DevTest Labs安全模型 [英] DevTest Labs security model

问题描述

我在企业Azure订阅中拥有一个帐户。我的帐户有"DevTest Labs User"角色和"阅读器"在资源组级别分配，我可以使用门户和Azure CLI创建VM。当我尝试使用terraform创建
a VM时，我收到错误：
$

I have an account in a corporate Azure subscription. My account has the roles "DevTest Labs User" and "Reader" assigned at the Resource Group level, and I am able to create VMs using the portal and the Azure CLI. When I try to create a VM using terraform, I get the error:

Code="AuthorizationFailed" Message="The client 'joao.costa@xxx.com' with object id 'xxx'

无权执行操作'Microsoft.DevTestLab / labs / virtualmachines / write'

does not have authorization to perform action 'Microsoft.DevTestLab/labs/virtualmachines/write'

over scope'/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.DevTestLab/labs/DevTestLabPoc/virtualmachines/xxx'

over scope '/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.DevTestLab/labs/DevTestLabPoc/virtualmachines/xxx'

我可以在https://github.com/Azure/azure-sdk-for-python/issues/4379 上看到其他人报告类似的行为（可以通过门户网站和CLI创建VM，但不能创建SDK） 。

我的问题是，为什么我能够通过门户网站和CLI创建虚拟机而不是SDK？

My question is, why am I able to create a VM through the portal and the CLI but not the SDK ?

如果有帮助，我使用的terraform脚本是：

In case it helps, the terraform script I am using is:

provider "azurerm" {
  skip_provider_registration = true
}

resource "azurerm_dev_test_linux_virtual_machine" "terraformTestVM" {
  name                  = "terraformTestVM"
  lab_name              = "myLabName"
  location              = "uksouth"
  resource_group_name   = "myRGN"
  size                  = "Standard_D4_v3"
  username               = "joao"
  ssh_key                = "${file("~/.ssh/id_rsa.pub")}"
  lab_virtual_network_id = "mynetworkid"
  lab_subnet_name        = "mysubnetname"
  disallow_public_ip_address = true
  storage_type           = "Standard"
  notes                  = "Terraform test machine"

  gallery_image_reference {
    offer     = "custom-image"
    publisher = "custom-publisher"
    sku       = "customer-sku"
    version   = "latest"
  }
}

谢谢

推荐答案

嗨  joaoantunescosta，

Hi joaoantunescosta,

感谢您与我们联系！

我能够重现相同的错误，并将其提交给产品团队注意。 

I am able to reproduce the same error and have brought it to the notice of the Product team. 

我们会及时通知您。感谢您的耐心等待。

We will keep you posted. Thank you for your patience.

这篇关于DevTest Labs安全模型的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！