是否通过ARM部署为Azure Logic Apps托管身份分配具有Terraform的角色? [英] Assign an Azure Logic Apps Managed Identity a role with terraform via ARM Deployment?

查看:0
本文介绍了是否通过ARM部署为Azure Logic Apps托管身份分配具有Terraform的角色?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在Azure中:尝试为分配了托管标识的逻辑应用程序系统分配用于启动/停止虚拟机的角色时,我收到以下错误消息:

Error: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="PrincipalNotFound" Message="Principal xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx does not exist in the directory xxxxx-x-x-x-xxxx."

我的假设是,当模板输出时,我没有获得正确的ID

"[reference(resourceId('Microsoft.Logic/workflows/', 'scheduledvmdown'), '2019-05-01', 'Full').Identity.tenantId]"

应将Terraform模板部署输出用作角色分配main_id的输入。

我使用terraform部署逻辑应用模板,如下所示:

    resource "azurerm_template_deployment" "myterraformscheduledvmdown" {
  name                = "scheduledvmdown"
  resource_group_name = "j14t23resources"

  template_body = <<DEPLOY

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
...
    "resources": [
        {
            "type": "Microsoft.Logic/workflows",
            "apiVersion": "2019-05-01",
            "name": "scheduledvmdown",
            "location": "westus2",
            "identity": {
                "type": "SystemAssigned"
            },
            "properties": 
...

    ],
    "outputs": {
        "appid": {
            "type": "string",
            "value": "[reference(resourceId('Microsoft.Logic/workflows/', 'scheduledvmdown'), '2019-05-01', 'Full').Identity.tenantId]"
...
DEPLOY

  parameters = {
  }

  deployment_mode = "Incremental"
}

output "appid" {
  value = "${lookup(azurerm_template_deployment.myterraformscheduledvmdown.outputs, "appid")}"
}

resource "azurerm_role_assignment" "scheduletovmdown" {
  scope                = azurerm_linux_virtual_machine.myterraformvm.id
  role_definition_name = "Virtual Machine Contributor"
  principal_id         = azurerm_template_deployment.myterraformscheduledvmdown.outputs["appid"]
}

推荐答案

对,应该是principalId,不是tenantId

"[reference(resourceId('Microsoft.Logic/workflows/', 'scheduledvmdown'), '2019-05-01', 'Full').Identity.principalId]"

这篇关于是否通过ARM部署为Azure Logic Apps托管身份分配具有Terraform的角色?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆