【发布时间】:2022-01-11 20:14:04
【问题描述】:
我有一个虚拟机详细信息数组(变量),用于部署多个虚拟机(使用copy 元素)。这些虚拟机中的每一个都使用系统托管标识。
我想授予其中每个 VM 访问 Key Vault 的权限。我尝试过结合使用 reference 和 resourceId 函数。根据this example:
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2019-09-01",
"name": "vaultName",
"properties": {
"tenantId": "[subscription().tenantId]",
"accessPolicies": [
{
"tenantId": "[reference(resourceId('Microsoft.Compute/virtualMachines', variables('vmName')), '2019-03-01', 'Full').identity.tenantId]",
"objectId": "[reference(resourceId('Microsoft.Compute/virtualMachines', variables('vmName')), '2019-03-01', 'Full').identity.principalId]",
"permissions": {
"keys": [
"all"
],
"secrets": [
"all"
]
}
}
],
...
但我不知道如何让它在循环中工作。这不起作用:
"variables": {
"VMs": [
{
"name": "vm-test-dev-cace-001",
"nicName": "nic-test-dev-cace-001",
"privateIPAddress": "192.168.0.10",
"zone": "1"
},
{
"name": "vm-test-dev-cace-002",
"nicName": "nic-test-dev-cace-002",
"privateIPAddress": "192.168.0.11",
"zone": "2"
}
]
...
{
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"name": "[concat(parameters('keyVaultName'), '/add')]",
"location": "[parameters('resourcesLocation')]",
"apiVersion": "2019-09-01",
"properties": {
"accessPolicies": [
{
"tenantId": "[subscription().tenantId]",
"objectId": "[reference(resourceId('Microsoft.Compute/virtualMachines', variables('VMs')[0].name), '2019-03-01', 'Full').identity.principalId]",
"keys": [],
"permissions": {
"secrets": [
"get"
],
"certificates": [
"get",
"list"
]
}
}
]
【问题讨论】:
标签: azure virtual-machine key-value azure-resource-manager