通过Azure Devops发布管道将其推出以创建vnet对等关系时,由于部署失败而遇到错误。
我能够使用New-AzResourceGroupDeployment作为我自己的帐户(在两个订阅中均具有权限)成功推出部署,并且部署没有问题。
我想这可能是由于该帐户仅与第一个订阅相关,因此该帐户在远程vnet中没有权限。任何人都可以解决这个问题吗?
这是我从失败的部署中得到的编辑错误:
{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details.
Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Forbidden","message":"{\r\n \"error\": {\r\n \"code\": \"LinkedAuthorizationFailed\",\r\n \"message\": \"The client 'myClientID' with object id 'myobjectID' has permission to perform action 'microsoft.Network/virtualNetworks/virtualNetworkPeerings/write' on scope '/subscriptions/mySubid/resourcegroups/mylocalResourceGroup/providers/microsoft.Network/virtualNetworks/mylocalResourceGroup-vnet/virtualNetworkPeerings/mylocalResourceGroup-vnetTouks-myRemoteResourceGroup-vnet';
however,it does not have permission to perform action 'peer/action' on the linked scope(s) '/subscriptions/myRemoteSubId/resourceGroups/myremoteResourceGroup/providers/microsoft.Network/virtualNetworks/myremoteResourceGroup-vnet' or the linked scope(s) are invalid.\"\r\n }\r\n}"}]}
不太确定如何在远程网络上的本地用户组权限中授予服务连接?
将此链接分配给权限,但不确定如何将它们(网络贡献者)添加到服务连接 https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#permissions