尝试使用 BICEP 进行部署,但出现此错误:
failed with error(s). Showing 1 out of 1 error(s).
Status Message:
At least one resource deployment operation failed.
Please list deployment operations for details.
(Code: DeploymentFailed)
{
"code": "BadRequest",
"message": "Customer Managed Key and Continuous backup mode can only be enabled together with a valid User Assigned or System Assigned Managed Identity. Please set a User Assigned or System Assigned Identity as default identity and retry the request.
} (Code:BadRequest)
事实上,我正在尝试设置客户管理的密钥,因此从错误看来,我需要设置用户分配的身份作为默认身份。我在做常规 SQL 数据库时做了类似的事情,但在这里没有取得任何成功。我已经创建了用户管理身份,并准备好了资源链接。
来自我的二头肌代码:
resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2023-04-15' = {
..
identity: {
type: identityType
userAssignedIdentities: {
'${cmkIdentityResourceId}' : {}
}
}
properties: {
keyVaultKeyUri: 'https://xx.vault.azure.net/keys/xx'
defaultIdentity: 'FirstPartyIdentity'
..
}
..
}
它列出了这个属性,我尝试在上面的代码中设置它:
defaultIdentity
The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more.
我不确定“以及更多”是什么意思,但我知道它不是系统分配的,因为我使用的是用户分配的。在我之前的 SQL Server 设置中,我提供了类似的内容:
primaryUserAssignedIdentityId : cmkIdentityResourceId在文档中不太清楚,但是当使用用户分配的身份时
defaultIdentity{
...
defaultIdentity: 'UserAssignedIdentity=<user-assigned identity resource-id>'
}
所以在你的情况下:
{
...
defaultIdentity: 'UserAssignedIdentity=${cmkIdentityResourceId}'
}