试图将应用程序服务部署槽的权限分配给keyvault,但很难获得
{
"tenantId": "[subscription().tenantId]",
"objectId": "[resourceId('Microsoft.Web/sites/slots', parameters('azureAppService').webSiteName, 'DEV').identity.principalId]",
"permissions": {
"secrets": [
"Get"
]
}
}
不确定我在这里做错了什么,模板验证通过了,但在部署时,我得到了一个错误。如何指定部署槽的资源ID?
这是错误
{
"status": "Failed",
"error": {
"code": "InvalidTemplate",
"message": "Unable to process template language expressions for resource '/subscriptions/---/resourceGroups/Test/providers/Microsoft.KeyVault/vaults/KEYVAULT-TEST' at line '447' and column '9'. 'The language expression property 'identity' can't be evaluated.'",
"additionalInfo": [
{
"type": "TemplateViolation",
"info": {
"lineNumber": 447,
"linePosition": 9,
"path": ""
}
}
]
}
}
您需要使用reference函数(请参阅文档(:
[reference(resourceId('Microsoft.Web/sites/slots', parameters('azureAppService').webSiteName, 'DEV'), '2022-03-01', 'full').identity.principalId]
"[reference(resourceId('Microsoft.Web/sites/slots', parameters('azureAppService').webSiteName, 'DEV'), '2020-06-01', 'full').identity.principalId]",
因此,即使我将其添加到部署槽中
"identity": {
"type": "SystemAssigned"
},
它没有创建系统分配的标识。一旦我手动创建了它,然后重新部署了ARM模板,它就工作了。