Azure 中的部署脚本 ARM 模板

Deployment Script ARM template in Azure

我正在将部署脚本用于 运行 带有 ARM 的 powershell。它需要具有贡献者角色的用户管理身份。我已按照下面的步骤进行操作 link,但它总是给出相同的错误。

https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-script-template?tabs=PowerShell

Invalid value for the identities '/subscriptions/<subID>/resourcegroups/<rgname>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test_manged_identity'. The 'UserAssignedIdentities' property keys should only be empty json objects, null or the resource exisiting property.

我已经使用以下命令提取了 principalId 和客户端 Id。

Get-AzUserAssignedIdentity -ResourceGroupName 'rGname' 下面是模板

<pre>
     {
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "name": {
      "type": "string",
      "defaultValue": "'ds test'"
    },
    "utcValue": {
      "type": "string"
    },
    "subscriptionId": {
      "type": "string",
      "defaultValue": ""
    }
  },
  "resources": [
    {
      "type": "Microsoft.Resources/deploymentScripts",
      "apiVersion": "2019-10-01-preview",
      "identity": {
        "type": "userAssigned",
        "userAssignedIdentities": {
          "/subscriptions/subid/resourcegroups/rGname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test_manged_identity": {
            "ClientId": "value",
            "PrincipalId": "value"
          }
        }
      },
      "kind": "AzurePowerShell", // or "AzureCLI"
      "location": "[resourceGroup().location]",
      "name": "runPowerShellInlineWithOutput",
      "properties": {
        "containerSettings": {
          "containerGroupName": "deployscriptrun"
        },
        "storageAccountSettings": {
          "storageAccountName": "allscriptstorage",
          "storageAccountKey": "key"
        },
        "azPowerShellVersion": "3.0", // or "azCliVersion": "2.0.80"
        "environmentVariables": [
          {
            "name": "someSecret",
            "secureValue": "if this is really a secret, don't put it here... in plain text..."
          }
        ],
        "scriptContent" : "write-host 'hello world'",
        "supportingScriptUris": [],
        //"timeout": "PT30M",
        "cleanupPreference": "OnSuccess",
        "retentionInterval": "P1D"
      }
    }
  ],
  "outputs": {
  }
}

</pre>

"userAssignedIdentities": {
    "/subscriptions/subid/resourcegroups/rGname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test_manged_identity": {}
} 

我遇到以下错误

{
                "code": "DeploymentScriptOperationFailed",
                "message": "The client 'id' with object id 'id' does not have authorization to perform action 'Microsoft.Resources/subscriptions/providers/read' over scope '/subscriptions/id' or the scope is invalid. If access was recently granted, please refresh your credentials."
            }

根据链接的文章,它应该是这样的:

"userAssignedIdentities": {
    "/subscriptions/subid/resourcegroups/rGname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test_manged_identity": {}
}