问题
How do I use the value of a returned securestring
or secureObject
that is returned from a linked ARM template?
For example, one child linked template named CreateStorage
- creates an Azure storage account
- creates blob containers on that account
- creates a SAS key for the container
- returns the SAS key in the templates
outputs
section.
e.g. returning SAS in the templates outputs:
"outputs": {
"createdContainerSas": {
"type": "string",
"value": "[concat('https://', variables('storageAccountName'), '.blob.core.windows.net/', variables('containerName'), '?', listServiceSas(variables('storageAccountName'), '2018-07-01', variables('importSasInputs')).serviceSasToken)]"
}
}
The main template will then add the SAS key to the KeyVault so that it can be used by the rest of the application. The main template gets the value as follows:
"value": "[reference('CreateStorage').outputs.createdContainerSas.value]"
The problem is that currently the SAS key is returned as string
meaning that it appears in plain text in the Azure deployments UI.
However, when I change the type of returned object to either securestring
or secureObject
, then when createdContainerSas.value
is called, the follow error is encountered:
{\r\n \"code\": \"InvalidTemplate\",\r\n \"message\": \"Unable to process template language expressions for resource '/subscriptions/<my-subscription-id>/resourceGroups/<my-resource-group>/providers/Microsoft.Resources/deployments/CreateKeyVault' at line '310' and column '9'. 'The language expression property 'value' doesn't exist, available properties are 'type'.'\"\r\n }
So the .value
property doesn't seem to exist when returning securestring
or secureObject
from child linked ARM templates.
The Microsoft docs at https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-templates-outputs say
Output values support the same types as template input parameters.
and both securestring
and secureObject
are working fine as template input parameters so I must be doing something wrong.
How do I use the value of a returned securestring
or secureObject
that is returned from a linked ARM template?
回答1:
secureString\secureObject types are omitted from the input\output. you cannot "get" them. they are just being passed, that's it. That's why the are called secure
. They are not being recorded anywhere. No real workaround.
In your case you just pull keys where you need them, you dont have to pull them in the nested template and pass them to the parent template.
来源:https://stackoverflow.com/questions/54435900/how-to-use-secureobject-or-securestring-returned-from-a-linked-arm-template