KeyVault 模板 - 多个访问策略
Posted
技术标签:
【中文标题】KeyVault 模板 - 多个访问策略【英文标题】:KeyVault Template - Multiple AccesPolicies 【发布时间】:2021-01-20 15:19:32 【问题描述】:我有多个对象 ID 要添加到密钥保管库的访问策略中。所以我有一个objectId数组,我正在循环它。但我收到此错误:为“accessPolicies”提供了无效值。我的代码基于这个:https://collab365.community/azure-keyvault-set-multiple-access-policies-using-the-arm-template/
This is a part of my arm template:
"parameters":
"kvAccessPolicies":
"type": "array",
"metadata":
"description": "Access Ids for KeyVaults"
,
"defaultValue": [
"none"
]
,
"resources": [
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"name": "[concat(parameters('keyVaultName'), '/add')]",
"apiVersion": "2019-09-01",
"dependsOn":[
"[parameters('keyVaultName')]"
],
"properties":
"accessPolicies": [
"copy": [
"name": "accessPolicies",
"count": "[length(parameters('kvAccessPolicies'))]",
"input":
"tenantId": "[subscription().tenantId]",
"objectId": "[parameters('kvAccessPolicies')[copyIndex('accessPolicies')].objectId]",
"permissions":
"keys": [
"all"
],
"secrets": [
"all"
],
"certificates": [
"all"
],
"storage": [
"all"
]
]
]
]
This is a part of my parameter file:
"KvAccessPolicies": [
"objectId": "85949fj3-t488-4ye3-5i54-2j2jwk5jri3e"
,
"objectId": "4ieh345t-6i4r-t5y4-g9t4-7u6jktl5kri4"
]
【问题讨论】:
【参考方案1】:您不需要accessPolicies 属性。 copy 迭代器将使用 "name": "accessPolicies", 行为您添加属性。只需消除该级别,将copy 块提升一个级别。
"properties":
"copy": [
"name": "accessPolicies",
"count": "[length(parameters('kvAccessPolicies'))]",
"input":
"tenantId": "[subscription().tenantId]",
"objectId": "[parameters('kvAccessPolicies')[copyIndex('accessPolicies')].objectId]",
"permissions":
"keys": [
"all"
],
"secrets": [
"all"
],
"certificates": [
"all"
],
"storage": [
"all"
]
]
【讨论】:
以上是关于KeyVault 模板 - 多个访问策略的主要内容,如果未能解决你的问题,请参考以下文章
通过 ARM 模板部署 Azure ML MSI 可在 Key Vault 上启用清除保护