azure arm模板嵌套数组作为参数
Posted
技术标签:
【中文标题】azure arm模板嵌套数组作为参数【英文标题】:azure arm template nested array as parameter 【发布时间】:2017-10-27 14:59:12 【问题描述】:我正在尝试创建一个包含多个网络安全组 (NSG) 的 json 对象,以便构建它们并使用“计数”应用到 vNet 子网以最小化模板代码。 The Microsoft Documentation covers how to create an object for one NSG's settings 在“在复制循环中使用属性对象”部分下。这需要我为我需要的每个 NSG 创建一个新的参数对象,并为每个 NSG 创建冗长的模板代码。
我目前正在使用以下参数对象来保存有关虚拟网络的所有信息,包括 NSG。 NSG 将绑定到子网,第一个子网“GatewaySubnet”被排除在需要 NSG 之外
"vNetProperties":
"value":
"vNetAddressSpace": "10.136.0.0/16",
"subnetNames": [
"GatewaySubnet",
"Kemp-frontend-subnet",
"AD-backend-subnet"
],
"subnetRanges": [
"10.136.0.0/27",
"10.136.1.0/24",
"10.136.2.0/24"
],
"networkSecurityGroups":
"value":
"kempNSG":
"value":
"securityRules": [
"name": "HTTPS",
"description": "allow HTTPS connections",
"direction": "Inbound",
"priority": 100,
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "10.0.0.0/24",
"sourcePortRange": "*",
"destinationPortRange": "443",
"access": "Allow",
"protocol": "Tcp"
,
"name": "HTTP",
"description": "allow HTTP connections",
"direction": "Inbound",
"priority": 100,
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "10.0.0.0/24",
"sourcePortRange": "*",
"destinationPortRange": "80",
"access": "Allow",
"protocol": "Tcp"
]
,
"adNSG":
"value":
"securityRules": [
"name": "RDPAllow",
"description": "allow RDP connections",
"direction": "Inbound",
"priority": 100,
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "10.0.0.0/24",
"sourcePortRange": "*",
"destinationPortRange": "3389",
"access": "Allow",
"protocol": "Tcp"
]
我处理对象的模板代码如下:
"apiVersion": "2016-06-01",
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[concat(parameters('vNetProperties').subnetNames[copyIndex(1)], '-nsg')]",
"location": "[resourceGroup().location]",
"copy":
"name": "NSGs",
"count": "[length(array(parameters('vNetProperties').networkSecurityGroups))]"
,
"properties":
"copy": [
"name": "securityRules",
"count": "[length(array(parameters('vNetProperties').networkSecurityGroups[copyIndex('securityRules')]))]",
"input":
"description": "[parameters('vNetProperties').networkSecurityGroups[0].securityRules[0].description]",
"priority": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].priority]",
"protocol": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].protocol]",
"sourcePortRange": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].sourcePortRange]",
"destinationPortRange": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].destinationPortRange]",
"sourceAddressPrefix": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].sourceAddressPrefix]",
"destinationAddressPrefix": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].destinationAddressPrefix]",
"access": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].access]",
"direction": "[parameters('vNetProperties').networkSecurityGroups[copyIndex('NSGs')].securityRules[copyIndex('securityRules')].direction]"
]
我现在的代码肯定不起作用。我现在需要验证这种类型的逻辑在 ARM 中甚至是可能的。是否有可能有一个数组,其中数组中的每个项目都是一个数组本身,并以 array1[i].array2[j].name 这样的方式引用两个级别的数组?
【问题讨论】:
【参考方案1】:这种方法行不通,你不能在同一个资源中拥有循环和属性复制循环,并且像这样引用对象(可悲)。
您的解决方法是为每个父对象(networkSecurityGroups)创建一个嵌套部署,并在该部署中创建一个属性复制循环(安全规则)。这将起作用,因为您将只有一个复制循环。
【讨论】:
以上是关于azure arm模板嵌套数组作为参数的主要内容,如果未能解决你的问题,请参考以下文章
Azure Devops:是不是可以将 yaml 模板嵌套在另一个 yaml 模板中?
Terraform - 将类型对象作为参数传递给 Azure 模板部署
发布后如何将 Azure 数据工厂参数放入 ARM 模板参数文件 (ARMTemplateParametersForFactory.json)