azure - 如何在 ARM 模板中有多个添加访问策略
问题描述
我正在尝试有条件地将访问策略添加到 Key Vault,问题是模板中不能有超过 1 个名为 KeyVault/accessPolicies/add 的资源
这实际上是我想要实现的目标:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"type": "string"
}
},
"resources": [
{
"condition": "[parameters('someCondition')]",
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"name": "[concat(parameters('vaultName'), '/add')]",
"apiVersion": "2016-10-01",
"properties": {
"accessPolicies": [
{
"tenantId": "[if(parameters('someCondition'), reference(variables('someAppServiceResourceId'), '2015-08-31-PREVIEW').tenantId, json('null'))]",
"objectId": "[if(parameters('someCondition'), reference(variables('someAppServiceResourceId'), '2015-08-31-PREVIEW').principalId, json('null'))]",
"permissions": {
"keys": ["all"],
"secrets": ["all"],
"certificates": ["all"],
"storage": ["all"]
}
}
]
}
},
{
"condition": "[parameters('otherCondition')]",
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"name": "[concat(parameters('vaultName'), '/add')]",
"apiVersion": "2016-10-01",
"properties": {
"accessPolicies": [
{
"tenantId": "[if(parameters('otherCondition'), reference(variables('someOTHERAppServiceResourceId'), '2015-08-31-PREVIEW').tenantId, json('null'))]",
"objectId": "[if(parameters('otherCondition'), reference(variables('someOTHERAppServiceResourceId'), '2015-08-31-PREVIEW').principalId, json('null'))]",
"permissions": {
"keys": ["all"],
"secrets": ["all"],
"certificates": ["all"],
"storage": ["all"]
}
}
]
}
}
],
"outputs": {
}
}
但是,我在此部署中只能拥有一个名为“KeyVaultName/add”的资源。
我在想我可以有条件地在变量中构建访问策略数组并进行一些数组连接,但是它不起作用,因为我使用访问策略中的 reference() 函数去获取租户和主体 ID。
解决方案
为什么你认为这行不通?
"properties": {
"copy": [
{
"name": "accessPolicies",
"count": "[xxx]",
"input": {
"tenantId": "[if(parameters('otherCondition'), reference(variables('someOTHERAppServiceResourceId'), '2015-08-31-PREVIEW').tenantId, json('null'))]",
"objectId": "[if(parameters('otherCondition'), reference(variables('someOTHERAppServiceResourceId'), '2015-08-31-PREVIEW').principalId, json('null'))]",
"permissions": {
"keys": ["all"],
"secrets": ["all"],
"certificates": ["all"],
"storage": ["all"]
}
}
}
]
}
推荐阅读
- node.js - Reactjs 无法建立套接字连接,它在调用 componentDidMount 时打开并获得响应
- java - Android:无法添加附件:`SecurityException when openAssetFileDescriptor`
- python - 迭代 DataFrame 时避免“x”未定义错误
- c# - Identityserver4,参数问题。授权码流程
- sql - BigQuery 比较 DATE 和 TIMESTAMP
- sql - 如何在Oracle中剪切最右边的字符串?
- plugins - 如何以非管理员用户身份调用 JFrog Artifactory 用户插件
- java - JodaTime IllegalArgumentException 格式无效“yyyy-MM-dd hh:mm:ss”
- caching - 如何使用 elixir ets 创建复杂的查询
- aspnetboilerplate - 是否可以将审计表“AbpAuditLogs”映射到一个类?