我正在使用 bicep 部署 azure data Lake gen2 存储帐户。
我想在带有二头肌的容器上分配角色(组)(参见下面的代码)。但我不断收到错误。有人能帮我吗 ?
targetScope = 'resourceGroup'
param location string =resourceGroup().location
param storageAccountName string
resource stg 'Microsoft.Storage/storageAccounts@2021-04-01' = {
name: storageAccountName
location: location
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
properties: {
isHnsEnabled: true
}
}
resource bs 'Microsoft.Storage/storageAccounts/blobServices@2021-08-01' = {
name: 'default'
parent: stg
}
resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-08-01' = {
name: 'help'
parent: bs
}
resource rbac 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = {
name: guid(container.id,'xxx')
scope: container
properties: {
principalId: 'xxx'
principalType: 'Group'
roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1'
}
}
Error:
{"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"{\r\n \"error\": {\r\n \"code\": \"BadRequestFormat\",\r\n \"message\": \"The request was incorrectly formatted.\"\r\n }\r\n}"}]}}
根据document https://learn.microsoft.com/en-us/azure/templates/microsoft.authorization/roleassignments?tabs=bicep您应该添加一个条件,但这也不起作用。
condition: '@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \'help\''
The roleDefinitionIdproperty 是角色的资源标识符。它也是订阅级资源,因此您可以在二头肌文件中定义它,如下所示:
roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1')
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
