azure - 在嵌套 ARM 模板中使用 resourceId 函数时出错
问题描述
我正在尝试在嵌套模板中部署功能应用(应用服务)、应用服务计划和 Azure 存储帐户,但是当我尝试部署时出现错误:
Status Message: The Resource 'Microsoft.Storage/storageAccounts/saaccountname389' under resource group '<null>' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix (Code:ResourceNotFound)
导致模板失败的部分在 appSettings 中,在函数应用的属性中,它尝试列出存储帐户密钥。我见过的所有示例模板(包括 Azure 中的导出模板选项),使用 listKeys(resourceId('Microsoft.Storage/storageAccounts', 'storageaccountnamehere') 按照我下面的代码执行此操作:
"appSettings": [
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',variables('Resources').FunctionStorageAccName,';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('Resources').FunctionStorageAccName), '2019-06-01').keys[0].value,';EndpointSuffix=','core.windows.net')]"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',variables('Resources').FunctionStorageAccName,';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('Resources').FunctionStorageAccName), '2019-06-01').keys[0].value,';EndpointSuffix=','core.windows.net')]"
}
我看到我的模板和我见过的其他模板之间的唯一区别是我的模板是嵌套的,我认为我可能没有在嵌套模板中正确使用 resourceId,但是我真的无法弄清楚我需要做些什么不同的事情和 ms文档并没有增加太多清晰度:https ://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/scope-functions?tabs=azure-powershell 。
我已经尝试了 resourceId 函数的许多变体,例如包括资源组名称、资源组名称和订阅 ID - 所有返回的错误都略有不同。
完整的嵌套模板如下:
{
"name": "data",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"resourceGroup": "[variables('ResourceGroups').RGFunction]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups',variables('ResourceGroups').RGFunction)]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2018-11-01",
"name": "[variables('Resources').FunctionName]",
"type": "Microsoft.Web/sites",
"kind": "functionapp",
"location": "[parameters('locationName')]",
"tags": {},
"dependsOn": [
"[variables('Resources').FunctionASPName]",
"[variables('Resources').FunctionStorageAccName]"
],
"properties": {
"name": "[variables('Resources').FunctionName]",
"siteConfig": {
"appSettings": [
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~3"
},
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "dotnet"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',variables('Resources').FunctionStorageAccName,';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('Resources').FunctionStorageAccName), '2019-06-01').keys[0].value,';EndpointSuffix=','core.windows.net')]"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',variables('Resources').FunctionStorageAccName,';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('Resources').FunctionStorageAccName), '2019-06-01').keys[0].value,';EndpointSuffix=','core.windows.net')]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[concat(toLower(variables('Resources').FunctionName), 'a97a')]"
}
],
"use32BitWorkerProcess": true
},
"serverFarmId": "[concat('/subscriptions/', subscription().subscriptionId,'/resourcegroups/', variables('ResourceGroups').RGFunction, '/providers/Microsoft.Web/serverfarms/', variables('Resources').FunctionASPName)]",
"clientAffinityEnabled": false
}
},
{
"apiVersion": "2018-11-01",
"name": "[variables('Resources').FunctionASPName]",
"type": "Microsoft.Web/serverfarms",
"location": "[parameters('locationName')]",
"kind": "",
"tags": {},
"dependsOn": [],
"properties": {
"name": "[variables('Resources').FunctionASPName]",
"workerSize": "[parameters('FunctionConfiguration').ASPworkerSize]",
"workerSizeId": "[parameters('FunctionConfiguration').ASPworkerSize]",
"numberOfWorkers": "[parameters('FunctionConfiguration').ASPnumberOfWorkers]"
},
"sku": {
"Tier": "[parameters('FunctionConfiguration').ASPsku]",
"Name": "[parameters('FunctionConfiguration').ASPskuCode]"
}
},
{
"apiVersion": "2019-06-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('Resources').FunctionStorageAccName]",
"location": "[parameters('locationName')]",
"tags": {},
"sku": {
"name": "Standard_LRS"
},
"properties": {
"supportsHttpsTrafficOnly": true,
"minimumTlsVersion": "TLS1_2"
}
}
]
}
}
}
解决方案
您将嵌套模板的范围划分为与父模板不同的资源组。看起来您的存储帐户与您要部署的功能不同。默认情况下,resourceId 函数假定资源与您进行模板部署的资源位于同一 RG 中(在您的情况下 - 嵌套的资源)。
您需要在 resourceId 函数中指定存储帐户所在的资源组的名称,或者将存储帐户密钥作为安全字符串参数传递到嵌套模板中。
顺便说一句 - 您是否考虑过将 Azure Bicep 用于 IaaC 而不是 ARM?
推荐阅读
- java - 如何在JAVA中用另一个类对象从主类调用主类的方法
- python - 将安全组中的 ip 列入白名单的 Lambda 函数
- javascript - 为什么有条件渲染的 React 组件在刷新时会闪烁,而不是同一组件的内联版本?
- c++ - 在构造函数中调用函数给出不同的结果c ++
- view - SwiftUI:如何检测两个视图是否相互交叉?
- python-3.x - 这个简单的 Promise-chaining JavaScript 类的有效 Python 等价物
- elasticsearch - 使用 kubernetes 的 Elasticsearch 多节点集群?
- html - 在复选框html上使用if else条件
- java - 如何在服务器(Ubuntu)上验证 Google Drive API?
- java - Unirest Java 客户端:kong.unirest.UnirestException:org.apache.http.client.ClientProtocolException