二头肌中 Azure 资源组的角色分配

Question

我正在尝试创建一个资源组并使用一个二头肌模板为其分配贡献者权限。这将失败并显示错误消息“嵌套资源类型必须具有与其资源名称相同数量的段”

我的二头肌文件：

targetScope = 'subscription'

param resourceGroupName string
param resourceGroupLocation string
param contributorsGroupID string

resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
  location: resourceGroupLocation
  name: resourceGroupName
}

//assign contributor role to the created AAD group

resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
  name: rg.id
  properties: {
    roleDefinitionId: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
    principalId: contributorsGroupID
    principalType: 'Group'
  }
}

我不明白要在角色分配部分填写什么名称才能完成这项工作。

Answer 1

您需要为 roleassigmentName 传递 GUID 和为 roleID 传递 Var，如下面的二头肌脚本所示，以创建资源组并分配贡献者访问它。

targetScope = 'subscription'

@description('Name of the resourceGroup to create')
param resourceGroupName string = '<resourcegroupname>'

@description('Location for the resourceGroup')
param resourceGroupLocation string = '<resourcelocation>'

@description('principalId of the user that will be given contributor access to the resourceGroup')
param principalId string = '<userObjectId>'

@description('roleDefinition to apply to the resourceGroup - default is contributor')
param roleDefinitionId string = 'b24988ac-6180-42a0-ab88-20f7382dd24c'

@description('Unique name for the roleAssignment in the format of a guid')
param roleAssignmentName string = guid(principalId, roleDefinitionId, resourceGroupName)

var roleID = '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/${roleDefinitionId}'

resource newResourceGroup 'Microsoft.Resources/resourceGroups@2019-10-01' = {
name: resourceGroupName
location: resourceGroupLocation
properties: {}
}

resource roleNameGuid_resource 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: roleAssignmentName
properties: {
roleDefinitionId: roleID
principalId: principalId
}
}