Azure Key Vault错误地创建了复合身份 [英] Azure Key Vault incorrectly creating Compound Identity

问题描述

在Azure Key Vault策略中，我想添加ADF.下面是命令(从管道执行).但是创建后，它将显示为带有代表"文本的复合身份"，并且无法正常工作.当我手动将ADF添加到策略中时，它显示为应用程序"，并且可以正常工作.如何使Powershell创建应用程序"身份?

In Azure Key Vault policies I wanted to add ADF. Given below is the command(executed from pipeline). But after creation it is showing as 'compound identity' with an 'on behalf of' text and it is not working. When I manually add ADF to policies it shows as 'application' and it works. How can I make the powershell create 'Application' identity?

Set-AzKeyVaultAccessPolicy -VaultName $keyVaultName -PermissionsToSecrets get -ApplicationId $appId -ObjectId $objectId

完整脚本

$rgName='myRG'
$storageAccountName='MyStorage'
$secretName='myKey'
$keyVaultName='myKv'
$adfName='myADF'

Write-Host "Adding data lake storage Key to key vault"

$storageAccountKey = (Get-AzStorageAccountKey  -ResourceGroupName $rgName -Name $storageAccountName).Value[0]
$secretVal = ConvertTo-SecureString -String $storageAccountKey -AsPlainText -Force
Set-AzKeyVaultAccessPolicy -VaultName $keyVaultName -PermissionsToSecrets get -ApplicationId $appId -ObjectId $objectId

Write-Host "completed adding key"

Write-Host "Adding access policy to key vault"
$objectId=(Get-AzureRmDataFactoryV2 -ResourceGroupName $rgName -Name $adfName).Identity.PrincipalId
$appId = (Get-AzureRmADServicePrincipal -ObjectId $objectId).ApplicationId

推荐答案

给出了错误的命令.下面给出的是正确的.在示例"中进行了解释2:为应用程序服务主体授予读取和写入机密的权限

Wrong command was given. Given below is the correct. Explained in 'Example 2: Grant permissions for an application service principal to read and write secrets'

Set-AzKeyVaultAccessPolicy -VaultName $keyVaultName -ServicePrincipalName $appId -PermissionsToSecrets Get

这篇关于Azure Key Vault错误地创建了复合身份的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！