Azure ARM:deploymentScripts 和第一方应用程序身份错误
Azure ARM: deploymentScripts and first-party app identity error
我尝试执行当前的 ARM 模板来激活存储静态网站功能:
{
"type": "Microsoft.Resources/deploymentScripts",
"apiVersion": "2019-10-01-preview",
"name": "[variables('scriptName')]",
"location": "[variables('regionName')]",
// "kind": "AzurePowerShell",
"kind": "AzureCLI",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storage'))]"
],
"identity": {
"type": "userAssigned",
"userAssignedIdentities": {
"/subscriptions/<MySubscription>/resourcegroups/<MyResourceGroup>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<MyIdentityID>": {}
}
},
"properties": {
"forceUpdateTag": "[parameters('utcNow')]",
"storageAccountSettings": {
"storageAccountName": "[variables('storage')]",
"storageAccountKey": "[listKeys(variables('storage'), '2019-04-01').keys[0].value]"
},
// "azPowerShellVersion": "3.0",
"azCliVersion": "2.5.0",
"scriptContent": "[concat('az storage blob service-properties update --account-name ', variables('storage'), ' --static-website --index-document index.html')]",
"timeout": "PT2M",
"cleanupPreference": "OnSuccess",
"retentionInterval": "PT1H"
}
},
为此,我创建了一个新的托管身份,并为我的资源组影响了此身份的 贡献者 角色。但是在创建 deploymentScripts 资源的过程中,它长时间处于 'Deploying' 模式,然后失败并出现此错误:
Exceeded maximum wait time of '00:05:00'. Message: 'First-party app identity has not become effective yet.'. (Code: DeploymentScriptOperationFailed)
我按照 this guide 获取身份 ID,所以我很确定 userAssignedIdentities 是正确的。
在与 Microsoft 的软件工程师讨论后,我似乎必须等待托管标识复制到 Azure 内部的多个服务器,以便我的脚本可以找到正确执行的标识。
我手动创建了托管身份,等了 1 天后脚本 运行 正常。
我尝试执行当前的 ARM 模板来激活存储静态网站功能:
{
"type": "Microsoft.Resources/deploymentScripts",
"apiVersion": "2019-10-01-preview",
"name": "[variables('scriptName')]",
"location": "[variables('regionName')]",
// "kind": "AzurePowerShell",
"kind": "AzureCLI",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storage'))]"
],
"identity": {
"type": "userAssigned",
"userAssignedIdentities": {
"/subscriptions/<MySubscription>/resourcegroups/<MyResourceGroup>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<MyIdentityID>": {}
}
},
"properties": {
"forceUpdateTag": "[parameters('utcNow')]",
"storageAccountSettings": {
"storageAccountName": "[variables('storage')]",
"storageAccountKey": "[listKeys(variables('storage'), '2019-04-01').keys[0].value]"
},
// "azPowerShellVersion": "3.0",
"azCliVersion": "2.5.0",
"scriptContent": "[concat('az storage blob service-properties update --account-name ', variables('storage'), ' --static-website --index-document index.html')]",
"timeout": "PT2M",
"cleanupPreference": "OnSuccess",
"retentionInterval": "PT1H"
}
},
为此,我创建了一个新的托管身份,并为我的资源组影响了此身份的 贡献者 角色。但是在创建 deploymentScripts 资源的过程中,它长时间处于 'Deploying' 模式,然后失败并出现此错误:
Exceeded maximum wait time of '00:05:00'. Message: 'First-party app identity has not become effective yet.'. (Code: DeploymentScriptOperationFailed)
我按照 this guide 获取身份 ID,所以我很确定 userAssignedIdentities 是正确的。
在与 Microsoft 的软件工程师讨论后,我似乎必须等待托管标识复制到 Azure 内部的多个服务器,以便我的脚本可以找到正确执行的标识。
我手动创建了托管身份,等了 1 天后脚本 运行 正常。