Azure 循环遍历ARM模板中的值
我一直在研究一个关于ARM模板的问题,现在已经有一天多了,而且似乎被卡住了,所以继续问下去,以防有人能帮上忙 为了描述这个问题,我已经有了一个现有的Azure Key Vault设置,并希望向这个资源组添加一些访问策略。出于参考目的,以下是用于添加密钥Vault访问策略的ARM模板参考: 我希望为许多用户分配相同的权限,并且此用户列表不太可能经常更改,因此我希望在模板本身中硬编码引用这些用户的ObjectID数组,然后使用“复制”功能创建多访问策略。本质上,我希望最终结果接近于此,其中在访问策略之间更改的唯一值是标识用户的objectID:Azure 循环遍历ARM模板中的值,azure,powershell,arm-template,azure-resource-group,Azure,Powershell,Arm Template,Azure Resource Group,我一直在研究一个关于ARM模板的问题,现在已经有一天多了,而且似乎被卡住了,所以继续问下去,以防有人能帮上忙 为了描述这个问题,我已经有了一个现有的Azure Key Vault设置,并希望向这个资源组添加一些访问策略。出于参考目的,以下是用于添加密钥Vault访问策略的ARM模板参考: 我希望为许多用户分配相同的权限,并且此用户列表不太可能经常更改,因此我希望在模板本身中硬编码引用这些用户的ObjectID数组,然后使用“复制”功能创建多访问策略。本质上,我希望最终结果接近于此,其中在访问策
{
"name": "TestKeyVault/add",
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"apiVersion": "2018-02-14",
"properties": {
"accessPolicies": [
{
"tenantId": "tenantIDStringGoesHere",
"objectId": "guidForUser1GoesHere",
"permissions": {
"keys": ["List"],
"secrets": ["List"],
"certificates": ["List"]
}
},
{
"tenantId": "tenantIDStringGoesHere",
"objectId": "guidForUser2GoesHere",
"permissions": {
"keys": ["List"],
"secrets": ["List"],
"certificates": ["List"]
}
}
]
}
}
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVaultName": {
"type": "string",
"metadata": {
"description": "Name of the Vault"
}
},
"tenantId": {
"type": "string",
"defaultValue": "[subscription().tenantId]",
"metadata": {
"description": "Tenant Id of the subscription. Get using Get-AzureRmSubscription cmdlet or Get Subscription API"
}
},
"objectId": {
"type": "array",
"defaultValue": [
"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"
],
"metadata": {
"description": "Object Id of the AD user. Get using Get-AzureRmADUser or Get-AzureRmADServicePrincipal cmdlets"
}
},
"secretsPermissions": {
"type": "array",
"defaultValue": [
"list"
],
"metadata": {
"description": "Permissions to secrets in the vault. Valid values are: all, get, set, list, and delete."
}
}
},
"variables": {
"objectIdCount": "[length(parameters('objectId'))]"
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"name": "TestKeyVault/add",
"apiVersion": "2018-02-14",
"properties": {
"accessPolicies": [{
"tenantId": "[parameters('tenantId')]",
"objectId": "[parameters('objectId')[copyIndex('objectIdCopy')]]",
"permissions": {
"secrets": "[parameters('secretsPermissions')]"
},
"copy": {
"name": "objectIdCopy",
"count": 2
}
}]
}
}
]
}
Clear-Host
$deploymentResourceGroupName = 'TestRG'
$templatePath = 'test_template.json'
$templateParameterObject = @{}
$templateParameterObject += @{'keyVaultName' = 'TestKeyVault'}
New-AzureRmResourceGroupDeployment -ResourceGroupName $deploymentResourceGroupName -TemplateFile $templatePath -TemplateParameterObject $templateParameterObject
有什么建议我应该更改什么以使复制功能正常工作吗?这或多或少是您想要的(如果我正确理解您的意思):
阅读:谢谢!您的建议奏效了,我忽略了“name”值必须是要循环的属性值。感谢您添加到相关文档的直接链接。
{
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"name": "TestKeyVault/add",
"apiVersion": "2018-02-14",
"properties": {
"copy": [
{
"name": "accessPolicies",
"count": "[length(parameters('objectId'))]",
"input": {
"tenantId": "[parameters('tenantId')]",
"objectId": "[parameters('objectId')[copyIndex('accessPolicies')]]",
"permissions": {
"secrets": "[parameters('secretsPermissions')]"
}
}
}
]
}
}