个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
25
4
我经历了很多SO,但是没有找到特定问题的解决方案。
I have created a Key Vault, all the team members should be able to access this key vault.
This works if I add the group via the portal in the access policies. However, it seems that the when I tried to add it from ARM template it is creating identity principle and team is not able to access key vault.
这就是我尝试提供的访问策略。
{
"tenantId": "----",
"objectId": "----",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers"
]
}
}
As I can see there is nothing specific permission to group mentioned explicitly. When I run this ARM template then it is creating access policies with Identity principle category I need to have this category set to Group.
Any ideas how I can map group to access key vault instead of identity principle ?
我检查了对象 ID 是否已正确映射,但我不确定属性。 
编辑部署后,我们获得复合身份的访问策略: 
编辑2完整模板:
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2016-10-01",
"name": "[parameters('KeyVaultName')]",
"location": "*****",
"properties": {
"sku": {
"family": "A",
"name": "Standard"
},
"tenantId": "***********************",
"accessPolicies": [
{
"tenantId": "***********************",
"objectId": "***********************",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
"Purge"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
"Purge"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
"Purge"
]
}
},
{
"tenantId": "***********************",
"objectId": "***********************",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
"Purge"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
"Purge"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
"Purge"
]
}
},
{
"tenantId": "***********************",
"objectId": "***********************",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
"Purge"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
"Purge"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
"Purge"
]
}
},
{
"tenantId": "***********************",
"objectId": "***********************",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
"Purge"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
"Purge"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
"Purge"
]
}
},
{
"tenantId": "***********************",
"objectId": "***********************",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
"Purge"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
"Purge"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
"Purge"
]
}
},
{
"tenantId": "***********************",
"objectId": "***********************",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
"Purge"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
"Purge"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
"Purge"
]
}
},
{
"tenantId": "***********************",
"objectId": "***********************",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
"Purge"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
"Purge"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
"Purge"
]
}
},
{
"tenantId": "***********************",
"objectId": "***********************",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
"Purge"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
"Purge"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
"Purge"
]
}
},
{
"tenantId": "***********************",
"objectId": "***********************",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers"
]
}
},
{
"tenantId": "***********************",
"objectId": "***********************",
"applicationId": "***********************",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
"Purge"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
"Purge"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
"Purge"
]
}
}
],
"enabledForDeployment": true,
"enabledForDiskEncryption": true,
"enabledForTemplateDeployment": true
}
}
最佳答案
它应该可以工作,请确保您使用订阅所在的正确tenantId以及Azure AD的objectId安全性 组。
您可以在门户 -> 属性 -> 目录 ID 中获取 Azure Active Directory 中的 tenantId > 是tenantId。
然后在 Azure Active Directory -> 组 -> 搜索您的安全组 -> 获取对象 ID。
我的工作示例:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaults_joykeyvault1212_name": {
"defaultValue": "joykeyvault1212",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2016-10-01",
"name": "[parameters('vaults_joykeyvault1212_name')]",
"location": "eastus",
"properties": {
"sku": {
"family": "A",
"name": "standard"
},
"tenantId": "xxxxxxxxxxxx",
"accessPolicies": [
{
"tenantId": "xxxxxxxxxxxx",
"objectId": "xxxxxxxxxxxx",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers"
]
}
}
],
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": false
}
}
]
}
关于azure - ARM 模板 key 保管库访问策略到组而不是身份原则,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58263437/
25
4
0
我是一名优秀的程序员,十分优秀!