通过ARM模板部署自定义角色键库的蓝图

Question

我们正在部署使用ARM模板的键库自定义角色，使用蓝图。当我们试图上传ARM模板到蓝图，并给出一个发布和分配。部署失败-最后使用以下错误消息-

错误消息：-1.消息:部署模板验证失败：‘模板资源，行'1’和列'2008‘有不正确的段长。嵌套资源类型必须有与其资源名称相同的段数。根资源类型的段长度必须大于其资源名称。“

2.‘模板’类型的工件'f87238e1-28d5-45fa-8ad9-176d07e79a81‘由于以下错误而未能部署:模板部署失败，错误{“代码”："LocationRequired"，“消息”：“此定义需要位置属性”}

有人请你纠正这个问题和可能发生的问题。

如果你需要密码，请告诉我。

参考代码-

"$schema"："https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#"、"contentVersion": "1.0.0.0", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.KeyVault/vaults", "apiVersion": "2019-09-01", "name": "Key Vault resource manager template deployment operator", >d9 "Name": "Reader for KeyVault", "location": "West US", "IsCustom": true, <https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#">d13 "Actions": [ "Microsoft.KeyVault/vaults/*/read" ], "NotActions": [], "DataActions": [], "NotDataActions": [], "AssignableScopes": [ d20 ] } } d24

Answer 1

您为“自定义角色”提供了错误的定义。要创建Microsoft.Authorization/roleDefinitions资源，请遵循此文档。

创建自定义角色的示例ARM模板，可以根据自定义角色进行更改：

{
  "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "actions": {
      "type": "array",
      "defaultValue": [
         "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "metadata": {
        "description": "Array of actions for the roleDefinition"
      }
    },
    "notActions": {
      "type": "array",
      "defaultValue": [ ],
      "metadata": {
        "description": "Array of notActions for the roleDefinition"
      }
    },
    "roleName": {
      "type": "string",
      "defaultValue": "Custom Role - RG Reader",
      "metadata": {
        "description": "Friendly name of the role definition"
      }
    },
    "roleDescription": {
      "type": "string",
      "defaultValue": "Subscription Level Deployment of a Role Definition",
      "metadata": {
        "description": "Detailed description of the role definition"
      }
    }
  },
  "variables":{
    "roleDefName": "[guid(subscription().id, string(parameters('actions')), string(parameters('notActions')))]"
  },
  "resources": [
    {
      "type": "Microsoft.Authorization/roleDefinitions",
      "apiVersion": "2018-07-01",
      "name": "[variables('roleDefName')]",
      "properties": {
        "roleName": "[parameters('roleName')]",
        "description": "[parameters('roleDescription')]",
        "type": "customRole",
        "isCustom": true,
        "permissions": [
          {
            "actions": "[parameters('actions')]",
            "notActions": "[parameters('notActions')]"
          }
        ],
        "assignableScopes": [
          "[subscription().id]"
        ]
      }
    }
  ]
}

有关更多细节，请参阅此文档。