如何与 bicep 同时部署 App Service + 证书 + HostBinding？

Question

我在使用以下代码同时部署带有证书的 hostNameBinding 时遇到问题：

param appserviceplanId string
param location string
param appservicename string
param domain string

resource appservice 'Microsoft.Web/sites@2020-12-01' = {
  name: appservicename
  location: location
  properties: {
    serverFarmId: appserviceplanId
    enabled: true
    httpsOnly: true
    siteConfig: {
      use32BitWorkerProcess: false
      webSocketsEnabled: true
      alwaysOn: true
      http20Enabled: true
      autoHealEnabled: true
      netFrameworkVersion: 'v5.0'
    }
    clientAffinityEnabled: false
  }
}

resource certificate 'Microsoft.Web/certificates@2021-01-01' = {
  name: '${domain}-certificate'
  location: location
  properties: {
    canonicalName: domain
    serverFarmId: appserviceplanId
    domainValidationMethod: 'http-token'
  }
}

resource hostbinding 'Microsoft.Web/sites/hostNameBindings@2021-01-01' = {
  parent: appservice
  name: domain
  properties: {
    siteName: appservicename
    customHostNameDnsRecordType: 'CName'
    hostNameType: 'Verified'
    sslState: 'SniEnabled'
    thumbprint: certificate.properties.thumbprint
  }
}

仅当我通过注释掉证书来逐步部署它时，它才有效：

param appserviceplanId string
param location string
param appservicename string
param domain string

resource appservice 'Microsoft.Web/sites@2020-12-01' = {
  name: appservicename
  location: location
  properties: {
    serverFarmId: appserviceplanId
    customDomainVerificationId: 'DNS Record verification'
    enabled: true
    httpsOnly: true
    siteConfig: {
      use32BitWorkerProcess: false
      webSocketsEnabled: true
      alwaysOn: true
      http20Enabled: true
      autoHealEnabled: true
      netFrameworkVersion: 'v5.0'
    }
    clientAffinityEnabled: false
  }
}

// resource certificate 'Microsoft.Web/certificates@2021-01-01' = {
//   name: '${domain}-certificate'
//   location: location
//   properties: {
//     canonicalName: domain
//     serverFarmId: appserviceplanId
//     domainValidationMethod: 'http-token'
//   }
// }

resource hostbinding 'Microsoft.Web/sites/hostNameBindings@2021-01-01' = {
  parent: appservice
  name: domain
  properties: {
    siteName: appservicename
    customHostNameDnsRecordType: 'CName'
    hostNameType: 'Verified'
    // sslState: 'SniEnabled'
    // thumbprint: certificate.properties.thumbprint
  }
}

之后我可以运行整个过程，因为主机绑定存在。

我怎样才能让它一次性完成？

因此，没有证书就无法建立主机绑定，没有主机绑定就无法建立证书，循环二循环。

如果我在证书资源之前指定 HostBinding，然后在具有属性的证书之后再次指定 HostBinding，我会收到“HostName 被指定多次”。

Answer 1

你需要使用模块。

有函数应用程序的示例：https://github.com/Azure/bicep/tree/main/src/Bicep.Core.Samples/Files/user_subscribed/301/function-app-with-custom-domain-driven-certificate

（永久链接）