我已经阅读了关于二头肌文件中的 loops 的信息,最后来到这段代码。它有 2 个数组用于用户和应用程序_(两者都需要不同的权限)。对于访问策略,我遍历每个项目。
param keyVault_name string
param webapp_principleId string
param functionsApp_principleId string
param location string
param user_id string
var userPermission = [
user_id
]
var appPermission = [
webapp_principleId
functionsApp_principleId
]
resource keyVault_resource 'Microsoft.KeyVault/vaults@2022-07-01' = {
name: keyVault_name
location: location
properties:{
accessPolicies:[[for (app, index) in appPermission: {
objectId: app
tenantId: tenant().tenantId
permissions: {
secrets: [ 'get', 'list' ]
}
}], [for (user, index) in userPermission: {
objectId: user
tenantId: tenant().tenantId
permissions: {
secrets: [ 'get', 'list', 'set' ]
}
}]]
sku: {
family: 'A'
name: 'standard'
}
tenantId: tenant().tenantId
}
}
但是上面的代码给了我下一个错误:
封闭数组需要一个
类型的项目,但提供的项目是AccessPolicyEntry类型。二头肌(BCP034)object[]
根据我发现的文档,它不像代码示例那样工作。我需要做演员吗?
您正在将数组数组传递给
accessPoliciesparam keyVault_name string
param webapp_principleId string
param functionsApp_principleId string
param location string
param user_id string
var userPermission = [
user_id
]
var appPermission = [
webapp_principleId
functionsApp_principleId
]
var userAccessPolicies = [for (user, index) in userPermission: {
objectId: user
tenantId: tenant().tenantId
permissions: {
secrets: [ 'get', 'list', 'set' ]
}
}]
var appAccessPolicies = [for (app, index) in appPermission: {
objectId: app
tenantId: tenant().tenantId
permissions: {
secrets: [ 'get', 'list' ]
}
}]
var accessPolicies = concat(userAccessPolicies, appAccessPolicies)
resource keyVault_resource 'Microsoft.KeyVault/vaults@2022-07-01' = {
name: keyVault_name
location: location
properties:{
accessPolicies:accessPolicies
sku: {
family: 'A'
name: 'standard'
}
tenantId: tenant().tenantId
}
}