我有两个 AAD 应用程序(服务主体),想要使用arm模板将RBAC添加到这两个应用程序。
我尝试使用下面的arm模板进行部署。
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers/providers/roleAssignments",
"apiVersion": "2018-09-01-preview",
"name": "[concat(parameters('StorageAccountName'), '/default/',parameters('ContainerName'), '/Microsoft.Authorization/', parameters('roleNameGuid'))]",
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]",
"principalId": "[parameters('principalId')]"
}
},
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers/providers/roleAssignments",
"apiVersion": "2018-09-01-preview",
"name": "[concat(parameters('StorageAccountName'), '/default/',parameters('ContainerName'), '/Microsoft.Authorization/', parameters('roleNameGuid'))]",
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]",
"principalId": "[parameters('principalId2')]"
}
}
当我使用此arm模板进行部署时,出现以下错误。
Deployment template validation failed: 'The resource 'Microsoft.Storage/storageAccounts/MystorageAccounts/blobServices/default/containers/test/providers/Microsoft.Authorization/roleAssignments/aacd4b89-a70f-4be9-a0ba-6b8698dd7129' at line '52' and column '9' is defined multiple times in a template. Please see https://aka.ms/arm-template/#resources for usage details.'. (Code: InvalidTemplate)
最佳答案
您需要为资源中的 name 选项使用不同的名称。例如,您可以在名称末尾附加数字以区分差异。
关于azure - 如何使用azure中的arm模板将RBAC分配给多个用户,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57752021/