循环遍历 ARM 模板中的值 [英] Looping through values in ARM templates
问题描述
我一直在处理 ARM 模板的一个问题,现在已经超过一天了,但似乎卡住了,所以如果有人可以提供帮助,请询问 SO.
I've been working on an issue I'm having with ARM templates for over a day now, and seem to be stuck, so asking on SO in case anyone can help.
为了描述这个问题,我有一个现有的 Azure Key Vault 设置,并希望向这个资源组添加一些访问策略.以下是添加 Key Vault 访问策略的 ARM 模板参考,仅供参考:
To describe the issue, I've got an existing Azure Key Vault setup, and wish to add a number of access policies to this resource group. For reference purposes, the following is the ARM template reference for adding Key Vault Access Policies:
我有许多用户希望分配相同的权限,并且这个用户列表不太可能经常更改,所以我希望在模板本身中对引用这些用户的 objectId 数组进行硬编码,然后使用复制"功能来创建多重访问策略.本质上,我希望最终结果接近于此,其中访问策略之间唯一变化的值是标识用户的 objectID:
I have a number of users I wish to assign the same permissions to, and this list of users is unlikely to change frequently, so I wish to hardcode an array of objectIds referring to these users within the template itself, and then use the "copy" functionality to create multiple access policy . Essentially I want the end result to be close to this, where the only value that changes between access policies is the objectID identifying the user:
{
"name": "TestKeyVault/add",
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"apiVersion": "2018-02-14",
"properties": {
"accessPolicies": [
{
"tenantId": "tenantIDStringGoesHere",
"objectId": "guidForUser1GoesHere",
"permissions": {
"keys": ["List"],
"secrets": ["List"],
"certificates": ["List"]
}
},
{
"tenantId": "tenantIDStringGoesHere",
"objectId": "guidForUser2GoesHere",
"permissions": {
"keys": ["List"],
"secrets": ["List"],
"certificates": ["List"]
}
}
]
}
}
我想用循环来解决这个问题而不是手动复制访问策略的原因是我相信它会使维护更容易,因为可以通过从数组中添加或删除值来处理人员更改,而不是复制或删除较大部分的文本.
The reason I want to sort this out with a loop rather than duplicating the access policies by hand is that I believe it'll make maintenance easier, as personnel changes can be handled by adding or removing values from an array rather than having to duplicate or remove larger portions of text.
我试图理解此处概述的复制"语法,但我还没有找到适合我的用例的正确组合:
I've tried to understand the "copy" syntax outlined here, but I haven't found the right combination that works for my use case:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-multiple
我得到的最接近的是以下内容:
The closest I've got is the following:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVaultName": {
"type": "string",
"metadata": {
"description": "Name of the Vault"
}
},
"tenantId": {
"type": "string",
"defaultValue": "[subscription().tenantId]",
"metadata": {
"description": "Tenant Id of the subscription. Get using Get-AzureRmSubscription cmdlet or Get Subscription API"
}
},
"objectId": {
"type": "array",
"defaultValue": [
"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"
],
"metadata": {
"description": "Object Id of the AD user. Get using Get-AzureRmADUser or Get-AzureRmADServicePrincipal cmdlets"
}
},
"secretsPermissions": {
"type": "array",
"defaultValue": [
"list"
],
"metadata": {
"description": "Permissions to secrets in the vault. Valid values are: all, get, set, list, and delete."
}
}
},
"variables": {
"objectIdCount": "[length(parameters('objectId'))]"
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"name": "TestKeyVault/add",
"apiVersion": "2018-02-14",
"properties": {
"accessPolicies": [{
"tenantId": "[parameters('tenantId')]",
"objectId": "[parameters('objectId')[copyIndex('objectIdCopy')]]",
"permissions": {
"secrets": "[parameters('secretsPermissions')]"
},
"copy": {
"name": "objectIdCopy",
"count": 2
}
}]
}
}
]
}
值得注意的是,虽然我用 X 和 Y 替换了这个 SO 版本中的 objectIds,但如果我替换objectId",代码在真实版本中工作:[parameters('objectId')[copyIndex('objectIdCopy')]]" 和 "objectId": "[parameters('objectId')[0]]"(换句话说,如果我只是硬编码数组索引它可以工作,但如果我尝试使用 copyIndex 它不会).
Worth noting that whilst I've replaced the objectIds in this SO version with X's and Y's, the code works in the real version if I replace "objectId": "[parameters('objectId')[copyIndex('objectIdCopy')]]" with "objectId": "[parameters('objectId')[0]]" (in other words, if I just hardcode the array index it works, but if I try to use copyIndex it does not).
我尝试过使用该模板的不同变体时收到各种错误消息,但在最近的迭代中,我在尝试通过 PowerShell 部署模板时收到的错误消息基本上可以概括为模板函数此位置不应出现copyIndex"".
I've had various error messages with the different variants of this template that I've tried, but with this latest iteration the error message I get when attempting to deploy the template through PowerShell can basically be summarised as "The template function 'copyIndex' is not expected at this location".
说到我一直用来测试的PowerShell,下面是一个简化版:
Talking of the PowerShell I've been using to test it, the following is a simplified version:
Clear-Host
$deploymentResourceGroupName = 'TestRG'
$templatePath = 'test_template.json'
$templateParameterObject = @{}
$templateParameterObject += @{'keyVaultName' = 'TestKeyVault'}
New-AzureRmResourceGroupDeployment -ResourceGroupName $deploymentResourceGroupName -TemplateFile $templatePath -TemplateParameterObject $templateParameterObject
我意识到这是一个很长的问题,但我希望我提供了足够的信息来帮助调试.
I realise this is a long question, but I'm hoping I've provided sufficient information to help with debugging this.
有什么建议我应该更改以使复制功能正常工作吗?
Any suggestions what I should change to get the copy functionality working?
推荐答案
这或多或少是你想要的(如果我理解正确的话):
This is more or less what you want (if I understand you properly):
{
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"name": "TestKeyVault/add",
"apiVersion": "2018-02-14",
"properties": {
"copy": [
{
"name": "accessPolicies",
"count": "[length(parameters('objectId'))]",
"input": {
"tenantId": "[parameters('tenantId')]",
"objectId": "[parameters('objectId')[copyIndex('accessPolicies')]]",
"permissions": {
"secrets": "[parameters('secretsPermissions')]"
}
}
}
]
}
}
这篇关于循环遍历 ARM 模板中的值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
