gpt4 book ai didi

azure - 使用 Bicep 在 Azure Blob 存储容器上添加 RBAC 角色

转载 作者:行者123 更新时间:2023-12-02 23:23:06 31 4
gpt4 key购买 nike

我正在使用 bicep 部署 azure datalake gen 2 存储帐户。我想在带有二头肌的容器上分配角色(组)(参见下面的代码)。但我不断收到错误。有人可以帮助我吗?


targetScope = 'resourceGroup'

param location string =resourceGroup().location
param storageAccountName string

resource stg 'Microsoft.Storage/storageAccounts@2021-04-01' = {
name: storageAccountName
location: location
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
properties: {
isHnsEnabled: true
}
}

resource bs 'Microsoft.Storage/storageAccounts/blobServices@2021-08-01' = {
name: 'default'
parent: stg
}


resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-08-01' = {
name: 'help'
parent: bs
}

resource rbac 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = {
name: guid(container.id,'xxx')
scope: container
properties: {
principalId: 'xxx'
principalType: 'Group'
roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1'
}
}

错误:

{"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"{\r\n  \"error\": {\r\n    \"code\": \"BadRequestFormat\",\r\n    \"message\": \"The request was incorrectly formatted.\"\r\n  }\r\n}"}]}}

根据document您应该添加一个条件,但这也不起作用。

condition: '@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \'help\''

最佳答案

roleDefinitionId 属性是角色的资源标识符。它也是订阅级资源,因此您可以在二头肌文件中定义它,如下所示:

roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1')

关于azure - 使用 Bicep 在 Azure Blob 存储容器上添加 RBAC 角色,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/71757405/

31 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com