如何在使用 ARM 模板将 AD 角色分配给多个资源时使用循环

时间:2021-03-18 09:40:04

标签: azure azure-active-directory roles arm-template

我正在努力使用 ARM 模板将贡献者角色分配给多个 Azure 资源,例如 Azure Function App、Azure App Service 和 Application Insights 等。

为此,我使用了以下代码行:

        {
        "type": "Microsoft.Authorization/roleAssignments",
        "apiVersion": "2020-04-01-preview",
        "name": "[parameters('roleNameGuidForFunctionApp')]",
        "scope": "[concat('Microsoft.Web/sites/',parameters('functionAppName'))]",
        "dependsOn": [
            "[resourceId('Microsoft.Web/sites', parameters('functionAppName'))]"
        ],
        "properties": {
            "roleDefinitionId": "[variables('ContributorGroupRoleId')]",
            "principalId": "[parameters('principalId')]"
        }
    },
    {
        "type": "Microsoft.Authorization/roleAssignments",
        "apiVersion": "2020-04-01-preview",
        "name": "[parameters('roleNameGuidForAI')]",
        "scope": "[concat('microsoft.insights/components/',parameters('applicationInsightsName'))]",
        "dependsOn": [
            "[resourceId('microsoft.insights/components', parameters('applicationInsightsName'))]"
        ],
        "properties": {
            "roleDefinitionId": "[variables('ContributorGroupRoleId')]",
            "principalId": "[parameters('principalId')]"
        }
    }

上面的代码运行良好。但我想使用循环概念将贡献者角色分配给多个 azure 资源。

所以,请建议我怎么做

1 个答案:

答案 0 :(得分:0)

我已按照 this 文档使用 let d = [ {sno: 1, amount: 10}, {sno: 1, amount: 20}, {sno: 2, amount: 20}, {sno: 2, amount: 20}, {sno: 3, amount: 10}, {sno: 3, amount: 15}, {sno: 1, amount: 20}, {sno: 3, amount: 6}, {sno: 4, amount: 20}, {sno: 4, amount: 19}, ] let tableData = {} td = d.map(l => { if(!d[l.sno]) d[l.sno] = 0 d[l.sno] = d[l.sno] + l.amount }) let td = d.map(t => { return {...t, total: tableData[t.sno]} }) 的概念。

这是我的模板文件:

Resource iteration in ARM templates

}

这是我的参数文件:

{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
    "roleAssignments": {
        "type": "array",
        "metadata": {
            "description": "An array that contains objects with properties for assigning roles to multiple resources"
        }
    }
},
"variables": {
    "ContributorRoleId": "[resourceId('Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]"
},
"resources": [
    {
        "type": "Microsoft.Authorization/roleAssignments",
        "apiVersion": "2020-04-01-preview",
        "name": "[parameters('roleAssignments')[copyIndex('roleAssignments')].roleName]",
        "scope": "[concat(parameters('roleAssignments')[copyIndex('roleAssignments')].resourceProviderName,parameters('roleAssignments')[copyIndex('roleAssignments')].resourceName)]",

        "copy": {
            "name": "roleAssignments",
            "count": "[length(parameters('roleAssignments'))]"
        },
        "properties": {
            "roleDefinitionId": "[variables('ContributorRoleId')]",
            "principalId": "[parameters('roleAssignments')[copyIndex('roleAssignments')].principalId]"
        }
    }
],
"outputs": {}

}

相关问题
最新问题