将规则添加到现有NSG，但不在同一ARM模板部署中。 [英] Adding rule to existing NSG, but not in same ARM Template Deployment.

问题描述

 

我正在部署ARM模板，我需要将规则添加到不同资源组中的现有NSG。

I'm deploying an ARM Template, and I need to add a rule to an existing NSG within a different resource group.

        {
            "type": "Microsoft.Network/networkSecurityGroups/securityRules",
            "name": "[concat(parameters('nsgRule'), 'Test')]",
            "apiVersion": "2018-08-01",
            "properties": {
                "networkSecurityGroup": "[resourceId('NAME-RSG-NAME', 'Microsoft.Network/networkSecurityGroups/',variables('existingNSG'))]",
                "protocol": "TCP",
                "sourcePortRange": "*",
                "destinationPortRange": "80",
                "sourceAddressPrefix": "*",
                "destinationAddressPrefix": "*",
                "access": "Allow",
                "priority": 100,
                "direction": "Inbound",
                "sourcePortRanges": [],
                "destinationPortRanges": [],
                "sourceAddressPrefixes": [],
                "destinationAddressPrefixes": []
            }
        }

但是我遇到了问题。第一个问题是它忽略了资源组名称并试图在它正在部署的ResourceGroup中找到NSG，其次是< g class =" gr_ gr_17 gr-alert gr_tiny gr_spell gr_inline_cards gr_run_anim ContextualSpelling
multiReplace"数据-GR-ID =" 17" ID = QUOT; 17" I标记< / g取代;删除对现有资源组名称的引用，出现差异错误 

But I'm getting issues. The first issue is it's ignoring the resource group name and trying to locate the NSG in the ResourceGroup it's deploying to, and secondly if <g class="gr_ gr_17 gr-alert gr_tiny gr_spell gr_inline_cards gr_run_anim ContextualSpelling multiReplace" data-gr-id="17" id="17">i</g> remove the reference to the existing resource group name, a difference error appears 

as incorrect segment lengths. A nested resource type must have identical number of segments as its resource name. A root
          resource type must have segment length one greater than its resource name. Please see https://aka.ms/arm-template/#resources for usage details.'.

有任何想法吗？

谢谢

推荐答案

目前还不清楚你是如何执行模板的。首先，您需要确保针对NSG所在的资源组执行模板。如果您的模板在与NSG组不同的另一个资源组中执行，您可以
开始部署到该组：

It is unclear how exactly you execute the template. First you need to make sure that you execute the template against the resource group where the NSG is located. If your template is executed in another resource group different from the NSG group you can start deployment to that group:

https://docs.microsoft.com/en-us / azure / azure-resource-manager / resource-manager-cross-resource-group-deployment

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-cross-resource-group-deployment

另外因为你的类型是：

"Microsoft.Network/networkSecurityGroups/securityRules",

资源名称必须是这样的：

" name"：" [concat（variables（'existingNSG'），'/'，parameters（'nsgRule） '））]"，

The resource name needs to be something like this:
"name": "[concat(variables('existingNSG'), '/', parameters('nsgRule'))]",

由于您缺少这些重要细节，我建议您再次通过ARM模板文档。

As you are missing these vital details I would suggest also go trough the ARM Template documentation again.

如果答案有帮助，请将此答复标记为答案。

Mark this reply as answer if it has helped you.

这篇关于将规则添加到现有NSG，但不在同一ARM模板部署中。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！