通过自定义角色密钥库的 ARM 模板进行蓝图部署
Blue Print Deployment through ARM Template for Custom Role Key Vault
我们正在使用蓝图使用 ARM 模板为 Key Vault 部署自定义角色。
当我们尝试将 ARM 模板上传到蓝图并发布并分配时。
部署最终失败并显示以下错误消息 -
错误信息:-
1.Message: 部署模板验证失败:'模板资源,在'1'行和'2008'列的段长度不正确。嵌套资源类型的段数必须与其资源名称相同。根资源类型的段长度必须比其资源名称大一。"
由于以下错误,2.The 类型 'Template' 的工件 'f87238e1-28d5-45fa-8ad9-176d07e79a81' 部署失败:模板部署失败,出现错误 [ { "code": "LocationRequired", "message" :“此定义需要位置 属性。” } ]
有人请你更正这个问题,可能有什么问题。
如果您需要代码,请告诉我。
参考代码-
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2019-09-01",
"name": "Key Vault resource manager template deployment operator",
"properties": {
"Name": "Reader for KeyVault",
"location": "West US",
"IsCustom": true,
"Description": "Allows only reader access to KeyVault.",
"Actions": [
"Microsoft.KeyVault/vaults/*/read" ],
"NotActions": [],
"DataActions": [],
"NotDataActions": [],
"AssignableScopes": [
"/subscriptions/000000/resourceGroups/RG-SK"
]
}
}
]
}`
您提供的“自定义角色”定义不正确。要创建 Microsoft.Authorization/roleDefinitions 资源,请遵循此 documentation。
用于创建自定义角色的示例 ARM 模板,您可以根据自己的自定义角色进行更改:
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"actions": {
"type": "array",
"defaultValue": [
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"metadata": {
"description": "Array of actions for the roleDefinition"
}
},
"notActions": {
"type": "array",
"defaultValue": [ ],
"metadata": {
"description": "Array of notActions for the roleDefinition"
}
},
"roleName": {
"type": "string",
"defaultValue": "Custom Role - RG Reader",
"metadata": {
"description": "Friendly name of the role definition"
}
},
"roleDescription": {
"type": "string",
"defaultValue": "Subscription Level Deployment of a Role Definition",
"metadata": {
"description": "Detailed description of the role definition"
}
}
},
"variables":{
"roleDefName": "[guid(subscription().id, string(parameters('actions')), string(parameters('notActions')))]"
},
"resources": [
{
"type": "Microsoft.Authorization/roleDefinitions",
"apiVersion": "2018-07-01",
"name": "[variables('roleDefName')]",
"properties": {
"roleName": "[parameters('roleName')]",
"description": "[parameters('roleDescription')]",
"type": "customRole",
"isCustom": true,
"permissions": [
{
"actions": "[parameters('actions')]",
"notActions": "[parameters('notActions')]"
}
],
"assignableScopes": [
"[subscription().id]"
]
}
}
]
}
更多详情请参考此documentation。
我们正在使用蓝图使用 ARM 模板为 Key Vault 部署自定义角色。 当我们尝试将 ARM 模板上传到蓝图并发布并分配时。 部署最终失败并显示以下错误消息 -
错误信息:- 1.Message: 部署模板验证失败:'模板资源,在'1'行和'2008'列的段长度不正确。嵌套资源类型的段数必须与其资源名称相同。根资源类型的段长度必须比其资源名称大一。"
由于以下错误,2.The 类型 'Template' 的工件 'f87238e1-28d5-45fa-8ad9-176d07e79a81' 部署失败:模板部署失败,出现错误 [ { "code": "LocationRequired", "message" :“此定义需要位置 属性。” } ]
有人请你更正这个问题,可能有什么问题。
如果您需要代码,请告诉我。
参考代码-
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2019-09-01",
"name": "Key Vault resource manager template deployment operator",
"properties": {
"Name": "Reader for KeyVault",
"location": "West US",
"IsCustom": true,
"Description": "Allows only reader access to KeyVault.",
"Actions": [
"Microsoft.KeyVault/vaults/*/read" ],
"NotActions": [],
"DataActions": [],
"NotDataActions": [],
"AssignableScopes": [
"/subscriptions/000000/resourceGroups/RG-SK"
]
}
}
]
}`
您提供的“自定义角色”定义不正确。要创建 Microsoft.Authorization/roleDefinitions 资源,请遵循此 documentation。
用于创建自定义角色的示例 ARM 模板,您可以根据自己的自定义角色进行更改:
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"actions": {
"type": "array",
"defaultValue": [
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"metadata": {
"description": "Array of actions for the roleDefinition"
}
},
"notActions": {
"type": "array",
"defaultValue": [ ],
"metadata": {
"description": "Array of notActions for the roleDefinition"
}
},
"roleName": {
"type": "string",
"defaultValue": "Custom Role - RG Reader",
"metadata": {
"description": "Friendly name of the role definition"
}
},
"roleDescription": {
"type": "string",
"defaultValue": "Subscription Level Deployment of a Role Definition",
"metadata": {
"description": "Detailed description of the role definition"
}
}
},
"variables":{
"roleDefName": "[guid(subscription().id, string(parameters('actions')), string(parameters('notActions')))]"
},
"resources": [
{
"type": "Microsoft.Authorization/roleDefinitions",
"apiVersion": "2018-07-01",
"name": "[variables('roleDefName')]",
"properties": {
"roleName": "[parameters('roleName')]",
"description": "[parameters('roleDescription')]",
"type": "customRole",
"isCustom": true,
"permissions": [
{
"actions": "[parameters('actions')]",
"notActions": "[parameters('notActions')]"
}
],
"assignableScopes": [
"[subscription().id]"
]
}
}
]
}
更多详情请参考此documentation。