azure - Azure 中的部署脚本 ARM 模板

我正在使用部署脚本通过 ARM 运行 powershell。它需要具有贡献者角色的用户管理的身份。我已按照以下链接中的步骤操作，但总是给出相同的错误。

https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-script-template?tabs=PowerShell

Invalid value for the identities '/subscriptions/<subID>/resourcegroups/<rgname>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test_manged_identity'. The 'UserAssignedIdentities' property keys should only be empty json objects, null or the resource exisiting property.

我已经使用以下命令提取了principalId和客户端Id。

Get-AzUserAssignedIdentity -ResourceGroupName 'rGname' 下面是模板

<pre>
     {
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "name": {
      "type": "string",
      "defaultValue": "'ds test'"
    },
    "utcValue": {
      "type": "string"
    },
    "subscriptionId": {
      "type": "string",
      "defaultValue": ""
    }
  },
  "resources": [
    {
      "type": "Microsoft.Resources/deploymentScripts",
      "apiVersion": "2019-10-01-preview",
      "identity": {
        "type": "userAssigned",
        "userAssignedIdentities": {
          "/subscriptions/subid/resourcegroups/rGname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test_manged_identity": {
            "ClientId": "value",
            "PrincipalId": "value"
          }
        }
      },
      "kind": "AzurePowerShell", // or "AzureCLI"
      "location": "[resourceGroup().location]",
      "name": "runPowerShellInlineWithOutput",
      "properties": {
        "containerSettings": {
          "containerGroupName": "deployscriptrun"
        },
        "storageAccountSettings": {
          "storageAccountName": "allscriptstorage",
          "storageAccountKey": "key"
        },
        "azPowerShellVersion": "3.0", // or "azCliVersion": "2.0.80"
        "environmentVariables": [
          {
            "name": "someSecret",
            "secureValue": "if this is really a secret, don't put it here... in plain text..."
          }
        ],
        "scriptContent" : "write-host 'hello world'",
        "supportingScriptUris": [],
        //"timeout": "PT30M",
        "cleanupPreference": "OnSuccess",
        "retentionInterval": "P1D"
      }
    }
  ],
  "outputs": {
  }
}

</pre>

与

"userAssignedIdentities": {
    "/subscriptions/subid/resourcegroups/rGname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test_manged_identity": {}
}

I get below error

{
                "code": "DeploymentScriptOperationFailed",
                "message": "The client 'id' with object id 'id' does not have authorization to perform action 'Microsoft.Resources/subscriptions/providers/read' over scope '/subscriptions/id' or the scope is invalid. If access was recently granted, please refresh your credentials."
            }

最佳答案

根据链接的文章，它应该如下所示:

"userAssignedIdentities": {
    "/subscriptions/subid/resourcegroups/rGname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test_manged_identity": {}
}

关于azure - Azure 中的部署脚本 ARM 模板，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/61706739/

azure - Azure 中的部署脚本 ARM 模板

上一篇：angular - azure AD 和图形访问 - Angular 前端和 Laravel php 后端

下一篇：azure - 设置-AzSqlServerActiveDirectoryAdministrator : Cannot find the Azure Active Directory object 'service_principal_name'