Azure 存储 blob 容器使用 ARM 分配 RBAC
Azure Storage blob container assign RBAC using ARM
我们目前拥有在解决方案中创建存储帐户和容器的 ARM 模板,但我似乎无法设法将 RBAC 访问权限分配给 ARM 模板中的容器。我试过使用
"type": "Microsoft.Storage/storageAccounts/blobServices/containers/providers/roleAssignments",
"apiVersion": "2017-09-01",
"name": "[concat(parameters('storageAccountName'),'/default/filedrop/Microsoft.Authorization/{NEW GUID}')]",
"properties": {
"roleDefinitionId": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"principalId": "[parameters('ServicePrincipalId')]"
}
我得到的错误是"error":{
"code": "BadRequestFormat",
"message": "The request was incorrectly formatted."
}
有人看到我哪里出错了吗?
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers/providers/roleAssignments",
"apiVersion": "2018-01-01-preview",
"name": "[concat(parameters('storageAccountName'), '/default/', parameters('storageContainerName'), '/Microsoft.Authorization/', guid(resourceGroup().id, 'webAppFilesAccess'))]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
"[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', parameters('storageAccountName'), 'default', parameters('storageContainerName'))]",
"[resourceId('Microsoft.Web/sites', parameters('webAppName'))]"
],
"properties": {
"principalId": "[reference(resourceId('Microsoft.Web/sites', parameters('webAppName')), '2016-08-01', 'Full').identity.principalId]",
"roleDefinitionId": "[variables('storageBlobContributorRoleId')]"
}
}
我能看到的主要区别是我有更高的 API 版本 + 我在很多事情上都使用参数。
guid() 函数非常方便,因为您可以给它一些文本,如果文本相同,它每次都会给出相同的 GUID。
我们目前拥有在解决方案中创建存储帐户和容器的 ARM 模板,但我似乎无法设法将 RBAC 访问权限分配给 ARM 模板中的容器。我试过使用
"type": "Microsoft.Storage/storageAccounts/blobServices/containers/providers/roleAssignments",
"apiVersion": "2017-09-01",
"name": "[concat(parameters('storageAccountName'),'/default/filedrop/Microsoft.Authorization/{NEW GUID}')]",
"properties": {
"roleDefinitionId": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"principalId": "[parameters('ServicePrincipalId')]"
}
我得到的错误是"error":{ "code": "BadRequestFormat", "message": "The request was incorrectly formatted." } 有人看到我哪里出错了吗?
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers/providers/roleAssignments",
"apiVersion": "2018-01-01-preview",
"name": "[concat(parameters('storageAccountName'), '/default/', parameters('storageContainerName'), '/Microsoft.Authorization/', guid(resourceGroup().id, 'webAppFilesAccess'))]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
"[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', parameters('storageAccountName'), 'default', parameters('storageContainerName'))]",
"[resourceId('Microsoft.Web/sites', parameters('webAppName'))]"
],
"properties": {
"principalId": "[reference(resourceId('Microsoft.Web/sites', parameters('webAppName')), '2016-08-01', 'Full').identity.principalId]",
"roleDefinitionId": "[variables('storageBlobContributorRoleId')]"
}
}
我能看到的主要区别是我有更高的 API 版本 + 我在很多事情上都使用参数。
guid() 函数非常方便,因为您可以给它一些文本,如果文本相同,它每次都会给出相同的 GUID。