如何解决Bicep 删除“现有”密钥保管库资源
在我的 Bicep 文件中,我使用的是 Azure keyvault 资源,如下所示:
resource kv 'Microsoft.keyvault/vaults@2021-04-01-preview' existing = {
name: kvName
scope: resourceGroup(subscriptionId,resourceGroup().name)
}
module db 'modules/database.bicep' = if (dbIsEnabled) {
name: 'db'
scope: resourceGroup()
params: {
location: location
namePrefix: namePrefix
regionSuffix: regionSuffix
administratorLogin: dbAdminUsername
administratorLoginPassword: kv.getSecret('dbAdminPassword')
edition: dbedition
}
}
这很好用(我猜...),但只是第一次。
$ az deployment group create --verbose -c --mode Complete -g "$rgName" -f shr.bicep -p "@$paramFile"
{'properties': {'template': <azure.cli.command_modules.resource.custom.JsonCTemplate object at 0x7fbc0079aa90>,'parameters': {'subscriptionId': {'value': '20d2016b-1234-1234-1234-be72462e1234'},'kvName': {'value': 'shrKvTest0830'},'tenantPrefix': {'value': 'adv'},'environmentSuffix': {'value': 'demo'},'regionSuffix': {'value': 'useast'},'dbIsEnabled': {'value': True},'dbedition': {'value': 'Premium'},'dbAdminUsername': {'value': 'adm'}},'mode': 'Complete','whatIfSettings': {'resultFormat': 'FullResourcePayloads'}}}
Noneunning ..
Note: The result may contain false positive predictions (noise).
You can help us improve the accuracy of the result by opening an issue here: https://aka.ms/WhatIfIssues.
Resource and property changes are indicated with these symbols:
- Delete
+ Create
The deployment will update the following scope:
Scope: /subscriptions/20d2016b-1234-1234-1234-be72462e1234/resourceGroups/shrDevopsTesting123
- Microsoft.keyvault/vaults/shrKvTest0830
id: "/subscriptions/20d2016b-1234-1234-1234-be72462e1234/resourceGroups/shrDevopsTesting123/providers/Microsoft.keyvault/vaults/shrKvTest0830"
location: "westeurope"
name: "shrKvTest0830"
type: "Microsoft.keyvault/vaults"
+ Microsoft.sql/servers/adv-demo-db-srv-useast [2021-02-01-preview]
apiVersion: "2021-02-01-preview"
id: "/subscriptions/20d2016b-1234-1234-1234-be72462e1234/resourceGroups/shrDevopsTesting123/providers/Microsoft.sql/servers/adv-demo-db-srv-useast"
location: "westeurope"
name: "adv-demo-db-srv-useast"
properties.administratorLogin: "*******"
properties.administratorLoginPassword: "*******"
type: "Microsoft.sql/servers"
Resource changes: 1 to delete,1 to create.
Are you sure you want to execute the deployment? (y/n): y
{'properties': {'template': <azure.cli.command_modules.resource.custom.JsonCTemplate object at 0x7fb3612dbd68>,'mode': 'Complete'}}
{'properties': {'template': <azure.cli.command_modules.resource.custom.JsonCTemplate object at 0x7fb3609fda20>,'mode': 'Complete'}}
Noneunning ..
Noneunning ..
Noneunning ..
Noneunning ..
Noneunning ..
Noneunning ..
Noneunning ..
Noneunning ..
Noneunning ..
Noneunning ..
id: /subscriptions/20d2016b-1234-1234-1234-be72462e1234/resourceGroups/ShrDevopsTesting123/providers/Microsoft.Resources/deployments/shr
location: null
name: shr
properties:
correlationId: fd11a316-604a-42cf-a474-c881be120643
debugSetting: null
dependencies: []
duration: PT4M23.8746353S
error: null
mode: Complete
onErrorDeployment: null
outputResources:
- id: /subscriptions/20d2016b-1234-1234-1234-be72462e1234/resourceGroups/ShrDevopsTesting123/providers/Microsoft.sql/servers/adv-demo-db-srv-useast
resourceGroup: ShrDevopsTesting123
outputs: null
parameters:
dbAdminUsername:
type: String
value: adm
dbedition:
type: String
value: Premium
dbIsEnabled:
type: Bool
value: true
environmentSuffix:
type: String
value: demo
kvName:
type: String
value: shrKvTest0830
location:
type: String
value: westeurope
regionSuffix:
type: String
value: useast
subscriptionId:
type: String
value: 20d2016b-1234-1234-1234-be72462e1234
tenantPrefix:
type: String
value: adv
parametersLink: null
providers:
- id: null
namespace: Microsoft.Resources
registrationPolicy: null
registrationState: null
resourceTypes:
- aliases: null
apiProfiles: null
apiVersions: null
capabilities: null
defaultApiVersion: null
locationMappings: null
locations:
- null
properties: null
resourceType: deployments
zoneMappings: null
provisioningState: Succeeded
templateHash: '11903751957628416401'
templateLink: null
timestamp: '2021-06-21T06:44:34.352407+00:00'
validatedResources: null
resourceGroup: ShrDevopsTesting123
tags: null
type: Microsoft.Resources/deployments
Command ran in 333.163 seconds (init: 0.734,invoke: 332.429)
但是当我再次运行完全相同的命令时,它失败了(正如“-c
”的输出所“预测”的那样):
$ az deployment group create --verbose -c --mode Complete -g "$rgName" -f shr.bicep -p "@$paramFile"
{'properties': {'template': <azure.cli.command_modules.resource.custom.JsonCTemplate object at 0x7fa480cb2a90>,'dbAdminUsername': {'value': 'shradmin'}},'whatIfSettings': {'resultFormat': 'FullResourcePayloads'}}}
Noneunning ..
keyvaultParameterReferenceNotFound - The specified keyvault '/subscriptions/20d2016b-1234-1234-1234-be72462e1234/resourceGroups/ShrDevopsTesting123/providers/Microsoft.keyvault/vaults/shrKvTest0830' Could not be found. Please see https://aka.ms/arm-keyvault for usage details.
Command ran in 34.891 seconds (init: 0.432,invoke: 34.458)
我做错了什么?为什么 Bicep 删除 Key Vault kv
,尽管我用“existing
”来引用它?我正在运行模式 --mode Complete
。
解决方法
Existing 关键字表示我知道该资源存在。它不是部署模板的一部分 - 它更像是一个指针而不是实际资源。
当 bicep 编译为 ARM 时,具有现有关键字的资源将转换为引用调用。 请注意,现有资源可能属于与您部署模板不同的范围。
因此,您的模板没有 Key Vault 资源,因此在竞争模式下计划删除。完整模式是为了确保目标(通常是资源组)的内容与模板指定的完全相同。
没有从完整模式部署中排除资源的选项。您可以尝试在 bicep 的 github 上提出功能请求。
在您的情况下,删除现有关键字并定义您的密钥保管库应如何存在。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。