如何解决尝试使用私有端点和私有链接运行用于存储帐户配置的 ARM 模板时出错
我正在尝试使用 ARM 模板部署 V2 存储帐户以及私有端点和私有链接。我的订阅中已经有一个资源组、VNET 和子网,我想利用它们来配置一个具有专用端点和专用链接的新存储帐户。
当我从 powershell 运行命令来部署 ARM 模板时,它会向我抛出错误,尽管我能够看到正在创建的私有端点和存储帐户。我看不到的是私人链接
New-AzResourceGroupDeployment : 11:02:18 PM - The deployment 'Storacc_PvtEndpoint'
Failed with error(s). Showing 1 out of 1 error(s).
Status Message: Cannot parse the request. (Code: InvalidRequestFormat)
- Error converting value "blob" to type
'System.Collections.Generic.ICollection`1[System.String]'. Path
'properties.privateLinkServiceConnections[0].properties.groupIds',line 1,position
336. (Code:InvalidJson)
CorrelationId: 9606ab6b-35d6-49c0-a811-fa5154ff83e6
At line:1 char:1
+ New-AzResourceGroupDeployment -ResourceGroupName dops-pipeline -Templ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzResourceGroupDeployment],Exc
eption
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Imple
mentation.NewAzureResourceGroupDeploymentCmdlet
DeploymentName : Storacc_PvtEndpoint
ResourceGroupName : dops-pipeline
ProvisioningState : Failed
Timestamp : 5/26/2021 2:02:13 AM
Mode : Incremental
TemplateLink :
Parameters :
Name Type
Value
=======================================
========================= ==========
storageAccountType String
Standard_lrs
location String
canadacentral
containerPrefix String
canadacentral
vnetName String
pvt-endpoint-vnet
subnetName String
blob-pvt-endpoint-sub
resourceGroupName String
dops-pipeline
blobStorageAccountPrivateEndpointName String
endpointsht5gcoc5cztq
Outputs :
DeploymentDebugLogLevel :
请在下面找到我的 ARM 模板
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#","contentVersion": "1.0.0.0","parameters": {
"storageAccountType": {
"type": "string","defaultValue": "Standard_lrs","allowedValues": [
"Standard_lrs","Standard_GRS","Standard_ZRS","Premium_lrs"
],"Metadata": {
"description": "Storage Account type"
}
},"location": {
"type": "string","defaultValue": "[resourceGroup().location]","Metadata": {
"description": "Storage Account Location"
}
},"containerPrefix" : {
"type" : "string","defaultValue" : "[resourceGroup().location]"
},"vnetName" : {
"type" : "string","defaultValue" : "pvt-endpoint-vnet"
},"subnetName" : {
"type" : "string","defaultValue" : "blob-pvt-endpoint-sub"
},"resourceGroupName" : {
"type" : "string","defaultValue" : "dops-pipeline"
},"blobStorageAccountPrivateEndpointName" : {
"type" : "string","defaultValue" : "[toLower(concat('endpoint',uniqueString(resourceGroup().id)))]"
}
},"variables": {
"blobstorageAccountName" : "[tolower(concat('stor',uniquestring(subscription().id,resourceGroup().id)))]","blobStorageAccountId" : "[resourceId('Microsoft.Storage/storageAccounts',variables('blobStorageAccountName'))]","blobPublicDNSZoneForwarder" : "[concat('.blob.',environment().suffixes.storage)]","blobPrivatednSZoneName" : "[concat('privatelink',variables('blobPublicDNSZoneForwarder'))]","blobPrivatednsZoneId" : "[resourceId('Microsoft.Network/privatednsZones',variables('blobPrivatednsZoneName'))]","blobPrivatednsZoneGroup" : "[concat(parameters('blobStorageAccountPrivateEndpointName'),'/',variables('blobStorageAccountPrivateEndpointGroupName'),'PrivatednsZoneGroup')]","blobStorageAccountPrivateEndpointGroupName" : "blob","vnetId" : "[concat('/subscriptions/',subscription().subscriptionId,'/resourceGroups/',parameters('resourceGroupName'),'/providers/','Microsoft.Network/virtualNetworks/',parameters('vnetName'))]","subnetId" : "[concat('/subscriptions/',parameters('vnetName'),'/subnets/',parameters('subnetName'))]"
},"resources": [
{
"type": "Microsoft.Storage/storageAccounts","apiVersion": "2021-01-01","name": "[variables('blobstorageAccountName')]","location": "[parameters('location')]","sku": {
"name": "[parameters('storageAccountType')]"
},"kind": "StorageV2","properties": {
"minimumTlsversion" : "TLS1_2","allowBlobPublicAccess" : false,"networkAcls": {
"bypass" : "AzureServices","defaultAction" : "Deny","virtualNetworkRules" : [
{
"id" : "[variables('subnetId')]","action" : "Allow"
}
]
}
}
},{
"type" : "Microsoft.Network/privatednsZones/virtualNetworkLinks","apiVersion": "2018-09-01","name" : "[concat(variables('blobPrivatednSZoneName'),'/link_to_',toLower(parameters('vnetName')))]","location" : "global","dependsOn" : [
"[variables('blobPrivatednsZoneId')]"
],"properties" : {
"registrationEnabled" : false,"virtualNetwork" : {
"id" : "[variables('vnetId')]"
}
}
},{
"type" : "Microsoft.Network/privateEndpoints","apiVersion" : "2020-04-01","name" : "[parameters('blobStorageAccountPrivateEndpointName')]","location" : "[resourceGroup().location]","dependsOn" : [
"[variables('blobStorageAccountId')]"
],"properties" : {
"privateLinkServiceConnections" : [
{
"name" : "parameters('blobStorageAccountPrivateEndpointName')","properties" : {
"privateLinkServiceId" : "[variables('blobStorageAccountId')]","groupIds" : "[variables('blobStorageAccountPrivateEndpointGroupName')]"
}
}
],"subnet" :{
"id" : "[variables('subnetId')]"
},"customDnsConfigs" : [
{
"fqdn" : "[concat(variables('blobStorageAccountName'),variables('blobPublicDNSZoneForwarder'))]"
}
]
}
},{
"type" : "Microsoft.Network/privatednsZones","apiVersion" : "2018-09-01","name" : "[variables('blobPrivatednSZoneName')]","location" : "global","properties" : {
"maxnumberOfRecordSets" : 25000,"maxnumberOfVirtualNetworkLinks" : 1000,"maxnumberOfVirtualNetworkLinksWithRegistration" : 100
}
},{
"type" : "Microsoft.Network/privateEndpoints/privatednsZoneGroups","apiVersion" : "2020-03-01","name" : "[variables('blobPrivatednsZoneGroup')]","dependsOn" : [
"[variables('blobPrivatednsZoneId')]","[parameters('blobStorageAccountPrivateEndpointName')]"
],"properties" : {
"privatednsZoneConfigs" :[
{
"name" : "dnsConfig","properties" : {
"privatednsZoneId" : "[variables('blobPrivatednsZoneId')]"
}
}
]
}
},{
"type": "Microsoft.Storage/storageAccounts/blobServices","name" :"[tolower(concat(variables('blobstorageaccountname'),'/default'))]","dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts',variables('blobstorageAccountName'))]"
],"properties": {
"isversioningEnabled" : true,"deleteRetentionPolicy" : {
"enabled" : true,"days" : 30
},"changeFeed" : {
"enabled" : true
},"containerDeleteRetentionPolicy" :{
"enabled" : true,"days" : 30
}
}
},{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers","name": "[concat(variables('blobstorageAccountName'),'/default/',parameters('containerPrefix'),copyIndex())]","copy": {
"name": "containercopy","count": 2
},variables('blobstorageAccountName'))]"
]
}
],"outputs": {
"storageAccountName": {
"type": "string","value": "[variables('blobstorageAccountName')]"
}
}
}
解决方法
此问题已由@Thomas 的评论解决,只需添加它们作为结束问题的答案即可。
您需要从 "[variables('vnetId')]" 中删除 dependsOn,如果模板中未定义资源,则不应在 dependson 中使用它,并且属性 groupIds 是一个数组应该是:"groupIds": [ "[variables('blobStorageAccountPrivateEndpointGroupName')]"].
参考 - https://docs.microsoft.com/en-us/azure/templates/microsoft.network/privateendpoints?tabs=json
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
