我试图自动执行从Azure DevOps执行的letEncrypt所需的服务主体的设置。我正在运行以下代码
Write-Host ("Getting roles for " + $letsEncryptApplication.ApplicationId)
$letsEncryptContributorRole = Get-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $letsEncryptApplication.ApplicationId
if ($letsEncryptContributorRole -eq $null) {
Write-Host "Creating contributor role for lets encrypt service principal"
$letsEncryptContributorRole = New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $letsEncryptApplication.ApplicationId
} else {
Write-Host "Contributor role for lets encrypt service principal already exists"
}
在New-AzureRmRoleAssignment行上出现以下错误
does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/write' over scope '/subscriptions/15ed030e-195f-4fc0-bbb9-cfcf581a1c00'.
我已经为Azure DevOps服务主体进行了应用注册,并提取了该代码,并赋予了我我认为与活动目录相关的所有内容:
我需要授予我的Azure DevOps服务主体什么权限,以便我可以自动化部署的这一部分?