I am creating a bicep files that deploys a key vault and a few storage accounts. But these resources are in different module files. I can seem to reference the key vault when I am trying to add the storage account connection string to the key vault.
main.bicep
module resourceKeyVaultModule './modules/keyvault.bicep' = {
name: 'resourceKeyVaultModuleDeployment'
params: {
application: application
location: location
environment: environment
severity: severity
}
scope: resourceGroup
}
module resourceStorageAccountModule './modules/storage.bicep' = {
name: 'resourceStorageAccountModuleDeployment'
params: {
application: application
location: location
environment: environment
severity: severity
keyVault: resourceKeyVaultModule.outputs.name
}
scope: resourceGroup
}
keyvault.bicep
// == Key Vault
resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
name: nameKeyVault
location: location
tags: {
location: location
environment: environment
severity: severity
}
properties: {
accessPolicies: [
{
objectId: ''
permissions: {
certificates: [
'all'
]
keys: [
'all'
]
secrets: [
'all'
]
storage: [
'all'
]
}
tenantId: ''
}
]
sku: {
family: 'A'
name: 'standard'
}
tenantId: ''
}
}
output name string = keyVault.name
storage.bicep
param keyVault string
// == Storage Account
resource storageAccount 'Microsoft.Storage/storageAccounts@2022-05-01' = {
name: nameStorageAccount
location: location
tags: {
location: location
environment: environment
severity: severity
}
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
properties: {
minimumTlsVersion: 'TLS1_2'
}
}
resource secretConnectionString 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
name: 'connectionString-storageAccount'
dependsOn: [keyVault]
tags: {
location: location
environment: environment
severity: severity
}
properties: {
value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};AccountKey=${listKeys(storageAccount.id, storageAccount.apiVersion).keys[0].value};EndpointSuffix=${az.environment().suffixes.storage}'
}
}
dependsOn: [keyVault]
Error: The enclosing array expected an item of type "module[] | (resource | module) | resource[]", but the provided item was of type "string".bicep(BCP034)
CodePudding user response:
I think you are looking for the existing
keyword.
To reference an existing resource that isn't deployed in your current Bicep file, declare the resource with the existing keyword. Use the existing keyword when you're deploying a resource that needs to get a value from an existing resource. You access the existing resource's properties through its symbolic name.
The resource isn't redeployed when referenced with the existing keyword.
Source: Existing resources in Bicep