如何在 azure 中使用 arm 模板将 RBAC 分配给多个用户
How to assign RBAC to multiple user using arm template in azure
我有两个 AAD 应用程序(服务主体),想使用 arm 模板将 RBAC 添加到这两个应用程序。
我尝试使用下面的 arm 模板进行部署。
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers/providers/roleAssignments",
"apiVersion": "2018-09-01-preview",
"name": "[concat(parameters('StorageAccountName'), '/default/',parameters('ContainerName'), '/Microsoft.Authorization/', parameters('roleNameGuid'))]",
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]",
"principalId": "[parameters('principalId')]"
}
},
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers/providers/roleAssignments",
"apiVersion": "2018-09-01-preview",
"name": "[concat(parameters('StorageAccountName'), '/default/',parameters('ContainerName'), '/Microsoft.Authorization/', parameters('roleNameGuid'))]",
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]",
"principalId": "[parameters('principalId2')]"
}
}
当我使用此 arm 模板进行部署时,出现以下错误。
Deployment template validation failed: 'The resource 'Microsoft.Storage/storageAccounts/MystorageAccounts/blobServices/default/containers/test/providers/Microsoft.Authorization/roleAssignments/aacd4b89-a70f-4be9-a0ba-6b8698dd7129' at line '52' and column '9' is defined multiple times in a template. Please see https://aka.ms/arm-template/#resources for usage details.'. (Code: InvalidTemplate)
您需要为资源中的 name 选项使用不同的名称。比如可以在名字的末尾加一个数字来区分。
这不是也可以工作吗,并带走 guid 的硬编码值?:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-functions-string#guid
是的,它需要一些输入来计算不同的 GUID,但您可以使用 属性 迭代来更改它:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-multiple#property-iteration
我有两个 AAD 应用程序(服务主体),想使用 arm 模板将 RBAC 添加到这两个应用程序。
我尝试使用下面的 arm 模板进行部署。
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers/providers/roleAssignments",
"apiVersion": "2018-09-01-preview",
"name": "[concat(parameters('StorageAccountName'), '/default/',parameters('ContainerName'), '/Microsoft.Authorization/', parameters('roleNameGuid'))]",
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]",
"principalId": "[parameters('principalId')]"
}
},
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers/providers/roleAssignments",
"apiVersion": "2018-09-01-preview",
"name": "[concat(parameters('StorageAccountName'), '/default/',parameters('ContainerName'), '/Microsoft.Authorization/', parameters('roleNameGuid'))]",
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]",
"principalId": "[parameters('principalId2')]"
}
}
当我使用此 arm 模板进行部署时,出现以下错误。
Deployment template validation failed: 'The resource 'Microsoft.Storage/storageAccounts/MystorageAccounts/blobServices/default/containers/test/providers/Microsoft.Authorization/roleAssignments/aacd4b89-a70f-4be9-a0ba-6b8698dd7129' at line '52' and column '9' is defined multiple times in a template. Please see https://aka.ms/arm-template/#resources for usage details.'. (Code: InvalidTemplate)
您需要为资源中的 name 选项使用不同的名称。比如可以在名字的末尾加一个数字来区分。
这不是也可以工作吗,并带走 guid 的硬编码值?: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-functions-string#guid
是的,它需要一些输入来计算不同的 GUID,但您可以使用 属性 迭代来更改它: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-multiple#property-iteration