[英]Custom Metrics against a VM in Azure
I am getting authorization error on 'Microsoft.Insights/Metrics/write' 我在“ Microsoft.Insights / Metrics / write”上收到授权错误
I have a virtual machine resource and a service principle that has contributor role. 我有一个虚拟机资源和一个具有贡献者角色的服务原则。 I am trying to emit metrics against a virtual machine resource.
我正在尝试针对虚拟机资源发出指标。 Following the guide here: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/metrics-store-custom-rest-api
请按照此处的指南进行操作: https : //docs.microsoft.com/zh-cn/azure/azure-monitor/platform/metrics-store-custom-rest-api
But I am getting this error: 但我收到此错误:
{"error":{"code":"AuthenticationFailed","message":"The Azure AD object '0f6a81eb-8950-43eb-989a-f715fb84e4e2' does not have permissions to perform action 'Microsoft.Insights/Metrics/write' over scope '/subscriptions/ba0583bb-4130-4d7b-bfe4-0c7597857323/resourceGroups/sample-PM-LA-resourceGrp/providers/Microsoft.Compute/virtualMachines/sample-PM-virtualMachine'. "}} {“错误”:{“代码”:“ AuthenticationFailed”,“消息”:“ Azure AD对象'0f6a81eb-8950-43eb-989a-f715fb84e4e2'没有执行操作'Microsoft.Insights / Metrics / write'的权限超出范围'/subscriptions/ba0583bb-4130-4d7b-bfe4-0c7597857323/resourceGroups/sample-PM-LA-resourceGrp/providers/Microsoft.Compute/virtualMachines/sample-PM-virtualMachine'。“}}
Here is what I am doing: 这是我在做什么:
curl -X POST https://westus2.monitoring.azure.com/subscriptions/ba0583bb-4130-4d7b-bfe4-0c7597857323/resourceGroups/sample-PM-LA-resourceGrp/providers/Microsoft.Compute/virtualMachines/sample-PM-virtualMachine/metrics -H "Content-Type: application/json" -H "Authorization: Bearer <auth-code>" -d @custommetric.json
and the error I get: 和我得到的错误:
{"error":{"code":"AuthenticationFailed","message":"The Azure AD object '0f6a81eb-8950-43eb-989a-f715fb84e4e2' does not have permissions to perform action 'Microsoft.Insights/Metrics/write' over scope '/subscriptions/ba0583bb-4130-4d7b-bfe4-0c7597857323/resourceGroups/sample-PM-LA-resourceGrp/providers/Microsoft.Compute/virtualMachines/sample-PM-virtualMachine'. "}}
Does any one know why this happens? 有谁知道为什么会这样吗? I have the required permissions and the service principle has also been given the permission.
我具有必需的权限,并且服务原则也已获得权限。
I see that you mention that Service Principal created has Contributor
role. 我看到您提到创建的服务主体具有
Contributor
角色。
Microsoft Documentation specifically calls for Monitoring Metrics Publisher
role for the service principal. Microsoft文档专门要求服务主体具有
Monitoring Metrics Publisher
角色。
Additionaly, I see this GitHub thread very similar to your issue, where even the Owner
role for resource doesn't carry this specific permission, so it might not be very intuitive. 另外,我看到这个GitHub线程与您的问题非常相似,即使资源的
Owner
角色也没有此特定权限,因此它可能不是很直观。
So try adding Monitoring Metrics Publisher
role for Service Principal 因此,请尝试为Service Principal添加
Monitoring Metrics Publisher
角色
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.