azure - 尝试使用专用端点和专用链接运行用于存储帐户配置的 ARM 模板时出错
问题描述
我正在尝试使用 ARM 模板部署 V2 存储帐户以及专用端点和专用链接。我的订阅中已经有一个资源组、VNET 和子网,我想利用它们来配置一个带有私有端点和私有链接的新存储帐户。
当我从 powershell 运行命令以部署 ARM 模板时,尽管我能够看到正在创建的私有端点和存储帐户,但它会向我抛出错误。我看不到的是私人链接
New-AzResourceGroupDeployment : 11:02:18 PM - The deployment 'Storacc_PvtEndpoint'
failed with error(s). Showing 1 out of 1 error(s).
Status Message: Cannot parse the request. (Code: InvalidRequestFormat)
- Error converting value "blob" to type
'System.Collections.Generic.ICollection`1[System.String]'. Path
'properties.privateLinkServiceConnections[0].properties.groupIds', line 1, position
336. (Code:InvalidJson)
CorrelationId: 9606ab6b-35d6-49c0-a811-fa5154ff83e6
At line:1 char:1
+ New-AzResourceGroupDeployment -ResourceGroupName dops-pipeline -Templ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzResourceGroupDeployment], Exc
eption
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Imple
mentation.NewAzureResourceGroupDeploymentCmdlet
DeploymentName : Storacc_PvtEndpoint
ResourceGroupName : dops-pipeline
ProvisioningState : Failed
Timestamp : 5/26/2021 2:02:13 AM
Mode : Incremental
TemplateLink :
Parameters :
Name Type
Value
=======================================
========================= ==========
storageAccountType String
Standard_LRS
location String
canadacentral
containerPrefix String
canadacentral
vnetName String
pvt-endpoint-vnet
subnetName String
blob-pvt-endpoint-sub
resourceGroupName String
dops-pipeline
blobStorageAccountPrivateEndpointName String
endpointsht5gcoc5cztq
Outputs :
DeploymentDebugLogLevel :
请在下面找到我的 ARM 模板
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_ZRS",
"Premium_LRS"
],
"metadata": {
"description": "Storage Account type"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Storage Account Location"
}
},
"containerPrefix" : {
"type" : "string",
"defaultValue" : "[resourceGroup().location]"
},
"vnetName" : {
"type" : "string",
"defaultValue" : "pvt-endpoint-vnet"
},
"subnetName" : {
"type" : "string",
"defaultValue" : "blob-pvt-endpoint-sub"
},
"resourceGroupName" : {
"type" : "string",
"defaultValue" : "dops-pipeline"
},
"blobStorageAccountPrivateEndpointName" : {
"type" : "string",
"defaultValue" : "[toLower(concat('endpoint',uniqueString(resourceGroup().id)))]"
}
},
"variables": {
"blobstorageAccountName" : "[tolower(concat('stor', uniquestring(subscription().id,resourceGroup().id)))]",
"blobStorageAccountId" : "[resourceId('Microsoft.Storage/storageAccounts', variables('blobStorageAccountName'))]",
"blobPublicDNSZoneForwarder" : "[concat('.blob.', environment().suffixes.storage)]",
"blobPrivateDNSZoneName" : "[concat('privatelink', variables('blobPublicDNSZoneForwarder'))]",
"blobPrivateDnsZoneId" : "[resourceId('Microsoft.Network/privateDnsZones', variables('blobPrivateDnsZoneName'))]",
"blobPrivateDnsZoneGroup" : "[concat(parameters('blobStorageAccountPrivateEndpointName'),'/', variables('blobStorageAccountPrivateEndpointGroupName'), 'PrivateDnsZoneGroup')]",
"blobStorageAccountPrivateEndpointGroupName" : "blob",
"vnetId" : "[concat('/subscriptions/',subscription().subscriptionId,'/resourceGroups/',parameters('resourceGroupName'),'/providers/','Microsoft.Network/virtualNetworks/',parameters('vnetName'))]",
"subnetId" : "[concat('/subscriptions/',subscription().subscriptionId,'/resourceGroups/',parameters('resourceGroupName'),'/providers/','Microsoft.Network/virtualNetworks/',parameters('vnetName'),'/subnets/',parameters('subnetName'))]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-01-01",
"name": "[variables('blobstorageAccountName')]",
"location": "[parameters('location')]",
"sku": {
"name": "[parameters('storageAccountType')]"
},
"kind": "StorageV2",
"properties": {
"minimumTlsVersion" : "TLS1_2",
"allowBlobPublicAccess" : false,
"networkAcls": {
"bypass" : "AzureServices",
"defaultAction" : "Deny",
"virtualNetworkRules" : [
{
"id" : "[variables('subnetId')]",
"action" : "Allow"
}
]
}
}
},
{
"type" : "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
"apiVersion": "2018-09-01",
"name" : "[concat(variables('blobPrivateDNSZoneName'), '/link_to_', toLower(parameters('vnetName')))]",
"location" : "global",
"dependsOn" : [
"[variables('blobPrivateDnsZoneId')]"
],
"properties" : {
"registrationEnabled" : false,
"virtualNetwork" : {
"id" : "[variables('vnetId')]"
}
}
},
{
"type" : "Microsoft.Network/privateEndpoints",
"apiVersion" : "2020-04-01",
"name" : "[parameters('blobStorageAccountPrivateEndpointName')]",
"location" : "[resourceGroup().location]",
"dependsOn" : [
"[variables('blobStorageAccountId')]"
],
"properties" : {
"privateLinkServiceConnections" : [
{
"name" : "parameters('blobStorageAccountPrivateEndpointName')",
"properties" : {
"privateLinkServiceId" : "[variables('blobStorageAccountId')]",
"groupIds" : "[variables('blobStorageAccountPrivateEndpointGroupName')]"
}
}
],
"subnet" :{
"id" : "[variables('subnetId')]"
},
"customDnsConfigs" : [
{
"fqdn" : "[concat(variables('blobStorageAccountName'),variables('blobPublicDNSZoneForwarder'))]"
}
]
}
},
{
"type" : "Microsoft.Network/privateDnsZones",
"apiVersion" : "2018-09-01",
"name" : "[variables('blobPrivateDNSZoneName')]",
"location" : "global",
"properties" : {
"maxNumberOfRecordSets" : 25000,
"maxNumberOfVirtualNetworkLinks" : 1000,
"maxNumberOfVirtualNetworkLinksWithRegistration" : 100
}
},
{
"type" : "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion" : "2020-03-01",
"name" : "[variables('blobPrivateDnsZoneGroup')]",
"location" : "[resourceGroup().location]",
"dependsOn" : [
"[variables('blobPrivateDnsZoneId')]",
"[parameters('blobStorageAccountPrivateEndpointName')]"
],
"properties" : {
"privateDnsZoneConfigs" :[
{
"name" : "dnsConfig",
"properties" : {
"privateDnsZoneId" : "[variables('blobPrivateDnsZoneId')]"
}
}
]
}
},
{
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "2021-01-01",
"name" :"[tolower(concat(variables('blobstorageaccountname'), '/default'))]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('blobstorageAccountName'))]"
],
"properties": {
"isVersioningEnabled" : true,
"deleteRetentionPolicy" : {
"enabled" : true,
"days" : 30
},
"changeFeed" : {
"enabled" : true
},
"containerDeleteRetentionPolicy" :{
"enabled" : true,
"days" : 30
}
}
},
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers",
"apiVersion": "2021-01-01",
"name": "[concat(variables('blobstorageAccountName'), '/default/', parameters('containerPrefix'), copyIndex())]",
"copy": {
"name": "containercopy",
"count": 2
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('blobstorageAccountName'))]"
]
}
],
"outputs": {
"storageAccountName": {
"type": "string",
"value": "[variables('blobstorageAccountName')]"
}
}
}
解决方案
@Thomas 的评论解决了这个问题,只需将它们添加为关闭问题的答案即可。
您需要从中删除
"[variables('vnetId')]"
,dependsOn
如果模板中未定义资源,则不应在其中使用该资源dependson
,并且该属性groupIds
是一个数组,因此应该是 :"groupIds": [ "[variables('blobStorageAccountPrivateEndpointGroupName')]"]
。
参考 - https://docs.microsoft.com/en-us/azure/templates/microsoft.network/privateendpoints?tabs=json
推荐阅读
- javascript - 每次运行该钩子时,是否会重新定义“useEffect”钩子中定义的函数?
- python - 我正在尝试创建一个随机杂务生成器,但它似乎无法正确打印
- excel - Excel UDF 函数未更新
- javascript - 巧合排序arraylist搜索
- node.js - 远程服务器 (AWS) 中的映射路径
- php - 在php中将数组转换为矩阵
- node.js - 如何更改节点搜索 package.json 的路径?
- mysql - DataGridView 中的 SQL 到 MySQL
- python - 在机器学习中创建具有多个目标分类数据的模型
- javascript - 调用 addEventListener 调整大小一次?