错误部署失败:资源身份 属性 上的 PrincipalId“***”对于 'SystemAssigned' 身份类型必须为 null 或为空
Error Deployment failed: PrincipalId "***" on the resource's Identity property must be null or empty for 'SystemAssigned' identity type
我有以下 LogicApp.json 文件,我想使用 YAML 管道将其从 DevOps Git 转移到 Azure,请参见下方。
但是我得到了错误:
The principalId "***" on the resource's Identity property must be null or empty for 'SystemAssigned' identity type
我试过设置
principalId: null
principalId: ""
principalId: 0
但我不断收到同样的错误。是否有任何解决方法可以让我保留 'SystemAssigned' 身份类型?或者我做错了什么?
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-
01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workflows_name": {
"defaultValue": "dev-name1",
"type": "String"
},
"connections_keyvault_2_externalid": {
"defaultValue": "/subscriptions/****/resourceGroups/dev-rg/providers/Microsoft.Web/connections/keyvault-2",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2017-07-01",
"name": "[parameters('workflows_name')]",
"location": "europe",
"tags": {
"costCenter": "KF263",
"responsible": "ivv@me.com"
},
"identity": {
"principalId": "null",
"tenantId": "****",
"type": "SystemAssigned"
},
"properties": {
"state": "Enabled",
"definition": {
"$schema":
"https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"manual": {
"type": "Request",
"kind": "Http",
"inputs": {
"schema": {}
}
}
},
"actions": {
"Get_secret": {
"runAfter": {},
"type": "ApiConnection",
"inputs": {
"host": {
"connection": {
"name": "@parameters('$connections')['keyvault_1']['connectionId']"
}
},
"method": "get",
"path": "/secrets/@{encodeURIComponent('quality-control-dev')}/value"
}
},
"HTTP": {
"runAfter": {
"Get_secret": [
"Succeeded"
]
},
"type": "Http",
"inputs": {
"authentication": {
"audience": "https://*.asazure.windows.net",
"clientId": "****",
"secret": "@body('Get_secret')?['value']",
"tenant": "****",
"type": "ActiveDirectoryOAuth"
},
"body": {
"CommitMode": "transactional",
"MaxParallelism": 2,
"RetryCount": 2,
"Type": "Full"
},
"headers": {
"Content Type": "application/json"
},
"method": "POST",
"uri": "****"
}
}
},
"outputs": {}
},
"parameters": {
"$connections": {
"value": {
"keyvault_1": {
"connectionId": "[parameters('connections_keyvault_2_externalid')]",
"connectionName": "keyvault-2",
"connectionProperties": {
"authentication": {
"type": "ManagedServiceIdentity"
}
},
"id":"/subscriptions/****/providers/Microsoft.Web/locations/westeurope/managedApis/keyvault"
}
}
}
}
}
}
]
}
--------------------------------------------------------------------------------
Pipeline
--------------------------------------------------------------------------------
# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml
trigger:
- develop
pool:
vmImage: windows-latest
steps:
- task: VSBuild@1
inputs:
solution: '**\*.sln'
- task: PublishBuildArtifacts@1
inputs:
PathtoPublish: '$(Build.ArtifactStagingDirectory)'
ArtifactName: 'drop'
publishLocation: 'Container'
- task: AzureResourceManagerTemplateDeployment@3
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: 'azure-devops (****)'
subscriptionId: '****'
action: 'Create Or Update Resource Group'
resourceGroupName: 'logicapp-devops-dev'
location: 'North Europe'
templateLocation: 'Linked artifact'
csmFile: '$(Build.ArtifactStagingDirectory)\**\LogicApp.json'
csmParametersFile: '$(Build.ArtifactStagingDirectory)\**\LogicApp.parameters.json'
deploymentMode: 'Incremental'
尝试删除该行。 “tenantId”行也可以删除。
更新。本文介绍:Enable system-assigned identity in an ARM template
如 10p 所示,您需要删除 tenantId- 和 principalId-properties。
当指定类型为 SystemAssigned 时,principalId 将在创建逻辑应用程序时自动分配。稍后重新部署逻辑应用程序时,仍将分配相同的 ID,因为 Azure 资源(逻辑应用程序本身)保持不变并且已在您的租户中注册。
我有以下 LogicApp.json 文件,我想使用 YAML 管道将其从 DevOps Git 转移到 Azure,请参见下方。
但是我得到了错误:
The principalId "***" on the resource's Identity property must be null or empty for 'SystemAssigned' identity type
我试过设置
principalId: null
principalId: ""
principalId: 0
但我不断收到同样的错误。是否有任何解决方法可以让我保留 'SystemAssigned' 身份类型?或者我做错了什么?
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-
01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workflows_name": {
"defaultValue": "dev-name1",
"type": "String"
},
"connections_keyvault_2_externalid": {
"defaultValue": "/subscriptions/****/resourceGroups/dev-rg/providers/Microsoft.Web/connections/keyvault-2",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2017-07-01",
"name": "[parameters('workflows_name')]",
"location": "europe",
"tags": {
"costCenter": "KF263",
"responsible": "ivv@me.com"
},
"identity": {
"principalId": "null",
"tenantId": "****",
"type": "SystemAssigned"
},
"properties": {
"state": "Enabled",
"definition": {
"$schema":
"https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"manual": {
"type": "Request",
"kind": "Http",
"inputs": {
"schema": {}
}
}
},
"actions": {
"Get_secret": {
"runAfter": {},
"type": "ApiConnection",
"inputs": {
"host": {
"connection": {
"name": "@parameters('$connections')['keyvault_1']['connectionId']"
}
},
"method": "get",
"path": "/secrets/@{encodeURIComponent('quality-control-dev')}/value"
}
},
"HTTP": {
"runAfter": {
"Get_secret": [
"Succeeded"
]
},
"type": "Http",
"inputs": {
"authentication": {
"audience": "https://*.asazure.windows.net",
"clientId": "****",
"secret": "@body('Get_secret')?['value']",
"tenant": "****",
"type": "ActiveDirectoryOAuth"
},
"body": {
"CommitMode": "transactional",
"MaxParallelism": 2,
"RetryCount": 2,
"Type": "Full"
},
"headers": {
"Content Type": "application/json"
},
"method": "POST",
"uri": "****"
}
}
},
"outputs": {}
},
"parameters": {
"$connections": {
"value": {
"keyvault_1": {
"connectionId": "[parameters('connections_keyvault_2_externalid')]",
"connectionName": "keyvault-2",
"connectionProperties": {
"authentication": {
"type": "ManagedServiceIdentity"
}
},
"id":"/subscriptions/****/providers/Microsoft.Web/locations/westeurope/managedApis/keyvault"
}
}
}
}
}
}
]
}
--------------------------------------------------------------------------------
Pipeline
--------------------------------------------------------------------------------
# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml
trigger:
- develop
pool:
vmImage: windows-latest
steps:
- task: VSBuild@1
inputs:
solution: '**\*.sln'
- task: PublishBuildArtifacts@1
inputs:
PathtoPublish: '$(Build.ArtifactStagingDirectory)'
ArtifactName: 'drop'
publishLocation: 'Container'
- task: AzureResourceManagerTemplateDeployment@3
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: 'azure-devops (****)'
subscriptionId: '****'
action: 'Create Or Update Resource Group'
resourceGroupName: 'logicapp-devops-dev'
location: 'North Europe'
templateLocation: 'Linked artifact'
csmFile: '$(Build.ArtifactStagingDirectory)\**\LogicApp.json'
csmParametersFile: '$(Build.ArtifactStagingDirectory)\**\LogicApp.parameters.json'
deploymentMode: 'Incremental'
尝试删除该行。 “tenantId”行也可以删除。
更新。本文介绍:Enable system-assigned identity in an ARM template
如 10p 所示,您需要删除 tenantId- 和 principalId-properties。
当指定类型为 SystemAssigned 时,principalId 将在创建逻辑应用程序时自动分配。稍后重新部署逻辑应用程序时,仍将分配相同的 ID,因为 Azure 资源(逻辑应用程序本身)保持不变并且已在您的租户中注册。