / accessPolicies / add的资源不能超过1个。...]]
您为什么认为这不起作用?
"properties": {
"copy": [
{
"name": "accessPolicies",
"count": "[xxx]",
"input": {
"tenantId": "[if(parameters('otherCondition'), reference(variables('someOTHERAppServiceResourceId'), '2015-08-31-PREVIEW').tenantId, json('null'))]",
"objectId": "[if(parameters('otherCondition'), reference(variables('someOTHERAppServiceResourceId'), '2015-08-31-PREVIEW').principalId, json('null'))]",
"permissions": {
"keys": ["all"],
"secrets": ["all"],
"certificates": ["all"],
"storage": ["all"]
}
}
}
]
}