Azure 中的部署脚本 ARM 模板
Deployment Script ARM template in Azure
我正在将部署脚本用于 运行 带有 ARM 的 powershell。它需要具有贡献者角色的用户管理身份。我已按照下面的步骤进行操作 link,但它总是给出相同的错误。
Invalid value for the identities '/subscriptions/<subID>/resourcegroups/<rgname>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test_manged_identity'. The 'UserAssignedIdentities' property keys should only be empty json objects, null or the resource exisiting property.
我已经使用以下命令提取了 principalId 和客户端 Id。
Get-AzUserAssignedIdentity -ResourceGroupName 'rGname'
下面是模板
<pre>
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string",
"defaultValue": "'ds test'"
},
"utcValue": {
"type": "string"
},
"subscriptionId": {
"type": "string",
"defaultValue": ""
}
},
"resources": [
{
"type": "Microsoft.Resources/deploymentScripts",
"apiVersion": "2019-10-01-preview",
"identity": {
"type": "userAssigned",
"userAssignedIdentities": {
"/subscriptions/subid/resourcegroups/rGname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test_manged_identity": {
"ClientId": "value",
"PrincipalId": "value"
}
}
},
"kind": "AzurePowerShell", // or "AzureCLI"
"location": "[resourceGroup().location]",
"name": "runPowerShellInlineWithOutput",
"properties": {
"containerSettings": {
"containerGroupName": "deployscriptrun"
},
"storageAccountSettings": {
"storageAccountName": "allscriptstorage",
"storageAccountKey": "key"
},
"azPowerShellVersion": "3.0", // or "azCliVersion": "2.0.80"
"environmentVariables": [
{
"name": "someSecret",
"secureValue": "if this is really a secret, don't put it here... in plain text..."
}
],
"scriptContent" : "write-host 'hello world'",
"supportingScriptUris": [],
//"timeout": "PT30M",
"cleanupPreference": "OnSuccess",
"retentionInterval": "P1D"
}
}
],
"outputs": {
}
}
</pre>
有
"userAssignedIdentities": {
"/subscriptions/subid/resourcegroups/rGname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test_manged_identity": {}
}
我遇到以下错误
{
"code": "DeploymentScriptOperationFailed",
"message": "The client 'id' with object id 'id' does not have authorization to perform action 'Microsoft.Resources/subscriptions/providers/read' over scope '/subscriptions/id' or the scope is invalid. If access was recently granted, please refresh your credentials."
}
根据链接的文章,它应该是这样的:
"userAssignedIdentities": {
"/subscriptions/subid/resourcegroups/rGname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test_manged_identity": {}
}
我正在将部署脚本用于 运行 带有 ARM 的 powershell。它需要具有贡献者角色的用户管理身份。我已按照下面的步骤进行操作 link,但它总是给出相同的错误。
Invalid value for the identities '/subscriptions/<subID>/resourcegroups/<rgname>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test_manged_identity'. The 'UserAssignedIdentities' property keys should only be empty json objects, null or the resource exisiting property.
我已经使用以下命令提取了 principalId 和客户端 Id。
Get-AzUserAssignedIdentity -ResourceGroupName 'rGname' 下面是模板
<pre>
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string",
"defaultValue": "'ds test'"
},
"utcValue": {
"type": "string"
},
"subscriptionId": {
"type": "string",
"defaultValue": ""
}
},
"resources": [
{
"type": "Microsoft.Resources/deploymentScripts",
"apiVersion": "2019-10-01-preview",
"identity": {
"type": "userAssigned",
"userAssignedIdentities": {
"/subscriptions/subid/resourcegroups/rGname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test_manged_identity": {
"ClientId": "value",
"PrincipalId": "value"
}
}
},
"kind": "AzurePowerShell", // or "AzureCLI"
"location": "[resourceGroup().location]",
"name": "runPowerShellInlineWithOutput",
"properties": {
"containerSettings": {
"containerGroupName": "deployscriptrun"
},
"storageAccountSettings": {
"storageAccountName": "allscriptstorage",
"storageAccountKey": "key"
},
"azPowerShellVersion": "3.0", // or "azCliVersion": "2.0.80"
"environmentVariables": [
{
"name": "someSecret",
"secureValue": "if this is really a secret, don't put it here... in plain text..."
}
],
"scriptContent" : "write-host 'hello world'",
"supportingScriptUris": [],
//"timeout": "PT30M",
"cleanupPreference": "OnSuccess",
"retentionInterval": "P1D"
}
}
],
"outputs": {
}
}
</pre>
有
"userAssignedIdentities": {
"/subscriptions/subid/resourcegroups/rGname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test_manged_identity": {}
}
我遇到以下错误
{
"code": "DeploymentScriptOperationFailed",
"message": "The client 'id' with object id 'id' does not have authorization to perform action 'Microsoft.Resources/subscriptions/providers/read' over scope '/subscriptions/id' or the scope is invalid. If access was recently granted, please refresh your credentials."
}
根据链接的文章,它应该是这样的:
"userAssignedIdentities": {
"/subscriptions/subid/resourcegroups/rGname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test_manged_identity": {}
}