How to use secureObject or securestring returned from a linked ARM template

天涯浪子 提交于 2019-12-10 23:45:36

问题


How do I use the value of a returned securestring or secureObject that is returned from a linked ARM template?

For example, one child linked template named CreateStorage

  1. creates an Azure storage account
  2. creates blob containers on that account
  3. creates a SAS key for the container
  4. returns the SAS key in the templates outputs section.

e.g. returning SAS in the templates outputs:

"outputs": {
    "createdContainerSas": {
        "type": "string",
        "value": "[concat('https://', variables('storageAccountName'), '.blob.core.windows.net/', variables('containerName'), '?', listServiceSas(variables('storageAccountName'), '2018-07-01', variables('importSasInputs')).serviceSasToken)]"
    }
}

The main template will then add the SAS key to the KeyVault so that it can be used by the rest of the application. The main template gets the value as follows:

"value": "[reference('CreateStorage').outputs.createdContainerSas.value]"

The problem is that currently the SAS key is returned as string meaning that it appears in plain text in the Azure deployments UI.

However, when I change the type of returned object to either securestring or secureObject, then when createdContainerSas.value is called, the follow error is encountered:

{\r\n \"code\": \"InvalidTemplate\",\r\n \"message\": \"Unable to process template language expressions for resource '/subscriptions/<my-subscription-id>/resourceGroups/<my-resource-group>/providers/Microsoft.Resources/deployments/CreateKeyVault' at line '310' and column '9'. 'The language expression property 'value' doesn't exist, available properties are 'type'.'\"\r\n }

So the .value property doesn't seem to exist when returning securestring or secureObject from child linked ARM templates.

The Microsoft docs at https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-templates-outputs say

Output values support the same types as template input parameters.

and both securestring and secureObject are working fine as template input parameters so I must be doing something wrong.

How do I use the value of a returned securestring or secureObject that is returned from a linked ARM template?


回答1:


secureString\secureObject types are omitted from the input\output. you cannot "get" them. they are just being passed, that's it. That's why the are called secure. They are not being recorded anywhere. No real workaround.

In your case you just pull keys where you need them, you dont have to pull them in the nested template and pass them to the parent template.



来源:https://stackoverflow.com/questions/54435900/how-to-use-secureobject-or-securestring-returned-from-a-linked-arm-template

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!