我正在尝试创建一个资源组并为其分配贡献者权限,并使用一个二头肌模板。此操作失败,并显示错误消息"嵌套资源类型必须与其资源名称具有相同数量的段">
我的二头肌文件:
targetScope = 'subscription'
param resourceGroupName string
param resourceGroupLocation string
param contributorsGroupID string
resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
location: resourceGroupLocation
name: resourceGroupName
}
//assign contributor role to the created AAD group
resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: rg.id
properties: {
roleDefinitionId: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
principalId: contributorsGroupID
principalType: 'Group'
}
}
我不明白在角色分配部分中填写什么名称才能完成这项工作。
需要传递角色 AliasgmentName的GUID和roleID的Var,如下面的 bicep 脚本所示,以创建资源组并分配参与者访问权限。
targetScope = 'subscription'
@description('Name of the resourceGroup to create')
param resourceGroupName string = '<resourcegroupname>'
@description('Location for the resourceGroup')
param resourceGroupLocation string = '<resourcelocation>'
@description('principalId of the user that will be given contributor access to the resourceGroup')
param principalId string = '<userObjectId>'
@description('roleDefinition to apply to the resourceGroup - default is contributor')
param roleDefinitionId string = 'b24988ac-6180-42a0-ab88-20f7382dd24c'
@description('Unique name for the roleAssignment in the format of a guid')
param roleAssignmentName string = guid(principalId, roleDefinitionId, resourceGroupName)
var roleID = '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/${roleDefinitionId}'
resource newResourceGroup 'Microsoft.Resources/resourceGroups@2019-10-01' = {
name: resourceGroupName
location: resourceGroupLocation
properties: {}
}
resource roleNameGuid_resource 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: roleAssignmentName
properties: {
roleDefinitionId: roleID
principalId: principalId
}
}