在 Key Vault 访问策略中引用托管标识时出现 Azure ARM 模板 ResourceNotFound 错误
Ada*_*zak 7 azure azure-resource-manager azure-rm-template azure-managed-identity
在启用的逻辑应用上部署具有托管标识访问策略的 KeyVault 服务时,它会失败,因为它尚不存在。我确实为逻辑应用程序添加了依赖项。
奇怪的是,这个模板已经工作了数周,现在每次都失败,所以我有点困惑。我从 MS 的快速入门模板复制了这个。但这不是问题,因为如果您查看错误,它会指向正确的目标资源。如果我在失败后单击重新部署,这个模板也可以工作,因为当时托管标识已经存在。我测试了它,无论如何它失败了。
这是我的 ARM 模板
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"logicAppName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Describes the name of the Logic App resource"
},
"defaultValue": "demo"
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the Azure location where the key vault should be created."
}
}
},
"variables": {
"keyVaultName": "[concat('eakeyvault', uniquestring(resourceGroup().id))]",
"logicAppName": "[parameters('logicAppName')]"
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"name": "[variables('keyVaultName')]",
"apiVersion": "2018-02-14",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Logic/workflows', variables('logicAppName'))]"
],
"properties": {
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": false,
"tenantId": "[subscription().tenantId]",
"accessPolicies": [
{
"objectId": "[reference(concat(resourceId('Microsoft.Logic/workflows/', variables('logicAppName')), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2018-11-30').principalId]",
"tenantId": "[subscription().tenantId]",
"permissions": {
"secrets": ["get"]
}
}
],
"sku": {
"name": "standard",
"family": "A"
},
"networkAcls": {
"value": {
"defaultAction": "Allow",
"bypass": "AzureServices"
}
}
}
},
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2017-07-01",
"name": "[variables('logicAppName')]",
"location": "[resourceGroup().location]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"state": "Disabled",
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"actions": {
},
"contentVersion": "1.0.0.0",
"outputs": {},
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"Recurrence": {
"recurrence": {
"frequency": "Day",
"interval": 1,
"schedule": {
"hours": [
"3"
]
}
},
"type": "Recurrence"
}
}
},
"parameters": {
}
}
}
]
}
和错误
{
"id":"/subscriptions/x/resourceGroups/demo6/providers/Microsoft.Resources/deployments/Microsoft.Template/operations/272BE07B42936635",
"operationId":"272BE07B42936635",
"properties":{
"provisioningOperation":"Read",
"provisioningState":"Failed",
"timestamp":"2019-10-06T15:09:38.8112774Z",
"duration":"PT1.3818083S",
"trackingId":"faf54706-3f6f-469a-9917-a65bdba9768f",
"statusCode":"NotFound",
"statusMessage":{
"error":{
"code":"ResourceNotFound",
"message":"The Resource 'Microsoft.Logic/workflows/demo' under resource group 'demo6' was not found."
}
},
"targetResource":{
"id":"/subscriptions/x/resourceGroups/demo6/providers/Microsoft.Logic/workflows/demo/providers/Microsoft.ManagedIdentity/Identities/default",
"resourceType":"Microsoft.ManagedIdentity/Identities",
"resourceName":"default",
"apiVersion":"2018-11-30"
}
}
}
我已将此用作应用服务的参考:
[reference(resourceId('Microsoft.Web/sites', variables('webAppName')), '2016-08-01', 'Full').identity.principalId]
当然还有dependsOn:
[resourceId('Microsoft.Web/sites', variables('webAppName'))]
| 归档时间: |
|
| 查看次数: |
2242 次 |
| 最近记录: |