问题描述

如何使用从链接的ARM模板返回的securestring或secureObject的值?

How do I use the value of a returned securestring or secureObject that is returned from a linked ARM template?

例如，一个名为CreateStorage

1. 创建一个Azure存储帐户
2. 在该帐户上创建Blob容器
3. 为容器创建SAS密钥
4. 返回模板outputs部分中的SAS密钥.

1. creates an Azure storage account
2. creates blob containers on that account
3. creates a SAS key for the container
4. returns the SAS key in the templates outputs section.

例如在模板输出中返回SAS:

e.g. returning SAS in the templates outputs:

"outputs": {
    "createdContainerSas": {
        "type": "string",
        "value": "[concat('https://', variables('storageAccountName'), '.blob.core.windows.net/', variables('containerName'), '?', listServiceSas(variables('storageAccountName'), '2018-07-01', variables('importSasInputs')).serviceSasToken)]"
    }
}

然后，主模板会将SAS密钥添加到KeyVault，以便其他应用程序可以使用它.主模板的值如下:

The main template will then add the SAS key to the KeyVault so that it can be used by the rest of the application. The main template gets the value as follows:

"value": "[reference('CreateStorage').outputs.createdContainerSas.value]"

问题是，当前SAS密钥以string的形式返回，这意味着它以纯文本形式出现在Azure部署用户界面中.

The problem is that currently the SAS key is returned as string meaning that it appears in plain text in the Azure deployments UI.

但是，当我将返回对象的类型更改为securestring或secureObject时，则在调用createdContainerSas.value时，会遇到以下错误:

However, when I change the type of returned object to either securestring or secureObject, then when createdContainerSas.value is called, the follow error is encountered:

{\r\n \"code\": \"InvalidTemplate\",\r\n \"message\": \"Unable to process template language expressions for resource '/subscriptions/<my-subscription-id>/resourceGroups/<my-resource-group>/providers/Microsoft.Resources/deployments/CreateKeyVault' at line '310' and column '9'. 'The language expression property 'value' doesn't exist, available properties are 'type'.'\"\r\n }

因此，从子链接的ARM模板返回securestring或secureObject时，.value属性似乎不存在.

So the .value property doesn't seem to exist when returning securestring or secureObject from child linked ARM templates.

位于 https上的Microsoft文档://docs.microsoft.com/zh-CN/azure/azure-resource-manager/resource-manager-templates-outputs 说

以及securestring和secureObject都可以作为模板输入参数正常工作，所以我必须做错了事.

and both securestring and secureObject are working fine as template input parameters so I must be doing something wrong.

如何使用从链接的ARM模板返回的securestring或secureObject的值?

How do I use the value of a returned securestring or secureObject that is returned from a linked ARM template?

推荐答案

secureString \ secureObject类型从输入\输出中省略.您无法获得"它们.他们只是被通过，就是这样.这就是为什么将其称为secure的原因.它们没有在任何地方记录.没有实际的解决方法.

secureString\secureObject types are omitted from the input\output. you cannot "get" them. they are just being passed, that's it. That's why the are called secure. They are not being recorded anywhere. No real workaround.

在这种情况下，您只需在需要的地方拉键，就不必将它们拉到嵌套模板中并将它们传递给父模板.

In your case you just pull keys where you need them, you dont have to pull them in the nested template and pass them to the parent template.

这篇关于如何使用从链接的ARM模板返回的secureObject或securestring的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！