如何在嵌套的 ARM 模板中 link 资源?

How to link resources in a nested ARM template?

我正在尝试编写一个 ARM 模板来创建一个资源组和一个带有网络安全组的虚拟网络(最终我想要一个网络接口、Public IP 和一个虚拟机) .我不知道如何 link 新创建的网络安全组到虚拟网络。

到目前为止,这是我的模板。 dependsOnsubnets.properties.id link 都不起作用。

{
  "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "name": {
      "type": "string"
    }
  },
  "variables": {
    "uniqueID": "[uniqueString(subscription().subscriptionId)]",
    "resourceGroupName": "[concat(parameters('name'), '-RG-', variables('uniqueID'))]",
    "nestedDeploymentName": "[concat(parameters('name'), '-NDEPL-', variables('uniqueID'))]",
    "subnetName": "[concat(parameters('name'),'-SUBNET-', variables('uniqueID'))]",
    "virtualNetworkName": "[concat(parameters('name'),'-VNET-', variables('uniqueID'))]",
    "networkSecurityGroupName": "[concat(parameters('name'),'-NSG-', variables('uniqueID'))]"
  },

  "resources": [
    {
      "type": "Microsoft.Resources/resourceGroups",
      "name": "[variables('resourceGroupName')]",
      "apiVersion": "2019-10-01",
      "location": "westeurope",
      "tags": {
        // TODO add some tags for easier monitoring
      }
    },
    {
      "type": "Microsoft.Resources/deployments",
      "name": "[variables('nestedDeploymentName')]",
      "apiVersion": "2019-10-01",
      "resourceGroup": "[variables('resourceGroupName')]",
      "dependsOn": [
        "[resourceId('Microsoft.Resources/resourceGroups',variables('resourceGroupName'))]"
      ],
      "properties": {
        "expressionEvaluationOptions": {
          "scope": "outer"
        },
        "mode": "Incremental",
        "template": {
          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
          "contentVersion": "1.0.0.0",
          "resources": [
            {
              "type": "Microsoft.Network/networkSecurityGroups",
              "apiVersion": "2020-05-01",
              "name": "[variables('networkSecurityGroupName')]",
              "location": "westeurope",
              "properties": {
                "securityRules": [
                  {
                    "name": "SSH",
                    "properties": {
                      "protocol": "TCP",
                      "sourcePortRange": "*",
                      "destinationPortRange": "22",
                      "sourceAddressPrefix": "*",
                      "destinationAddressPrefix": "*",
                      "access": "Allow",
                      "priority": 300,
                      "direction": "Inbound"
                    }
                  }
                ]
              }
            },
            {
              "type": "Microsoft.Network/virtualNetworks",
              "apiVersion": "2020-05-01",
              "name": "[variables('virtualNetworkName')]",
              "location": "westeurope",
              "dependsOn": [
                "[resourceId(subscription().subscriptionId, variables('resourceGroupName'),'Microsoft.Network/networkSecurityGroups/', variables('networkSecurityGroupName'))]"
              ],
              "properties": {
                "addressSpace": {
                  "addressPrefixes": ["10.1.1.0/24"]
                },
                "subnets": [
                  {
                    "name": "[variables('subnetName')]",
                    "properties": {
                      "addressPrefix": "10.1.1.0/24",
                      "networkSecurityGroup": {
                        "id": "[resourceId('Microsoft.Network/networkSecurityGroups/', variables('networkSecurityGroupName'))]"
                      }
                    }
                  }
                ]
              }
            }
          ]
        }
      }
    }
  ]
}

我遇到了这个错误。

Unable to process template language expressions for resource '/subscriptions/2c9ecdfxxxxx/resourceGroups/moglum-test1-RG-cagtkca6aky5o/providers/Microsoft.Resources/deployments/moglum-test1-NDEPL-cagtkca6aky5o' at line '52' and column '5'. 'Unable to evaluate template language function 'resourceId': function requires fully qualified resource type 'Microsoft.Network/networkSecurityGroups' as one of first three arguments for resource at resource group scope, or first two arguments for resource at subscription scope. Please see https://aka.ms/arm-template-expressions/#resourceid for usage details.

谢谢

您对订阅 ID 有误会。引号 subscription().subscriptionId 只是给你唯一的 ID,而不是资源 ID。因此,您需要在 VNet 的 dependsOn 中像这样更改它:

"[resourceId(subscription().id, variables('resourceGroupName'),'Microsoft.Network/networkSecurityGroups/', variables('networkSecurityGroupName'))]"

看看Get Subscription Id in ARM Template。也许您还需要在子网属性中为 NSG 资源 ID 添加组名,如下所示:

"[variables('resourceGroupName'), 'Microsoft.Network/networkSecurityGroups/',variables('networkSecurityGroupName'))]"

或者两处使用同一个

我最终通过切换找到了解决方案:

"expressionEvaluationOptions": {
          "scope": "inner"
        },

并将原始参数和我生成的 uniqueID 作为参数传递到嵌套模板中。将范围设置为 inner,我可以使用 resourceId() 的简单变体来 link 嵌套模板中的资源。

{
              "type": "Microsoft.Network/networkInterfaces",
              "apiVersion": "2020-05-01",
              "name": "[variables('networkInterfaceName')]",
              "location": "[parameters('location')]",
              "dependsOn": [
                "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]",
                "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
              ],
              "properties": {
                "ipConfigurations": [
                  {
                    "name": "ipconfig1",
                    "properties": {
                      "privateIPAllocationMethod": "Dynamic",
                      "publicIPAddress": {
                        "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]"
                      },
                      "subnet": {
                        "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]"
                      }
                    }
                  }
                ]
              }
            },```