我是 arm 模板的新手。我创建了以下 armtemplate 以使用托管身份在订阅级别分配角色。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.ManagedIdentity/userAssignedIdentities",
"apiVersion": "2023-01-31",
"name": "managedidentityPOC",
"location": "<location>"
}
{
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2022-04-01",
"name": "[guid(resourceGroup().id)]",
"scope": "[concat('/subscription/',subscriptions().subscriptionId)"
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
"principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', managedidentityPOC)).principalId]"
}
}
]
}
我已经创建了一个托管身份并尝试给一个角色分配一个订阅范围。 但是低于错误:
资源命名空间“订阅”无效。 (代码:InvalidResourceNamespace)
请尝试更改以下代码行:
"scope": "[concat('/subscription/',subscriptions().subscriptionId)"
到
"scope": "[concat('/subscriptions/',subscriptions().subscriptionId)"
基本上范围应该是
/subscriptions/<subscription-id>
而不是subscription/<subscription-id>
。