如何使用条件逻辑将完全合格的 Azure 资源 ID 作为原始 json 传递?
How can I pass a fully qualified azure resource id through as raw json using conditional logic?
我正在尝试有条件地将网络安全组的完全限定资源 ID 和路由表传递到 vnet 中的子网。这些当前是在虚拟网络资源上使用 arm 属性 迭代部署的。
我是按照这篇文章走到这一步的。 https://github.com/MicrosoftDocs/azure-docs/issues/29115
我能够根据填充的 属性 值成功地将路由表和 nsgs 附加到子网。但是,我无法使用变量和参数来有条件地部署对象来构建完全限定的资源 ID。
我尝试过使用 Azure ARM 函数,例如 subscription() 和 resource()。但是,每当我使用这些函数连接我的 FQDN 字符串时,我都会收到有关格式错误 JSON 的错误消息。根据上面的文章,MSFT 支持人员声明这需要通过完全合格的传递,我还没有想出一种方法来执行此操作并通过使用 json() 函数将其转换。我测试了通过资源 Id 的短名称传递,ARM API 还报告说我需要将其作为完全限定名称传递
我真的不希望将这些硬编码在我的模板顶部,因为在创建这些对象之前我不知道资源 ID 是什么。另外,这显然也是不好的做法,违背了可重用模板的目的。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"allowedValues": ["australiaeast", "australiasoutheast"],
"defaultValue": "australiasoutheast",
"metadata": {
"description": "Deployment location"
}
},
"routeTables": {
"type": "array",
"defaultValue": [
"TrustedSubnets",
"UntrustedSubnets"
],
"metadata": {
"description": "Array of interconnect route table names, (e.g. GatewaySubnet / Internal / Onprem)"
}
},
"subnets": {
"type": "array",
"defaultValue": [
{
"Name": "Management",
"Address": "10.118.124.0/24",
"Nsg": "/sub/1234/resourceGroups/azresgroup/providers/Microsoft.Network/networkSecurityGroups/ManagementSn-ase-nsg",
"routeTable": "/sub/1234/resourceGroups/azresgroup/providers/Microsoft.Network/routeTables/TrustedSubnets-ase-rt"
},
{
"Name": "Trusted",
"Address": "10.118.125.0/24",
"Nsg": "/sub/1234/resourceGroups/azresgroup/providers/Microsoft.Network/networkSecurityGroups/TrustedSn-ase-nsg",
"routeTable": "/sub/1234/resourceGroups/azresgroup/providers/Microsoft.Network/routeTables/TrustedSubnets-ase-rt"
},
{
"Name": "Untrusted",
"Address": "10.118.126.0/24",
"Nsg": "/sub/1234/resourceGroups/azresgroup/providers/Microsoft.Network/networkSecurityGroups/UntrustedSn-ase-nsg",
"routeTable": "/sub/1234/resourceGroups/azresgroup/providers/Microsoft.Network/routeTables/UntrustedSubnets-ase-rt"
},
{
"Name": "GatewaySubnet",
"Address": "10.118.127.0/24",
"Nsg": "",
"routeTable": ""
}
],
"metadata": {
"description": "Subnet properties to be deployed per region. Each entry must contain a Name, Address, Nsg and routeTable key. Route tables and NSG's must be fully qualified"
}
},
"vnetName": {
"type": "string",
"defaultValue": "hubvnet",
"metadata": {
"description": "Virtual network name"
}
},
"vnetAddressPrefix": {
"type": "string",
"defaultValue": "10.118.124.0/22",
"metadata": {
"description": "Address prefix"
}
}
},
"variables": {
"alertsDistributionList": "dl_azurevnetalerts@email.com.au",
"HubNetAgResourceId": "[resourceId('microsoft.insights/actionGroups', concat(parameters('vnetName'), '-ag'))]",
"vnetResourceId": "[resourceId('Microsoft.Network/virtualNetworks', concat(parameters('vnetName')))]"
},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2019-04-01",
"name": "[if(contains(parameters('location'), 'australiasoutheast'), concat(parameters('subnets')[copyIndex()].Name, 'Sn', '-ase-nsg'), concat(parameters('subnets')[copyIndex()].Name, 'Sn', '-ae-nsg'))]",
"location": "[parameters('location')]",
"copy": {
"name": "NsgCopy",
"count": 3,
"mode": "Serial",
"batchSize": 1
},
"properties": {
"securityRules": []
},
"dependsOn": []
},
{
"apiVersion": "2019-04-01",
"name": "[if(contains(parameters('location'), 'australiasoutheast'), concat(parameters('routeTables')[copyIndex()], '-ase-rt'), concat(parameters('routeTables')[copyIndex()], '-ae-rt'))]",
"type": "Microsoft.Network/routeTables",
"location": "[resourceGroup().location]",
"copy": {
"name": "RtCopy",
"count": "[length(parameters('routeTables'))]"
},
"properties": {
"routes": [],
"disableBgpRoutePropagation": true
}
},
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('vnetName')]",
"apiVersion": "2019-04-01",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetAddressPrefix')]"
]
},
"dhcpOptions": {
"dnsServers": []
},
"virtualNetworkPeerings": [],
"copy": [{
"name": "subnets",
"count": "[length(parameters('subnets'))]",
"input": {
"name": "[parameters('subnets')[copyIndex('subnets')].Name]",
"properties": {
"addressPrefix": "[parameters('subnets')[copyIndex('subnets')].Address]",
"networkSecurityGroup": "[if(not(empty(parameters('subnets')[copyIndex('subnets')].Nsg)), json(concat('{\"id\": \"', parameters('subnets')[copyIndex('subnets')].Nsg, '\"}')), json('null'))]",
"routeTable": "[if(not(empty(parameters('subnets')[copyIndex('subnets')].routeTable)), json(concat('{\"id\": \"', parameters('subnets')[copyIndex('subnets')].routeTable, '\"}')), json('null'))]"
}
}
}]
},
"dependsOn": [
"NsgCopy",
"RtCopy"
]
}
]
}
我想避免在声明子网数组的参数属性中对资源 ID 进行硬编码。我希望这些使用智能逻辑生成,然后在底部的子网循环中转换并作为原始 json 传递
我在模板顶部混淆了我的子 ID。如果您想测试我的模板,请替换您的值
非常感谢任何帮助。 :)
我可能会这样做:
"variables": {
"copy": [
{
"name": "routeTables",
"count": "[length(parameters('subnets'))]",
"input": {
"id": "[parameters('subnets')[copyIndex('routeTables')].routeTable]"
}
}
]
},
"properties": {
...
"routeTable": "[if(not(empty(parameters('subnets')[copyIndex('subnets')].routeTable)), variables('routeTables')[copyIndex('subnets')], json('null'))]"
}
感谢您的帮助@4c74356b41 您的建议大部分都在此处。我只需要进一步构建逻辑,这为我提供了我正在寻找的解决方案。我在下面发布了有效的解决方案:)
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"allowedValues": ["australiaeast", "australiasoutheast"],
"defaultValue": "australiasoutheast",
"metadata": {
"description": "Deployment location"
}
},
"routeTables": {
"type": "array",
"defaultValue": [
"TrustedSubnets",
"UntrustedSubnets"
],
"metadata": {
"description": "Array of interconnect route table names, (legal values are - TrustedSubnets or UntrustedSubnets )"
}
},
"subnets": {
"type": "array",
"defaultValue": [
{
"Name": "Management",
"Address": "192.168.1.0/24",
"Nsg": "Yes",
"routeTable": "TrustedSubnets"
},
{
"Name": "Trusted",
"Address": "192.168.2.0/24",
"Nsg": "Yes",
"routeTable": "TrustedSubnets"
},
{
"Name": "Untrusted",
"Address": "192.168.3.0/24",
"Nsg": "Yes",
"routeTable": "UntrustedSubnets"
},
{
"Name": "GatewaySubnet",
"Address": "192.168.4.0/24",
"Nsg": "",
"routeTable": ""
}
],
"metadata": {
"description": "Subnet properties to be deployed per region. Each entry must contain a Name, Address, Nsg and routeTable key. Route tables and NSG's must be fully qualified"
}
},
"vnetName": {
"type": "string",
"defaultValue": "hubvnet",
"metadata": {
"description": "Virtual network name"
}
},
"vnetAddressPrefix": {
"type": "string",
"defaultValue": "192.168.1.0/22",
"metadata": {
"description": "Address prefix"
}
}
},
"variables": {
"alertsDistributionList": "dl_azurevnetalerts@email.com.au",
"HubNetAgResourceId": "[resourceId('microsoft.insights/actionGroups', concat(parameters('vnetName'), '-ag'))]",
"vnetResourceId": "[resourceId('Microsoft.Network/virtualNetworks', concat(parameters('vnetName')))]",
"copy": [
{
"name": "Nsgs",
"count": "[length(parameters('subnets'))]",
"input": {
"id": "[if(contains(parameters('location'), 'australiasoutheast'), resourceId('Microsoft.Network/networkSecurityGroups', concat(parameters('subnets')[copyIndex('Nsgs')].Name, 'Sn', '-ase-nsg')), resourceId('Microsoft.Network/networkSecurityGroups', concat(parameters('subnets')[copyIndex('Nsgs')].Name, 'Sn', '-ae-nsg')))]"
}
},
{
"name": "routeTables",
"count": "[length(parameters('subnets'))]",
"input": {
"id": "[if(contains(parameters('location'), 'australiasoutheast'), resourceId('Microsoft.Network/routeTables', concat(parameters('subnets')[copyIndex('routeTables')].routeTable, '-ase-rt')), resourceId('Microsoft.Network/routeTables', concat(parameters('subnets')[copyIndex('routeTables')].routeTable, '-ae-rt')))]"
}
}
]
},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2019-04-01",
"name": "[if(contains(parameters('location'), 'australiasoutheast'), concat(parameters('subnets')[copyIndex()].Name, 'Sn', '-ase-nsg'), concat(parameters('subnets')[copyIndex()].Name, 'Sn', '-ae-nsg'))]",
"location": "[parameters('location')]",
"copy": {
"name": "NsgCopy",
"count": 3,
"mode": "Serial",
"batchSize": 1
},
"properties": {
"securityRules": []
},
"dependsOn": []
},
{
"apiVersion": "2019-04-01",
"name": "[if(contains(parameters('location'), 'australiasoutheast'), concat(parameters('routeTables')[copyIndex()], '-ase-rt'), concat(parameters('routeTables')[copyIndex()], '-ae-rt'))]",
"type": "Microsoft.Network/routeTables",
"location": "[resourceGroup().location]",
"copy": {
"name": "RtCopy",
"count": "[length(parameters('routeTables'))]"
},
"properties": {
"routes": [],
"disableBgpRoutePropagation": true
}
},
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('vnetName')]",
"apiVersion": "2019-04-01",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetAddressPrefix')]"
]
},
"dhcpOptions": {
"dnsServers": []
},
"virtualNetworkPeerings": [],
"copy": [{
"name": "subnets",
"count": "[length(parameters('subnets'))]",
"input": {
"name": "[parameters('subnets')[copyIndex('subnets')].Name]",
"properties": {
"addressPrefix": "[parameters('subnets')[copyIndex('subnets')].Address]",
"networkSecurityGroup": "[if(not(empty(parameters('subnets')[copyIndex('subnets')].Nsg)), variables('Nsgs')[copyIndex('subnets')], json('null'))]",
"routeTable": "[if(not(empty(parameters('subnets')[copyIndex('subnets')].routeTable)), variables('routeTables')[copyIndex('subnets')], json('null'))]"
}
}
}]
},
"dependsOn": [
"NsgCopy",
"RtCopy"
]
}
]
}
我正在尝试有条件地将网络安全组的完全限定资源 ID 和路由表传递到 vnet 中的子网。这些当前是在虚拟网络资源上使用 arm 属性 迭代部署的。
我是按照这篇文章走到这一步的。 https://github.com/MicrosoftDocs/azure-docs/issues/29115
我能够根据填充的 属性 值成功地将路由表和 nsgs 附加到子网。但是,我无法使用变量和参数来有条件地部署对象来构建完全限定的资源 ID。
我尝试过使用 Azure ARM 函数,例如 subscription() 和 resource()。但是,每当我使用这些函数连接我的 FQDN 字符串时,我都会收到有关格式错误 JSON 的错误消息。根据上面的文章,MSFT 支持人员声明这需要通过完全合格的传递,我还没有想出一种方法来执行此操作并通过使用 json() 函数将其转换。我测试了通过资源 Id 的短名称传递,ARM API 还报告说我需要将其作为完全限定名称传递
我真的不希望将这些硬编码在我的模板顶部,因为在创建这些对象之前我不知道资源 ID 是什么。另外,这显然也是不好的做法,违背了可重用模板的目的。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"allowedValues": ["australiaeast", "australiasoutheast"],
"defaultValue": "australiasoutheast",
"metadata": {
"description": "Deployment location"
}
},
"routeTables": {
"type": "array",
"defaultValue": [
"TrustedSubnets",
"UntrustedSubnets"
],
"metadata": {
"description": "Array of interconnect route table names, (e.g. GatewaySubnet / Internal / Onprem)"
}
},
"subnets": {
"type": "array",
"defaultValue": [
{
"Name": "Management",
"Address": "10.118.124.0/24",
"Nsg": "/sub/1234/resourceGroups/azresgroup/providers/Microsoft.Network/networkSecurityGroups/ManagementSn-ase-nsg",
"routeTable": "/sub/1234/resourceGroups/azresgroup/providers/Microsoft.Network/routeTables/TrustedSubnets-ase-rt"
},
{
"Name": "Trusted",
"Address": "10.118.125.0/24",
"Nsg": "/sub/1234/resourceGroups/azresgroup/providers/Microsoft.Network/networkSecurityGroups/TrustedSn-ase-nsg",
"routeTable": "/sub/1234/resourceGroups/azresgroup/providers/Microsoft.Network/routeTables/TrustedSubnets-ase-rt"
},
{
"Name": "Untrusted",
"Address": "10.118.126.0/24",
"Nsg": "/sub/1234/resourceGroups/azresgroup/providers/Microsoft.Network/networkSecurityGroups/UntrustedSn-ase-nsg",
"routeTable": "/sub/1234/resourceGroups/azresgroup/providers/Microsoft.Network/routeTables/UntrustedSubnets-ase-rt"
},
{
"Name": "GatewaySubnet",
"Address": "10.118.127.0/24",
"Nsg": "",
"routeTable": ""
}
],
"metadata": {
"description": "Subnet properties to be deployed per region. Each entry must contain a Name, Address, Nsg and routeTable key. Route tables and NSG's must be fully qualified"
}
},
"vnetName": {
"type": "string",
"defaultValue": "hubvnet",
"metadata": {
"description": "Virtual network name"
}
},
"vnetAddressPrefix": {
"type": "string",
"defaultValue": "10.118.124.0/22",
"metadata": {
"description": "Address prefix"
}
}
},
"variables": {
"alertsDistributionList": "dl_azurevnetalerts@email.com.au",
"HubNetAgResourceId": "[resourceId('microsoft.insights/actionGroups', concat(parameters('vnetName'), '-ag'))]",
"vnetResourceId": "[resourceId('Microsoft.Network/virtualNetworks', concat(parameters('vnetName')))]"
},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2019-04-01",
"name": "[if(contains(parameters('location'), 'australiasoutheast'), concat(parameters('subnets')[copyIndex()].Name, 'Sn', '-ase-nsg'), concat(parameters('subnets')[copyIndex()].Name, 'Sn', '-ae-nsg'))]",
"location": "[parameters('location')]",
"copy": {
"name": "NsgCopy",
"count": 3,
"mode": "Serial",
"batchSize": 1
},
"properties": {
"securityRules": []
},
"dependsOn": []
},
{
"apiVersion": "2019-04-01",
"name": "[if(contains(parameters('location'), 'australiasoutheast'), concat(parameters('routeTables')[copyIndex()], '-ase-rt'), concat(parameters('routeTables')[copyIndex()], '-ae-rt'))]",
"type": "Microsoft.Network/routeTables",
"location": "[resourceGroup().location]",
"copy": {
"name": "RtCopy",
"count": "[length(parameters('routeTables'))]"
},
"properties": {
"routes": [],
"disableBgpRoutePropagation": true
}
},
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('vnetName')]",
"apiVersion": "2019-04-01",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetAddressPrefix')]"
]
},
"dhcpOptions": {
"dnsServers": []
},
"virtualNetworkPeerings": [],
"copy": [{
"name": "subnets",
"count": "[length(parameters('subnets'))]",
"input": {
"name": "[parameters('subnets')[copyIndex('subnets')].Name]",
"properties": {
"addressPrefix": "[parameters('subnets')[copyIndex('subnets')].Address]",
"networkSecurityGroup": "[if(not(empty(parameters('subnets')[copyIndex('subnets')].Nsg)), json(concat('{\"id\": \"', parameters('subnets')[copyIndex('subnets')].Nsg, '\"}')), json('null'))]",
"routeTable": "[if(not(empty(parameters('subnets')[copyIndex('subnets')].routeTable)), json(concat('{\"id\": \"', parameters('subnets')[copyIndex('subnets')].routeTable, '\"}')), json('null'))]"
}
}
}]
},
"dependsOn": [
"NsgCopy",
"RtCopy"
]
}
]
}
我想避免在声明子网数组的参数属性中对资源 ID 进行硬编码。我希望这些使用智能逻辑生成,然后在底部的子网循环中转换并作为原始 json 传递
我在模板顶部混淆了我的子 ID。如果您想测试我的模板,请替换您的值
非常感谢任何帮助。 :)
我可能会这样做:
"variables": {
"copy": [
{
"name": "routeTables",
"count": "[length(parameters('subnets'))]",
"input": {
"id": "[parameters('subnets')[copyIndex('routeTables')].routeTable]"
}
}
]
},
"properties": {
...
"routeTable": "[if(not(empty(parameters('subnets')[copyIndex('subnets')].routeTable)), variables('routeTables')[copyIndex('subnets')], json('null'))]"
}
感谢您的帮助@4c74356b41 您的建议大部分都在此处。我只需要进一步构建逻辑,这为我提供了我正在寻找的解决方案。我在下面发布了有效的解决方案:)
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"allowedValues": ["australiaeast", "australiasoutheast"],
"defaultValue": "australiasoutheast",
"metadata": {
"description": "Deployment location"
}
},
"routeTables": {
"type": "array",
"defaultValue": [
"TrustedSubnets",
"UntrustedSubnets"
],
"metadata": {
"description": "Array of interconnect route table names, (legal values are - TrustedSubnets or UntrustedSubnets )"
}
},
"subnets": {
"type": "array",
"defaultValue": [
{
"Name": "Management",
"Address": "192.168.1.0/24",
"Nsg": "Yes",
"routeTable": "TrustedSubnets"
},
{
"Name": "Trusted",
"Address": "192.168.2.0/24",
"Nsg": "Yes",
"routeTable": "TrustedSubnets"
},
{
"Name": "Untrusted",
"Address": "192.168.3.0/24",
"Nsg": "Yes",
"routeTable": "UntrustedSubnets"
},
{
"Name": "GatewaySubnet",
"Address": "192.168.4.0/24",
"Nsg": "",
"routeTable": ""
}
],
"metadata": {
"description": "Subnet properties to be deployed per region. Each entry must contain a Name, Address, Nsg and routeTable key. Route tables and NSG's must be fully qualified"
}
},
"vnetName": {
"type": "string",
"defaultValue": "hubvnet",
"metadata": {
"description": "Virtual network name"
}
},
"vnetAddressPrefix": {
"type": "string",
"defaultValue": "192.168.1.0/22",
"metadata": {
"description": "Address prefix"
}
}
},
"variables": {
"alertsDistributionList": "dl_azurevnetalerts@email.com.au",
"HubNetAgResourceId": "[resourceId('microsoft.insights/actionGroups', concat(parameters('vnetName'), '-ag'))]",
"vnetResourceId": "[resourceId('Microsoft.Network/virtualNetworks', concat(parameters('vnetName')))]",
"copy": [
{
"name": "Nsgs",
"count": "[length(parameters('subnets'))]",
"input": {
"id": "[if(contains(parameters('location'), 'australiasoutheast'), resourceId('Microsoft.Network/networkSecurityGroups', concat(parameters('subnets')[copyIndex('Nsgs')].Name, 'Sn', '-ase-nsg')), resourceId('Microsoft.Network/networkSecurityGroups', concat(parameters('subnets')[copyIndex('Nsgs')].Name, 'Sn', '-ae-nsg')))]"
}
},
{
"name": "routeTables",
"count": "[length(parameters('subnets'))]",
"input": {
"id": "[if(contains(parameters('location'), 'australiasoutheast'), resourceId('Microsoft.Network/routeTables', concat(parameters('subnets')[copyIndex('routeTables')].routeTable, '-ase-rt')), resourceId('Microsoft.Network/routeTables', concat(parameters('subnets')[copyIndex('routeTables')].routeTable, '-ae-rt')))]"
}
}
]
},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2019-04-01",
"name": "[if(contains(parameters('location'), 'australiasoutheast'), concat(parameters('subnets')[copyIndex()].Name, 'Sn', '-ase-nsg'), concat(parameters('subnets')[copyIndex()].Name, 'Sn', '-ae-nsg'))]",
"location": "[parameters('location')]",
"copy": {
"name": "NsgCopy",
"count": 3,
"mode": "Serial",
"batchSize": 1
},
"properties": {
"securityRules": []
},
"dependsOn": []
},
{
"apiVersion": "2019-04-01",
"name": "[if(contains(parameters('location'), 'australiasoutheast'), concat(parameters('routeTables')[copyIndex()], '-ase-rt'), concat(parameters('routeTables')[copyIndex()], '-ae-rt'))]",
"type": "Microsoft.Network/routeTables",
"location": "[resourceGroup().location]",
"copy": {
"name": "RtCopy",
"count": "[length(parameters('routeTables'))]"
},
"properties": {
"routes": [],
"disableBgpRoutePropagation": true
}
},
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('vnetName')]",
"apiVersion": "2019-04-01",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetAddressPrefix')]"
]
},
"dhcpOptions": {
"dnsServers": []
},
"virtualNetworkPeerings": [],
"copy": [{
"name": "subnets",
"count": "[length(parameters('subnets'))]",
"input": {
"name": "[parameters('subnets')[copyIndex('subnets')].Name]",
"properties": {
"addressPrefix": "[parameters('subnets')[copyIndex('subnets')].Address]",
"networkSecurityGroup": "[if(not(empty(parameters('subnets')[copyIndex('subnets')].Nsg)), variables('Nsgs')[copyIndex('subnets')], json('null'))]",
"routeTable": "[if(not(empty(parameters('subnets')[copyIndex('subnets')].routeTable)), variables('routeTables')[copyIndex('subnets')], json('null'))]"
}
}
}]
},
"dependsOn": [
"NsgCopy",
"RtCopy"
]
}
]
}