如何解决Azure ARM 在模板部署期间抛出错误的存储连接字符串请求
我正在创建一个 Azure 存储帐户、密钥保管库,并将存储帐户访问密钥作为密钥添加到密钥保管库中。我没有发现 ARM 代码有任何问题,但是当我在 Azure 中部署它时,我收到了对连接机密的错误请求。
for (let i = 0; i < listJobC.length; i++) {
jobc = listJobC[i];
var opt = document.createElement("option");
opt.value= jobc['jobClassId'];
opt.innerHTML = jobc['jobClassName'];
seljob.appendChild(opt);
}
我已经设置了密钥保管库机密的依赖项,以确保它仅在部署存储帐户和密钥保管库后完成。这是来自 Azure 的部署错误。我使用 Azure Cli 的服务主体来部署它,因此 kv_owner_id 从 cli 作为服务主体客户端 ID 传递。
{
"condition": "[equals(parameters('storageAccountOption'),'new')]","name": "[variables('storageaccountuniqueName')]","type": "Microsoft.Storage/storageAccounts","apiVersion": "2019-06-01","tags": "[parameters('tagValues')]","location": "[parameters('location')]","kind": "StorageV2","sku": {
"name": "Standard_lrs","tier": "Standard"
}
},{
"name": "[variables('kvname')]","type": "Microsoft.keyvault/vaults","apiVersion": "2019-09-01","location": "[resourceGroup().location]","properties": {
"enabledForDeployment": false,"enabledForTemplateDeployment": true,"enabledFordiskEncryption": false,"tenantId": "[variables('tenantId')]","accesspolicies": [
{
"tenantId": "[variables('tenantId')]","objectId": "[parameters('kv_owner_id')]","permissions": {
"secrets": [
"all"
]
}
},{
"tenantId": "[variables('tenantId')]","objectId": "[reference(resourceId('Microsoft.DataFactory/factories',variables('adfname')),'2018-06-01','full').identity.principalId]","permissions": {
"keys": [],"secrets": [
"list","get"
]
}
}
],"sku": {
"name": "standard","family": "A"
}
}
},{
"name": "[concat(variables('kvname'),'/',variables('kv-stg-secretname'))]","type": "Microsoft.keyvault/vaults/secrets","dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts',variables('storageaccountuniqueName'))]","[resourceId('Microsoft.keyvault/vaults',variables('kvname'))]"
],"properties": {
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',variables('storageaccountuniqueName'),';AccountKey=',listKeys(variables('storageaccountid'),'2019-06-01').keys[0].value,';EndpointSuffix=core.windows.net')]"
}
}
以下是从门户看到的部署操作的概述。除了 conn 字符串秘密外,一切都已成功创建。
解决方法
如何定义 storageaccountid 变量?您可以在 resourceId() 中使用标准的 listKeys 引用:
"properties": {
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',variables('storageaccountuniqueName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts',variables('storageaccountuniqueName')),'2019-06-01').keys[0].value,';EndpointSuffix=core.windows.net')]"
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
