创建了AKS集群和ACR之后,我现在try 以编程方式授予AKS集群AcrPull角色.
目前,我正在try 使用Golang SDK中的RoleAssignmentsClient.Create()函数来实现这一点.
以下是我到目前为止try 过的:
AcrPullDefinitionID := "/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d"
// pulled that ^ off of: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#acrpull
providerNamespace := "/providers/Microsoft.ContainerService/managedClusters/"
scope := "/subscriptions/" + subscriptionID + "/resourceGroups/" + resourceGroupName + providerNamespace + resourceName
res, err := raClient.Create(ctx, scope, roleAssigmentName, armauthorization.RoleAssignmentCreateParameters{
Properties: &armauthorization.RoleAssignmentProperties{
PrincipalID: to.Ptr(clientID),
PrincipalType: to.Ptr(armauthorization.PrincipalTypeServicePrincipal),
RoleDefinitionID: to.Ptr("/subscriptions/" + subscriptionID + AcrPullDefinitionID),
},
}, nil)
当我使用上面的值进行调用时,我得到以下错误:
for resource: {AKSClusterName} of type: /providers/Microsoft.ContainerService/managedClusters/
Unable to create roleAssignment: PUT https://management.azure.com/subscriptions/{subscriptionID}/resourceGroups/{resourceGroup}/providers/Microsoft.ContainerService/managedClusters/{AKSClusterName}/providers/Microsoft.Authorization/roleAssignments/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d
--------------------------------------------------------------------------------
RESPONSE 405: 405 Method Not Allowed
ERROR CODE UNAVAILABLE
--------------------------------------------------------------------------------
{
"message": "The requested resource does not support http method 'PUT'."
}
--------------------------------------------------------------------------------
我不确定这是一个概念上的误解,还是我只是错误地使用了API.
任何帮助都将不胜感激.谢谢!