我认为这是发布此内容的最佳地点,因为你们是百里挑一。我是 azure Devops 的新手,我正在使用 ARM 模板并创建了一个相对简单的 azurekeyvault。在我的代码中,我试图创建一个内联 PowerShell 脚本,该脚本将抓取部署 ARM 模板 ObjectId 并将其存储到参数中的人,而不是手动输入或必须从 Azure 门户部署它。我似乎无法让它工作,这很令人沮丧。我想知道是否有人可以快速看一下并解释我做错了什么。非常亲切的问候。
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaults_azurekeyvault_vault_name": {
"type": "String"
},
"tenantId": {
"type": "String"
},
"objectId": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2022-07-01",
"name": "[parameters('vaults_azurekeyvault_vault_name')]",
"location": "[resourceGroup().location]",
"properties": {
"sku": {
"family": "A",
"name": "Standard"
},
"tenantId": "[parameters('tenantId')]",
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Deny",
"ipRules": [],
"virtualNetworkRules": []
},
"accessPolicies": [
{
"tenantId": "[parameters('tenantId')]",
"objectId": "[parameters('objectId')]",
//"objectId": "[if(equals(parameters('objectId'), ''), reference('getUserObjectId').outputs.result.value, parameters('objectId'))]",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create"
],
"secrets": [
"Get",
"List",
"Set"
],
"certificates": [
"Get",
"List",
"Update",
"Create"
]
}
}
],
"enabledForDeployment": true,
"enabledForDiskEncryption": true,
"enabledForTemplateDeployment": true,
"enableSoftDelete": false,
//"softDeleteRetentionInDays": 7,
"enableRbacAuthorization": false,
"vaultUri": "[concat('https://', parameters('vaults_azurekeyvault_vault_name'), '.vault.azure.net/')]",
"provisioningState": "Succeeded",
"publicNetworkAccess": "Enabled"
}
},
{
"type": "Microsoft.Resources/deploymentScripts",
"apiVersion": "2020-10-01",
"name": "getUserObjectId",
"location": "[resourceGroup().location]",
"kind": "AzurePowerShell",
"properties": {
"azPowerShellVersion": "3.0",
"arguments": "",
"scriptContent": "Get-AzContext | Select-Object -ExpandProperty Account | Select-Object -ExpandProperty Id",
"cleanupPreference": "OnSuccess",
"timeout": "PT1H",
"retentionInterval": "P1D"
}
},
{
"type": "Microsoft.KeyVault/vaults/keys",
"apiVersion": "2022-07-01",
"name": "[concat(parameters('vaults_azurekeyvault_vault_name'), '/azurekeyvault-certificate')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_azurekeyvault_vault_name'))]"
],
"properties": {
"attributes": {
"enabled": true,
"nbf": 1676439340,
"exp": 1707975940
}
}
},
{
"type": "Microsoft.KeyVault/vaults/keys",
"apiVersion": "2022-07-01",
"name": "[concat(parameters('vaults_azurekeyvault_vault_name'), '/azurevault')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_azurekeyvault_vault_name'))]"
],
"properties": {
"attributes": {
"enabled": true,
"exportable": false
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"apiVersion": "2022-07-01",
"name": "[concat(parameters('vaults_azurekeyvault_vault_name'), '/azurekeyvault-certificate')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_azurekeyvault_vault_name'))]"
],
"properties": {
"contentType": "application/x-pkcs12"
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"apiVersion": "2022-07-01",
"name": "[concat(parameters('vaults_azurekeyvault_vault_name'), '/azurekeyvault-secret')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_azurekeyvault_vault_name'))]"
],
"properties": {
"contentType": "text/plain"
}
}
],
"outputs": {
"objectId": {
"type": "string",
"value": "[reference('getUserObjectId').outputs.result.value]"
}
}
}
啊好吧,忘了一件你做错的明显事情:
$output = (Get-AzContext).Account.Id
Write-Output $output
$DeploymentScriptOutputs = @{}
$DeploymentScriptOutputs['accountId'] = $output
此外,检查您是否已授予运行 deploymentScripts 所需的所有权限