当我为 azure keyvault 部署 ARM 模板时,我收到此错误消息。
"error": {
"code": "BadRequest",
"message": "An invalid value was provided for 'accessPolicies'."
}
我的模板:
{
"type": "Microsoft.KeyVault/vaults",
"name": "[parameters('keyVaultName')]",
"apiVersion": "2016-10-01",
"location": "[parameters('location')]",
"properties": {
"enabledForDeployment": "[parameters('enableVaultForDeployment')]",
"enabledForDiskEncryption": "[parameters('enableVaultForDiskEncryption')]",
"enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
"tenantId": "[parameters('tenantId')]",
"accessPolicies": [],
"sku": {
"name": "[parameters('skuName')]",
"family": "A"
}
}
},
{
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"name": "[concat(parameters('keyVaultName'), '/add')]",
"apiVersion": "2018-02-14",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]"
],
"properties": {
"copy": [
{
"name": "accessPolicies",
"count": "[length(parameters('ObjectPolicies'))]",
"input": {
"tenantId": "[parameters('ObjectPolicies')[copyIndex('accessPolicies')].tenantId]",
"objectId": "[parameters('ObjectPolicies')[copyIndex('accessPolicies')].objectId]",
"permissions": {
"keys": "[parameters('ObjectPolicies')[copyIndex('accessPolicies')].permissions.keys]",
"secrets": "[parameters('ObjectPolicies')[copyIndex('accessPolicies')].permissions.secrets]"
}
}
}
]
}
}
我的参数文件:
"ObjectPolicies": {
"value": [
{
"tenantId": "xxxxx",
"objectId": "xxxxx",
"permissions": {
"keys": [
"all"
],
"secrets": [
"all"
]
}
},
我想在一个对象内创建一个具有多个访问策略的 Keyvault,以便更好地了解我的参数。而不是 objectID1 、 objectId2 、 objectId 3 。 试图从这个好答案中复制答案here 。 看来我的设置与 4c74356b41 相同,但仍然有错误消息。
This SO问题也有相同的错误消息,但他似乎没有为他的问题添加答案。
最佳答案
我认为不支持将“all”作为权限值,至少根据 API 引用,您必须一一列出所有这些内容。
"accessPolicies": [
{
"tenantId": "00000000-0000-0000-0000-000000000000",
"objectId": "00000000-0000-0000-0000-000000000000",
"permissions": {
"keys": [
"encrypt",
"decrypt",
"wrapKey",
"unwrapKey",
"sign",
"verify",
"get",
"list",
"create",
"update",
"import",
"delete",
"backup",
"restore",
"recover",
"purge"
],
"secrets": [
"get",
"list",
"set",
"delete",
"backup",
"restore",
"recover",
"purge"
],
"certificates": [
"get",
"list",
"delete",
"create",
"import",
"update",
"managecontacts",
"getissuers",
"listissuers",
"setissuers",
"deleteissuers",
"manageissuers",
"recover",
"purge"
]
}
}
]
关于azure - 对象参数内的 ARM 模板 keyvault 访问策略,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55245815/