azure - 对象参数内的 ARM 模板 keyvault 访问策略

标签 azure powershell azure-rm-template

当我为 azure keyvault 部署 ARM 模板时,我收到此错误消息。

 "error": {
    "code": "BadRequest",
    "message": "An invalid value was provided for 'accessPolicies'."
  }

我的模板:

  {
            "type": "Microsoft.KeyVault/vaults",
            "name": "[parameters('keyVaultName')]",
            "apiVersion": "2016-10-01",
            "location": "[parameters('location')]",
            "properties": {
                "enabledForDeployment": "[parameters('enableVaultForDeployment')]",
                "enabledForDiskEncryption": "[parameters('enableVaultForDiskEncryption')]",
                "enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
                "tenantId": "[parameters('tenantId')]",
                "accessPolicies": [],
                "sku": {
                    "name": "[parameters('skuName')]",
                    "family": "A"
                }
            }
        },
        {
            "type": "Microsoft.KeyVault/vaults/accessPolicies",
            "name": "[concat(parameters('keyVaultName'), '/add')]",
            "apiVersion": "2018-02-14",
            "dependsOn": [
                "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]"
            ],
            "properties": {
                "copy": [
                    {
                        "name": "accessPolicies",
                        "count": "[length(parameters('ObjectPolicies'))]",
                        "input": {
                            "tenantId": "[parameters('ObjectPolicies')[copyIndex('accessPolicies')].tenantId]",
                            "objectId": "[parameters('ObjectPolicies')[copyIndex('accessPolicies')].objectId]",
                            "permissions": {
                                "keys": "[parameters('ObjectPolicies')[copyIndex('accessPolicies')].permissions.keys]",
                                "secrets": "[parameters('ObjectPolicies')[copyIndex('accessPolicies')].permissions.secrets]"
                            }
                        }
                    }
                ]
            }
        }

我的参数文件:

  "ObjectPolicies": {
            "value": [
                {
                    "tenantId": "xxxxx",
                    "objectId": "xxxxx",
                    "permissions": {
                        "keys": [
                            "all"
                        ],
                        "secrets": [
                            "all"
                        ]
                    }
                },

我想在一个对象内创建一个具有多个访问策略的 Keyvault,以便更好地了解我的参数。而不是 objectID1 、 objectId2 、 objectId 3 。 试图从这个好答案中复制答案here 。 看来我的设置与 4c74356b41 相同,但仍然有错误消息。

This SO问题也有相同的错误消息,但他似乎没有为他的问题添加答案。

最佳答案

我认为不支持将“all”作为权限值,至少根据 API 引用,您必须一一列出所有这些内容。

"accessPolicies": [
    {
        "tenantId": "00000000-0000-0000-0000-000000000000",
        "objectId": "00000000-0000-0000-0000-000000000000",
        "permissions": {
            "keys": [
                "encrypt",
                "decrypt",
                "wrapKey",
                "unwrapKey",
                "sign",
                "verify",
                "get",
                "list",
                "create",
                "update",
                "import",
                "delete",
                "backup",
                "restore",
                "recover",
                "purge"
            ],
            "secrets": [
                "get",
                "list",
                "set",
                "delete",
                "backup",
                "restore",
                "recover",
                "purge"
            ],
            "certificates": [
                "get",
                "list",
                "delete",
                "create",
                "import",
                "update",
                "managecontacts",
                "getissuers",
                "listissuers",
                "setissuers",
                "deleteissuers",
                "manageissuers",
                "recover",
                "purge"
            ]
        }
    }
]

阅读:
https://learn.microsoft.com/en-us/rest/api/keyvault/vaults/createorupdate#create_a_new_vault_or_update_an_existing_vault

关于azure - 对象参数内的 ARM 模板 keyvault 访问策略,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55245815/

上一篇:symfony - 学说 2 树扩展 : Closure Table

下一篇:spring - 如何使用 spring 3.0 创建 restful web 服务?

相关文章:

azure - 我们已购买 "AZURE AD PREMIUM P2",但无法使用此订阅

azure - 不使用时停止 SQL Azure DB

powershell - 如何使用 ARM Powershell 为新创建的虚拟机分配网络接口(interface)?

powershell - 有没有办法确定exe是32位还是64位?

azure - 从 ARM 模板部署事件网格订阅时出现 "Resource cannot be updated during provisioning"错误

asp.net - Swagger w/ASP.NET v5 Azure Api 应用程序

PowerShell 术语 'which' 未被识别为 cmdlet 函数脚本文件或可操作程序

azure - 如何解决 "DNS Zone does not have enough labels via PowerShell"错误

powershell - 组合多个 ARM 模板

azure - 发布后如何将 Azure 数据工厂参数获取到 ARM 模板参数文件 (ARMTemplateParametersForFactory.json)

©2024 IT工具网  联系我们