【发布时间】:2020-10-10 15:28:42
【问题描述】:
我正在尝试从参数对象部署虚拟网络、子网和 NSG
"vnetSettings": {
"value": {
"name": "myVnet",
"addressPrefixes": [
{
"name": "addressSpace",
"addressPrefix": "172.25.196.0/22"
}
],
"subnets": [
{
"name": "data-subnet",
"subnetPrefix": "172.25.196.0/27"
},
{
"name": "app-subnet",
"subnetPrefix": "172.25.196.32/27"
},
{
"name": "web-subnet",
"subnetPrefix": "172.25.196.64/27"
},
{
"name": "pridmz-subnet",
"subnetPrefix": "172.25.196.96/27"
},
{
"name": "pubdmz-subnet",
"subnetPrefix": "172.25.196.128/27"
},
{
"name": "AzureFirewallSubnet",
"subnetPrefix": "172.25.196.160/28"
}
]
}
}
从此参数对象中,我需要遍历每个项目并创建虚拟网络、子网和 NSG,并为每个子网分配一个 NSG - 这很好,除了我需要排除为 Azure 防火墙创建 NSG 并排除需要为防火墙子网分配 NSG
所以我正在尝试在 copyIndex 中找到一种方法
{
"apiVersion": "2017-06-01",
"type": "Microsoft.Network/networkSecurityGroups",
"copy": {
"name": "iterator",
"count": "[length(parameters('VNetSettings').subnets)]"
},
"name": "[if(equals(parameters('VNetSettings').subnets[copyIndex()].name, 'AzureFirewallSubnet'), json('null'), toUpper(concat(parameters('VNetSettings').name , '-', resourceGroup().location, '-', parameters('VNetSettings').subnets[copyIndex()].name, '-nsg')))]",
"location":"[resourceGroup().location]",
"properties": {
"securityRules": []
}
},
这个错误与
'The template resource '[if(equals(parameters('VNetSettings').subnets[copyIndex()].name, 'AzureFirewallSubnet'), json('null'), toUpper(concat(parameters('VNetSettings').name , '-', resourceGroup().location, '-', parameters('VNetSettings').subnets[copyIndex()].name, '-nsg')))]' at line '1' and column '467' is not valid: Evaluation result of language expression '[if(equals(parameters('VNetSettings').subnets[copyIndex()].name, 'AzureFirewallSubnet'), json('null'), toUpper(concat(parameters('VNetSettings').name , '-', resourceGroup().location, '-', parameters('VNetSettings').subnets[copyIndex()].name, '-nsg')))]' is type 'Null', expected type is 'String'
我可以通过传入一个字符串而不是 JSON('null') 来解决此错误,JSON('null') 然后创建所有 NSG,但我遇到的问题是在迭代子网的 copyIndex 时。
{
"apiVersion": "2020-04-01",
"name": "[toUpper(concat(parameters('VNetSettings').name, '-', resourceGroup().location, '-vnet'))]",
"dependsOn": [
"iterator"
],
"type": "Microsoft.Network/virtualNetworks",
"location":"[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('virtualNetworkaddressSpace')]"
]
},
"copy":[
{
"name": "subnets",
"count":6,
"input": {
"name": "[if(equals(parameters('VNetSettings').subnets[copyIndex('subnets')].name, 'AzureFirewallSubnet'), variables('azureFirewallSubnetName'), concat(parameters('VNetSettings').name,'-', resourceGroup().location, '-', parameters('VNetSettings').subnets[copyIndex('subnets')].name))]",
"properties": {
"addressPrefix": "[parameters('VNetSettings').subnets[copyIndex('subnets')].subnetPrefix]",
"networkSecurityGroup": {
"id": "[if(equals(parameters('VNetSettings').subnets[copyIndex('subnets')].name, 'AzureFirewallSubnet'), json('null'), resourceId('Microsoft.Network/networkSecurityGroups/', concat(parameters('VNetSettings').name, '-', resourceGroup().location, '-', parameters('VNetSettings').subnets[copyIndex('subnets')].name, '-nsg')))]"
},
我希望这是有道理的,有人可以帮忙吗?
谢谢
【问题讨论】:
标签: azure arm-template