azure Set-AzKeyVaultAccessPolicy:无法验证参数“VaultName”的参数,参数为null或空

oo7oh9g9  于 2023-05-01  发布在  其他
关注(0)|答案(1)|浏览(182)

尝试在Visual Studio代码中使用Azure PowerShell创建高级密钥保管库

源代码参考来自Ned1313-GitHub。

#Prefix for resources
$prefix = "cmk"

#Basic variables
$location = "eastus"
$id = Get-Random -Minimum 1000 -Maximum 9999

#Log into Azure
Add-AzAccount

#Select the correct subscription
Get-AzSubscription -SubscriptionName "Test Subscription" | Select-AzSubscription

#Create a resource group for Key Vault
$keyVaultGroup = New-AzResourceGroup -Name "$prefix-key-vault-$id-rg" -Location $location

#Create a new Key Vault
$keyVaultParameters = @{
    Name = "$prefix-key-vault-$id"
    ResourceGroupName = $keyVaultGroup.ResourceGroupName
    Location = $location
    Sku = "Premium"
}

$keyVault = New-AzKeyVault @keyVaultParameters

#Grant yourself access to the Key Vault
# Give your user principal access to all storage account permissions, on your Key Vault instance
$accessPolicy = @{
    VaultName = $keyVault.Name
    UserPrincipalName = "USER_PRINCIPAL_NAME"
    PermissionsToStorage = ("get","list","listsas","delete","set","update","regeneratekey","recover","backup","restore","purge")
}

上述脚本工作成功。

Set-AzKeyVaultAccessPolicy @accessPolicy

错误

Set-AzKeyVaultAccessPolicy: Cannot validate argument on parameter 'VaultName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
如果我尝试在访问策略块中将Name替换为VaultName,例如
VaultName = $keyVault.VaultName,结果为:
Set-AzKeyVaultAccessPolicy: Operation returned an invalid status code 'NotFound'

以上错误的原因是什么,谁能帮我一下我做错了什么。

w6lpcovy

w6lpcovy1#

错误“Set-AzKeyVaultAccessPolicy:操作返回无效状态代码'NotFound'“,如果未找到资源i。e.执行脚本时密钥存储库名称未正确传递或为空。
当我执行相同的脚本时,我得到了如下**NotFound**错误:

在此,当密钥库创建时发生错误,随后是访问策略设置。它需要几秒钟的时间来创建。

**New-AzKeyVault创建密钥库,$keyVault.VaultName**的值将为空,因为创建密钥库和设置访问策略之间没有秒的间隔。

作为解决方法,您可以添加**Start-Sleep -Seconds 2.5**如下:

#Prefix for resources
$prefix = "cmk"

#Basic variables
$location = "eastus"
$id = Get-Random -Minimum 1000 -Maximum 9999

#Log into Azure
Add-AzAccount

#Select the correct subscription
Get-AzSubscription -SubscriptionName "Free Trial" | Select-AzSubscription

#Create a resource group for Key Vault
$keyVaultGroup = New-AzResourceGroup -Name "$prefix-key-vault-$id-rg" -Location $location

#Create a new Key Vault
$keyVaultParameters = @{
    Name = "$prefix-key-vault-$id"
    ResourceGroupName = $keyVaultGroup.ResourceGroupName
    Location = $location
    Sku = "Premium"
}

$keyVault = New-AzKeyVault @keyVaultParameters

Start-Sleep -Seconds 2.5

#Grant yourself access to the Key Vault
# Give your user principal access to all storage account permissions, on your Key Vault instance
$accessPolicy = @{
    VaultName = $keyVault.VaultName
    UserPrincipalName = "ruk@xxx.onmicrosoft.com"
    PermissionsToStorage = ("get","list","listsas","delete","set","update","regeneratekey","recover","backup","restore","purge")
}

Set-AzKeyVaultAccessPolicy @accessPolicy

否则,先创建密钥库,然后单独设置访问策略,如下所示:

$accessPolicy = @{
    VaultName = $keyVault.VaultName
    UserPrincipalName = "ruk@xxx.onmicrosoft.com"
    PermissionsToStorage = ("get","list","listsas","delete","set","update","regeneratekey","recover","backup","restore","purge")
}

Set-AzKeyVaultAccessPolicy @accessPolicy
$accessPolicy

访问策略创建成功如下:

相关问题