DevTest Labs安全模型 [英] DevTest Labs security model
问题描述
我在企业Azure订阅中拥有一个帐户。我的帐户有"DevTest Labs User"角色和"阅读器"在资源组级别分配,我可以使用门户和Azure CLI创建VM。当我尝试使用terraform创建
a VM时,我收到错误:
$
I have an account in a corporate Azure subscription. My account has the roles "DevTest Labs User" and "Reader" assigned at the Resource Group level, and I am able to create VMs using the portal and the Azure CLI. When I try to create
a VM using terraform, I get the error:
Code="AuthorizationFailed" Message="The client 'joao.costa@xxx.com' with object id 'xxx'
无权执行操作'Microsoft.DevTestLab / labs / virtualmachines / write'
does not have authorization to perform action 'Microsoft.DevTestLab/labs/virtualmachines/write'
over scope'/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.DevTestLab/labs/DevTestLabPoc/virtualmachines/xxx'
over scope '/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.DevTestLab/labs/DevTestLabPoc/virtualmachines/xxx'
我可以在https://github.com/Azure/azure-sdk-for-python/issues/4379 上看到其他人报告类似的行为(可以通过门户网站和CLI创建VM,但不能创建SDK) 。
我的问题是,为什么我能够通过门户网站和CLI创建虚拟机而不是SDK?
My question is, why am I able to create a VM through the portal and the CLI but not the SDK ?
如果有帮助,我使用的terraform脚本是:
In case it helps, the terraform script I am using is:
provider "azurerm" {
skip_provider_registration = true
}
resource "azurerm_dev_test_linux_virtual_machine" "terraformTestVM" {
name = "terraformTestVM"
lab_name = "myLabName"
location = "uksouth"
resource_group_name = "myRGN"
size = "Standard_D4_v3"
username = "joao"
ssh_key = "${file("~/.ssh/id_rsa.pub")}"
lab_virtual_network_id = "mynetworkid"
lab_subnet_name = "mysubnetname"
disallow_public_ip_address = true
storage_type = "Standard"
notes = "Terraform test machine"
gallery_image_reference {
offer = "custom-image"
publisher = "custom-publisher"
sku = "customer-sku"
version = "latest"
}
}
谢谢
推荐答案
嗨 joaoantunescosta,
Hi joaoantunescosta,
感谢您与我们联系!
我能够重现相同的错误,并将其提交给产品团队注意。
I am able to reproduce the same error and have brought it to the notice of the Product team.
我们会及时通知您。感谢您的耐心等待。
We will keep you posted. Thank you for your patience.
这篇关于DevTest Labs安全模型的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!