我目前有一个名为 main.bicep 的大型 .bicep 文件,我正在对其进行模块化。具体来说,我一直致力于将 Cosmos 资源移动到一个名为 cosmos-db.bicep 的自己的文件中,并在 main.bicep 中使用它。
cosmos-db.二头肌
// Parameters
param cosmosAccountName string
param databaseName string
param location string = resourceGroup().location
param appTags object
param subnetFunctionName string
param ipRules array
param vnetName string
param cosmosDbName string
// Variables
var dealDataContainerName = 'deal'
var refDataContainerName = 'refdata'
var userProfileContainerName = 'userprofile'
// Cosmos DB Container info to be looped over
var cosmosContainers = [
{
name: userProfileContainerName
id: 'userprofile'
partitionKey: '/userId'
}
{
name: refDataContainerName
id: 'refdata'
partitionKey: '/partKey'
}
{
name: dealDataContainerName
id: 'deal'
partitionKey: '/dealId'
}
]
// Resource References
resource subnetFunction 'Microsoft.Network/virtualNetworks/subnets@2020-08-01' existing = {
name: subnetFunctionName
}
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2020-08-01' existing = {
name: vnetName
}
// Resources
// Cosmos DB Account
resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2020-06-01-preview' = {
name: cosmosAccountName
location: location
tags: appTags
kind: 'GlobalDocumentDB'
identity: {
type: 'None'
}
properties: {
publicNetworkAccess: 'Enabled' //TODO - ulp.
enableAutomaticFailover: true
enableMultipleWriteLocations: true
isVirtualNetworkFilterEnabled: true // Suggested to be set as false by MS
virtualNetworkRules: [
{
id: subnetFunction.id
ignoreMissingVNetServiceEndpoint: false
}
]
disableKeyBasedMetadataWriteAccess: false
enableFreeTier: false
enableAnalyticalStorage: false
createMode: 'Default'
databaseAccountOfferType: 'Standard'
consistencyPolicy: {
defaultConsistencyLevel: 'Session'
maxIntervalInSeconds: 5
maxStalenessPrefix: 100
}
locations: [
{
locationName: location
failoverPriority: 0
isZoneRedundant: true
}
{
locationName: 'Central US'
failoverPriority: 1
isZoneRedundant: true
}
]
cors: []
capabilities: []
ipRules: ipRules
backupPolicy: {
type: 'Periodic'
periodicModeProperties: {
backupIntervalInMinutes: 240
backupRetentionIntervalInHours: 8
}
}
}
dependsOn: [
virtualNetwork
]
}
// Cosmos SQL Database
resource cosmosdb 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2020-04-01' = {
name: cosmosDbName
// parent: cosmos
properties: {
resource: {
id: databaseName
}
options: {
throughput: 400
}
}
}
// Cosmos Containers
resource cosmosContainerUser 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2021-06-15' = [for container in cosmosContainers: {
name: container.name
parent: cosmosdb
properties: {
resource: {
id: container.id
indexingPolicy: {
indexingMode: 'consistent'
automatic: true
includedPaths:[
{
path: '/*'
}
]
excludedPaths: [
{
path: '/"_etag"/?'
}
]
}
partitionKey: {
kind: 'Hash'
paths: [
container.partitionKey
]
}
conflictResolutionPolicy: {
mode: 'LastWriterWins'
conflictResolutionPath: '/_ts'
}
}
}
}]
output resource object = cosmos
主二头肌
module cosmos '../../../cicd/bicep/modules/datastore/cosmos-db.bicep' = {
name: cosmosAccountName
params: {
cosmosAccountName: cosmosAccountName
cosmosDbName: cosmosDbName
databaseName: databaseName
appTags: appTags
subnetFunctionName: '${virtualNetwork.name}/function'
vnetName: vnetName
ipRules: [for address in ipaddresses: {
ipAddressOrRange: '${address.CIDR}'
}]
}
}
此代码工作并创建一个 Cosmos 帐户、一个 Cosmos 数据库和三个 Cosmos 容器。尽管 Cosmos 部署通过了,但由于我的密钥保管库机密资源,整个管道失败了。
主二头肌
// Key Vault Secret
resource kvsecret 'Microsoft.KeyVault/vaults/secrets@2019-09-01' = if (deployDB || deployKV) {
name: '${keyVault.name}/databaseConnectionString'
dependsOn: [
keyVault
]
properties: {
value: listConnectionStrings(cosmos.id, cosmos.apiVersion).connectionStrings[0].connectionString
attributes: {
nbf: 1617093384
enabled: true
exp: 1680161784
}
}
}
我从listConnectionString()函数中得到一个错误说:The type "module" does not contain property "apiVersion". Available properties include "name", "outputs".
为了摆脱这个错误,我试图改变listConnectionString(cosmos.name, '2020-06-01-preview')给出错误的值:
"The api-version '2020-06-01-preview' is invalid. The supported versions are '2021-04-01,2021-01-01,2020-10-01,2020-09-01,2020-08-01,2020-07-01,2020-06-01,2020-05-01,2020-01-01,2019-11-01,2019-10-01,2019-09-01,2019-08-01,2019-07-01,2019-06-01,2019-05-10,2019-05-01,2019-03-01,2018-11-01,2018-09-01,2018-08-01,2018-07-01,2018-06-01,2018-05-01,2018-02-01,2018-01-01,2017-08-01,2017-06-01,2017-05-10,2017-05-01,2017-03-01,2016-09-01,2016-07-01,2016-06-01,2016-02-01,2015-11-01,2015-01-01,2014-04-01-preview,2014-04-01,2014-01-01,2013-03-01,2014-02-26,2014-04'.\"
然后我尝试将其更改2020-06-01-preview为2020-06-01返回错误:
"No HTTP resource was found that matches the request URI 'https://management.azure.com/subscriptions/<subscriptionId>/resourcegroups/<resourceGroupName>/providers/Microsoft.Resources/deployments/gbt-nprod-iac-eastus2-dealservice-cosmos/listConnectionStrings?api-version=2020-06-01'.\"
我知道问题是因为模块不包含 id 和 apiVersion 属性,所以我尝试使用资源组的输出。
我在 cosmos-db.bicep 中添加了以下行:
output apiVersion string = cosmos.apiVersion
并且还在 main.bicep 中添加了以下内容:
var apiVersion = cosmos.outputs.apiVersion
// Key Vault Secret
resource kvsecret 'Microsoft.KeyVault/vaults/secrets@2019-09-01' = if (deployDB || deployKV) {
...
properties: {
value: listConnectionStrings(cosmos.name, apiVersion).connectionStrings[0].connectionString
attributes: {
...
}
}
}
这导致了一个不同的错误:
This expression is being used in an argument of the function "listConnectionStrings", which requires a value that can be calculated at the start of the deployment. You are referencing a variable which cannot be calculated at the start ("apiVersion" -> "cosmos"). Properties of cosmos which can be calculated at the start include "name".
我的问题是,是否有另一种方法可以检索密钥库机密的 Cosmos 连接字符串?如果没有,我怎样才能正确地将 Cosmos 的 API 版本添加到这个listConnectionStrings()函数中?