ARM 模板 - 当秘密名称连接时,从 keyvault 中检索不起作用
ARM template - Retrieving from keyvault not working when secret name is concatenated
我正在尝试从我的 ARM 模板中的 Vault 检索机密
在我的参数文件中有以下内容
"resource_Env": {
"value": "dev"
},
"activation_URI": {
"reference": {
"keyVault": {
"id": "/subscriptions/xxx/resourceGroups/RG-DEV/providers/Microsoft.KeyVault/vaults/myVault"
},
"secretName": "[concat('activation-URI-', parameters('resource_Env'))]"
}
}
当我运行这个时,我得到一个错误
Error Code: KeyVaultParameterReferenceSecretRetrieveFailed
Message: The secret of KeyVault parameter 'activation_URI' cannot be retrieved. Http status code: 'BadRequest'. Error message:
'The request URI contains an invalid name: [concat('activation-URI-',
parameters('resource_Env'))]'
concat 似乎不起作用。如果我将整个字符串硬编码为
"secretName": "activation-URI-dev"
效果很好
我无法在 secretName 属性 中进行连接吗?
这是我的模板文件:-
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-
01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resource_Env": {
"type": "string",
"defaultValue": "dev"
},
"resource_Env_number": {
"type": "string",
"defaultValue": "1"
},
"resource_Platform": {
"type": "string",
"defaultValue": "int"
},
"resource_Group_Locn": {
"type": "string",
"defaultValue": "australiasoutheast"
},
"resource_Org": {
"type": "string",
"defaultValue": "eml"
},
"typeName_ResourceGroup": {
"type": "string",
"defaultValue": "rg"
},
"resourceGroupPrefix": {
"type": "string",
"defaultValue": "
[concat(parameters('resource_Env'),parameters('resource_Env_Number'),'-',parameters('resource_Org'),'-',parameters('resource_Platform'))]"
},
"serviceBusNamespaceName": {
"type": "string",
"defaultValue": "
[concat(parameters('resource_Env'),parameters('resource_Env_Number'),'-eml-int-svcbus')]",
"metadata": {
"description": "Name of the Service Bus namespace"
}
},
"serviceBusTopicName": {
"type": "string",
"defaultValue": "transaction",
"metadata": {
"description": "Name of the Topic"
}
},
"typeName_FuncApp": {
"defaultValue": "func",
"type": "string"
},
"ocp_apim_subscription_key": {
"defaultValue": "",
"type": "string",
"metadata": {
"description": "Subscription key for APIM"
}
},
"svcbus_connection_string": {
"defaultValue": "",
"type": "string",
"metadata": {
"description": "Service bus connection string"
}
},
"activation_URI": {
"defaultValue": "",
"type": "string",
"metadata": {
"description": "The URI to the activate endpoint"
}
},
"webhookid": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The id of the webhook registered with EML"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "serviceBusDeployment",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri":
"https://blob/transactiondeployment/azuredeploysvcbus.json",
"contentVersion": "1.0.0.0"
},
"parameters": {
"serviceBusNamespaceName": { "value": " [parameters('serviceBusNamespaceName')]" },
"serviceBusTopicName": { "value": "[parameters('serviceBusTopicName')]" }
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "cosmosDBDeployment",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri":
"https://blob/transactiondeployment/azuredeploycosmosdb.json",
"contentVersion": "1.0.0.0"
},
"parameters": {
"resourceGroupPrefix": { "value": "
[parameters('resourceGroupPrefix')]" }
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "activateSubscriberDeployment",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri":
"https://blob/transactiondeployment/azuredeployactivatesubscriber.json",
"contentVersion": "1.0.0.0"
},
"parameters": {
"resource_Env": { "value": "[parameters('resource_Env')]" },
"resourceGroupPrefix": { "value": "[parameters('resourceGroupPrefix')]" },
"typeName_FuncApp": { "value": "[parameters('typeName_FuncApp')]" },
"serviceBusTopicName": { "value": "[parameters('serviceBusTopicName')]" },
"ocp_apim_subscription_key": { "value": "[parameters('ocp_apim_subscription_key')]" },
"svcbus_connection_string": { "value": "[parameters('svcbus_connection_string')]" },
"activation_URI": { "value": "[parameters('activation_URI')]" }
}
}
}
经过我的验证,我也重现了同样的错误。
要修复它,您可以将参数 activation_URI 作为内联值传递给您的 link 模板。您可以尝试将引用值添加到 parameters 以告知将从何处检索秘密。模板文件将如下所示:
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "activateSubscriberDeployment",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri":
"https://blob/transactiondeployment/azuredeployactivatesubscriber.json",
"contentVersion": "1.0.0.0"
},
"parameters": {
"resource_Env": { "value": "[parameters('resource_Env')]" },
"resourceGroupPrefix": { "value": "[parameters('resourceGroupPrefix')]" },
"typeName_FuncApp": { "value": "[parameters('typeName_FuncApp')]" },
"serviceBusTopicName": { "value": "[parameters('serviceBusTopicName')]" },
"ocp_apim_subscription_key": { "value": "[parameters('ocp_apim_subscription_key')]" },
"svcbus_connection_string": { "value": "[parameters('svcbus_connection_string')]" },
"activation_URI": {
"reference": {
"keyVault": {
"id": "/subscriptions/xxx/resourceGroups/RG-DEV/providers/Microsoft.KeyVault/vaults/myVault"},
"secretName": "[concat('activation-URI-', parameters('resource_Env'))]"
}
}
}
}
}
参数文件将如下所示:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
...
"resource_Env": {
"value": "dev"
}
}
}
更多信息,您可以参考this template。
我正在尝试从我的 ARM 模板中的 Vault 检索机密
在我的参数文件中有以下内容
"resource_Env": {
"value": "dev"
},
"activation_URI": {
"reference": {
"keyVault": {
"id": "/subscriptions/xxx/resourceGroups/RG-DEV/providers/Microsoft.KeyVault/vaults/myVault"
},
"secretName": "[concat('activation-URI-', parameters('resource_Env'))]"
}
}
当我运行这个时,我得到一个错误
Error Code: KeyVaultParameterReferenceSecretRetrieveFailed Message: The secret of KeyVault parameter 'activation_URI' cannot be retrieved. Http status code: 'BadRequest'. Error message: 'The request URI contains an invalid name: [concat('activation-URI-', parameters('resource_Env'))]'
concat 似乎不起作用。如果我将整个字符串硬编码为
"secretName": "activation-URI-dev"
效果很好
我无法在 secretName 属性 中进行连接吗?
这是我的模板文件:-
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-
01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resource_Env": {
"type": "string",
"defaultValue": "dev"
},
"resource_Env_number": {
"type": "string",
"defaultValue": "1"
},
"resource_Platform": {
"type": "string",
"defaultValue": "int"
},
"resource_Group_Locn": {
"type": "string",
"defaultValue": "australiasoutheast"
},
"resource_Org": {
"type": "string",
"defaultValue": "eml"
},
"typeName_ResourceGroup": {
"type": "string",
"defaultValue": "rg"
},
"resourceGroupPrefix": {
"type": "string",
"defaultValue": "
[concat(parameters('resource_Env'),parameters('resource_Env_Number'),'-',parameters('resource_Org'),'-',parameters('resource_Platform'))]"
},
"serviceBusNamespaceName": {
"type": "string",
"defaultValue": "
[concat(parameters('resource_Env'),parameters('resource_Env_Number'),'-eml-int-svcbus')]",
"metadata": {
"description": "Name of the Service Bus namespace"
}
},
"serviceBusTopicName": {
"type": "string",
"defaultValue": "transaction",
"metadata": {
"description": "Name of the Topic"
}
},
"typeName_FuncApp": {
"defaultValue": "func",
"type": "string"
},
"ocp_apim_subscription_key": {
"defaultValue": "",
"type": "string",
"metadata": {
"description": "Subscription key for APIM"
}
},
"svcbus_connection_string": {
"defaultValue": "",
"type": "string",
"metadata": {
"description": "Service bus connection string"
}
},
"activation_URI": {
"defaultValue": "",
"type": "string",
"metadata": {
"description": "The URI to the activate endpoint"
}
},
"webhookid": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The id of the webhook registered with EML"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "serviceBusDeployment",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri":
"https://blob/transactiondeployment/azuredeploysvcbus.json",
"contentVersion": "1.0.0.0"
},
"parameters": {
"serviceBusNamespaceName": { "value": " [parameters('serviceBusNamespaceName')]" },
"serviceBusTopicName": { "value": "[parameters('serviceBusTopicName')]" }
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "cosmosDBDeployment",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri":
"https://blob/transactiondeployment/azuredeploycosmosdb.json",
"contentVersion": "1.0.0.0"
},
"parameters": {
"resourceGroupPrefix": { "value": "
[parameters('resourceGroupPrefix')]" }
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "activateSubscriberDeployment",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri":
"https://blob/transactiondeployment/azuredeployactivatesubscriber.json",
"contentVersion": "1.0.0.0"
},
"parameters": {
"resource_Env": { "value": "[parameters('resource_Env')]" },
"resourceGroupPrefix": { "value": "[parameters('resourceGroupPrefix')]" },
"typeName_FuncApp": { "value": "[parameters('typeName_FuncApp')]" },
"serviceBusTopicName": { "value": "[parameters('serviceBusTopicName')]" },
"ocp_apim_subscription_key": { "value": "[parameters('ocp_apim_subscription_key')]" },
"svcbus_connection_string": { "value": "[parameters('svcbus_connection_string')]" },
"activation_URI": { "value": "[parameters('activation_URI')]" }
}
}
}
经过我的验证,我也重现了同样的错误。
要修复它,您可以将参数 activation_URI 作为内联值传递给您的 link 模板。您可以尝试将引用值添加到 parameters 以告知将从何处检索秘密。模板文件将如下所示:
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "activateSubscriberDeployment",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri":
"https://blob/transactiondeployment/azuredeployactivatesubscriber.json",
"contentVersion": "1.0.0.0"
},
"parameters": {
"resource_Env": { "value": "[parameters('resource_Env')]" },
"resourceGroupPrefix": { "value": "[parameters('resourceGroupPrefix')]" },
"typeName_FuncApp": { "value": "[parameters('typeName_FuncApp')]" },
"serviceBusTopicName": { "value": "[parameters('serviceBusTopicName')]" },
"ocp_apim_subscription_key": { "value": "[parameters('ocp_apim_subscription_key')]" },
"svcbus_connection_string": { "value": "[parameters('svcbus_connection_string')]" },
"activation_URI": {
"reference": {
"keyVault": {
"id": "/subscriptions/xxx/resourceGroups/RG-DEV/providers/Microsoft.KeyVault/vaults/myVault"},
"secretName": "[concat('activation-URI-', parameters('resource_Env'))]"
}
}
}
}
}
参数文件将如下所示:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
...
"resource_Env": {
"value": "dev"
}
}
}
更多信息,您可以参考this template。