Bicep 中 azure 资源组的角色分配

roleassignment to azure resourcegroup in Bicep

我正在尝试创建一个资源组并使用一个二头肌模板为其分配贡献者权限。这失败并显示错误消息“嵌套资源类型必须具有与其资源名称相同的段数”

我的二头肌档案:

targetScope = 'subscription'

param resourceGroupName string
param resourceGroupLocation string
param contributorsGroupID string

resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
  location: resourceGroupLocation
  name: resourceGroupName
}

//assign contributor role to the created AAD group

resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
  name: rg.id
  properties: {
    roleDefinitionId: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
    principalId: contributorsGroupID
    principalType: 'Group'
  }
}

我不明白要在角色分配部分填写什么名称才能使这项工作正常进行。

您需要为 roleassigmentName 传递 GUID 并为 roleID 传递 Var,如在二头肌脚本下方创建一个资源组并分配一个贡献者访问它。

targetScope = 'subscription'

@description('Name of the resourceGroup to create')
param resourceGroupName string = '<resourcegroupname>'

@description('Location for the resourceGroup')
param resourceGroupLocation string = '<resourcelocation>'

@description('principalId of the user that will be given contributor access to the resourceGroup')
param principalId string = '<userObjectId>'

@description('roleDefinition to apply to the resourceGroup - default is contributor')
param roleDefinitionId string = 'b24988ac-6180-42a0-ab88-20f7382dd24c'

@description('Unique name for the roleAssignment in the format of a guid')
param roleAssignmentName string = guid(principalId, roleDefinitionId, resourceGroupName)

var roleID = '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/${roleDefinitionId}'

resource newResourceGroup 'Microsoft.Resources/resourceGroups@2019-10-01' = {
name: resourceGroupName
location: resourceGroupLocation
properties: {}
}

resource roleNameGuid_resource 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: roleAssignmentName
properties: {
roleDefinitionId: roleID
principalId: principalId
}
}