azure - ARM 模板循环/循环依赖解析

问题描述

我按以下顺序通过 Azure 门户创建了一些资源。

1. 创建了一个具有两个子网的虚拟网络，其中一个subnet1我启用了存储服务端点。
2. 创建了一个存储帐户stgaccount1，然后在存储帐户的防火墙设置上，我添加了子网 1。
3. 创建了一个服务端点策略，它只允许访问stgaccount1并将此策略关联到subnet1.

这个设置对我来说工作得很好，现在我想自动化它，因此我为它生成了模板，但是仅仅通过查看模板，模板中似乎存在循环依赖关系，当我尝试部署它时，它按预期失败了。

依赖流看起来像这样。

1. 服务端点策略取决于存储帐户。
2. 存储帐户取决于，subnet1因为仅允许此子网访问。
3. 现在，由于子网也与 ServiceEndpoint 策略相关联，因此它依赖于 Service End Point Policy。

我不确定谁能解决这个依赖链或者什么是正确的方法。

以下是供参考的模板。

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymenttemplate.json#",
    "contentversion": "1.0.0.0",
    "parameters": {
        "virtual_network_name": {
            "defaultvalue": "vnet",
            "type": "string"
        },
        "serviceEndPointPolicyName": {
            "type": "string",
            "defaultvalue": "storageEndPointPolicy"
        }
    },
    "variables": {
        "storageAccountName": "[tolower(concat(resourceGroup().name, 'storageaccount'))]",
        "virtualNetworkName": "[concat(resourceGroup().name, parameters('virtual_network_name'))]"
    },
    "resources": [
        {
            "type": "Microsoft.Network/serviceEndpointPolicies",
            "apiVersion": "2019-11-01",
            "name": "[parameters('serviceEndPointPolicyName')]",
            "location": "eastus",
            "dependsOn": [
                "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
            ],
            "properties": {
                "serviceEndpointPolicyDefinitions": [
                    {
                        "name": "[concat(parameters('serviceEndPointPolicyName'), '_Microsoft.Storage')]",
                        "properties": {
                            "service": "Microsoft.Storage",
                            "serviceResources": [
                                "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
                            ]
                        }
                    }
                ]
            }
        },
        {
            "type": "Microsoft.Storage/storageAccounts",
            "apiVersion": "2019-06-01",
            "name": "[variables('storageAccountName')]",
            "location": "eastus",
            "dependsOn": [
                "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), 'subent1')]"
            ],
            "sku": {
                "name": "Standard_RAGRS",
                "tier": "Standard"
            },
            "kind": "StorageV2",
            "properties": {
                "networkAcls": {
                    "bypass": "AzureServices",
                    "virtualNetworkRules": [
                        {
                            "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), 'subent1')]",
                            "action": "Allow",
                            "state": "Succeeded"
                        }
                    ],
                    "ipRules": [
                    ],
                    "defaultAction": "Deny"
                },
                "supportsHttpsTrafficOnly": false,
                "encryption": {
                    "services": {
                        "file": {
                            "keyType": "Account",
                            "enabled": true
                        },
                        "blob": {
                            "keyType": "Account",
                            "enabled": true
                        }
                    },
                    "keySource": "Microsoft.Storage"
                },
                "accessTier": "Hot"
            }
        },


        {
            "type": "Microsoft.Network/virtualNetworks",
            "apiVersion": "2019-11-01",
            "name": "[variables('virtualNetworkName')]",
            "location": "eastus",
            "dependsOn": [
                "[resourceId('Microsoft.Network/serviceEndpointPolicies', parameters('serviceEndPointPolicyName'))]"
            ],
            "properties": {
                "addressSpace": {
                    "addressPrefixes": [
                        "10.0.0.0/16"
                    ]
                },
                "subnets": [
                    {
                        "name": "subnet2",
                        "properties": {
                            "addressPrefix": "10.0.1.0/24",
                            "delegations": [
                            ],
                            "privateEndpointNetworkPolicies": "Enabled",
                            "privateLinkServiceNetworkPolicies": "Enabled"
                        }
                    },
                    {
                        "name": "subent1",
                        "properties": {
                            "addressPrefix": "10.0.0.0/24",
                            "serviceEndpointPolicies": [
                                {
                                    "id": "[resourceId('Microsoft.Network/serviceEndpointPolicies', parameters('serviceEndPointPolicyName'))]"
                                }
                            ],
                            "serviceEndpoints": [
                                {
                                    "service": "Microsoft.Storage",
                                    "locations": [
                                        "*"
                                    ]
                                }
                            ],
                            "delegations": [
                            ],
                            "privateEndpointNetworkPolicies": "Enabled",
                            "privateLinkServiceNetworkPolicies": "Enabled"
                        }
                    }
                ],
                "virtualNetworkPeerings": [
                ],
                "enableDdosProtection": false,
                "enableVmProtection": false
            }
        },
        {
            "type": "Microsoft.Network/virtualNetworks/subnets",
            "apiVersion": "2019-11-01",
            "name": "[concat(variables('virtualNetworkName'), '/subent1')]",
            "dependsOn": [
                "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]",
                "[resourceId('Microsoft.Network/serviceEndpointPolicies', parameters('serviceEndPointPolicyName'))]"
            ],
            "properties": {
                "addressPrefix": "10.0.0.0/24",
                "serviceEndpointPolicies": [
                    {
                        "id": "[resourceId('Microsoft.Network/serviceEndpointPolicies', parameters('serviceEndPointPolicyName'))]"
                    }
                ],
                "serviceEndpoints": [
                    {
                        "service": "Microsoft.Storage",
                        "locations": [
                            "*"
                        ]
                    }
                ],
                "delegations": [
                ],
                "privateEndpointNetworkPolicies": "Enabled",
                "privateLinkServiceNetworkPolicies": "Enabled"
            }
        },
        {
            "type": "Microsoft.Network/virtualNetworks/subnets",
            "apiVersion": "2019-11-01",
            "name": "[concat(variables('virtualNetworkName'), '/subnet2')]",
            "dependsOn": [
                "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]"
            ],
            "properties": {
                "addressPrefix": "10.0.1.0/24",
                "delegations": [
                ],
                "privateEndpointNetworkPolicies": "Enabled",
                "privateLinkServiceNetworkPolicies": "Enabled"
            }
        }

    ]
}

标签： azureazure-resource-managerarm-template