使用 ARM 模板(CI CD)部署逻辑应用程序时出现错误 KeyVaultParameterReference Authorization Failed
Getting Error KeyVaultParameterReferenceAuthorizationFailed, while deploying Logic App using ARM templates(CICD)
我创建的 Key Vault 在另一个资源组中,我正在将逻辑应用程序部署到其他资源组,我在其中将密钥值机密引用为:
> "azureblob_1_accessKey": {
> "reference": {
> "keyVault": {
> "id": "/subscriptions/5a7084cb-3357-4ee0-b28f-a3230de8b337/resourceGroups/test/providers/Microsoft.KeyVault/vaults/KeyVault"
> },
> "secretName": "AppSettings--StorageAccessValue--DEV"
> }
> },
我正在使用 CICD 部署逻辑应用程序,但在发布定义中出现以下错误:
KeyVaultParameterReferenceAuthorizationFailed: The client
'648fa2cc-6cd1-49fa-a11a-ad6a276916cc' with object id
'648fa2cc-6cd1-49fa-a11a-ad6a276916cc' does not have permission to
perform action 'MICROSOFT.KEYVAULT/VAULTS/DEPLOY/ACTION' on the
specified KeyVault resource
'/subscriptions/5a7084cb-3357-4ee0-b28f-a3230de8b337/resourceGroups/test/providers/Microsoft.KeyVault/vaults/KeyVault'.
Please see https://aka.ms/arm-keyvault for usage details. undefined
**
如何查找与错误ID相关的资源?
**
根据错误,用户没有Microsoft.KeyVault/vaults/deploy/action权限。
如果在模板部署中引用了密钥保管库,您应该注意:
1。请确保enabledForTemplateDeployment为true,您可以在门户中查看,请参考屏幕截图。
2。确保部署模板的用户必须对包含 Key Vault(包括资源组和 Key Vault)的范围具有 Microsoft.KeyVault/vaults/deploy/action 权限。 Owner 和 Contributor 角色都授予此访问权限。
要添加权限,您可以使用 role-based access control (RBAC) to do it, navigate to the Access control (IAM) in the portal -> Add , select a role of Owner or Contributor. Besides, you can also create a role with the minimum permssion, and assign the user, refer to this link。
详情请参考:Use Azure Key Vault to pass secure parameter value during deployment.
我创建的 Key Vault 在另一个资源组中,我正在将逻辑应用程序部署到其他资源组,我在其中将密钥值机密引用为:
> "azureblob_1_accessKey": {
> "reference": {
> "keyVault": {
> "id": "/subscriptions/5a7084cb-3357-4ee0-b28f-a3230de8b337/resourceGroups/test/providers/Microsoft.KeyVault/vaults/KeyVault"
> },
> "secretName": "AppSettings--StorageAccessValue--DEV"
> }
> },
我正在使用 CICD 部署逻辑应用程序,但在发布定义中出现以下错误:
KeyVaultParameterReferenceAuthorizationFailed: The client '648fa2cc-6cd1-49fa-a11a-ad6a276916cc' with object id '648fa2cc-6cd1-49fa-a11a-ad6a276916cc' does not have permission to perform action 'MICROSOFT.KEYVAULT/VAULTS/DEPLOY/ACTION' on the specified KeyVault resource '/subscriptions/5a7084cb-3357-4ee0-b28f-a3230de8b337/resourceGroups/test/providers/Microsoft.KeyVault/vaults/KeyVault'. Please see https://aka.ms/arm-keyvault for usage details. undefined
**
如何查找与错误ID相关的资源?
**
根据错误,用户没有Microsoft.KeyVault/vaults/deploy/action权限。
如果在模板部署中引用了密钥保管库,您应该注意:
1。请确保enabledForTemplateDeployment为true,您可以在门户中查看,请参考屏幕截图。
2。确保部署模板的用户必须对包含 Key Vault(包括资源组和 Key Vault)的范围具有 Microsoft.KeyVault/vaults/deploy/action 权限。 Owner 和 Contributor 角色都授予此访问权限。
要添加权限,您可以使用 role-based access control (RBAC) to do it, navigate to the Access control (IAM) in the portal -> Add , select a role of Owner or Contributor. Besides, you can also create a role with the minimum permssion, and assign the user, refer to this link。
详情请参考:Use Azure Key Vault to pass secure parameter value during deployment.