我正在部署一个带有二头肌的azure datalake第2代存储帐户。我想在一个有二头肌的容器上分配角色(组((见下面的代码(。但我总是犯错误。有人能帮我吗?
targetScope = 'resourceGroup'
param location string =resourceGroup().location
param storageAccountName string
resource stg 'Microsoft.Storage/storageAccounts@2021-04-01' = {
name: storageAccountName
location: location
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
properties: {
isHnsEnabled: true
}
}
resource bs 'Microsoft.Storage/storageAccounts/blobServices@2021-08-01' = {
name: 'default'
parent: stg
}
resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-08-01' = {
name: 'help'
parent: bs
}
resource rbac 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = {
name: guid(container.id,'xxx')
scope: container
properties: {
principalId: 'xxx'
principalType: 'Group'
roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1'
}
}
错误:
{"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"{rn "error": {rn "code": "BadRequestFormat",rn "message": "The request was incorrectly formatted."rn }rn}"}]}}
根据文档,您应该添加一个条件,但这也不起作用。
condition: '@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'help''
roleDefinitionId属性是角色的资源标识符。它也是一个订阅级别的资源,所以你可以在二头肌文件中这样定义它:
roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1')