带有托管标识的事件网格API连接的ARM模板
带有托管标识的事件网格API连接的ARM模板
提问于 2021-01-27 01:11:30
从Logic创建新的事件网格连接时,可以从以下3种身份验证方法中选择连接:
- 登录
- 服务主体
- 托管身份
#1在中登录需要用户以交互方式登录/验证。
#2服务主体要求提供租户、客户ID和客户端机密值。
显然,需要修改用于这种API连接的ARM模板:需要按以下方式添加parameterValues。
"parameterValues": {
"token:clientId": "[parameters('ConnectionClientId')]",
"token:clientSecret": "[parameters('ConnectionClientSecret')]",
"token:TenantId": "[parameters('ConnectionTenantId')]",
"token:resourceUri": "https://management.core.windows.net/",
"token:grantType": "client_credentials"
}#3托管标识只需要选择托管标识。虽然很清楚如何以交互方式创建这样的API连接,但我无法找到任何有关ARM模板格式的信息,以用于这种身份验证方法。
所以问题是--事件网格连接的ARM模板与托管标识(update:user assigned)到底应该是什么样子?因此创建的API连接如下所示:
更新:我需要在Logic中使用指定的用户托管标识。下面提供的答案适用于系统分配的托管标识,但不适用于用户分配的身份。如果有人可以为使用用户分配的托管标识的API连接提供ARM模板,我们将不胜感激。
回答 4
Stack Overflow用户
回答已采纳
发布于 2021-12-06 14:10:04
由于您可以拥有多个用户管理标识,仅仅选择ManagedServiceIdentity是不够的。相反,您必须包含要使用的标识的ID。
扩展@jim-许的回答:
例如,连接:
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[variables('eventApiConnectionName')]",
"location": "[resourceGroup().location]",
"kind": "V1",
"tags": "[parameters('resourceTags')]",
"properties": {
"displayName": "[variables('eventApiConnectionName')]",
"customParameterValues": {},
"api": {
"id": "[subscriptionResourceId('Microsoft.Web/locations/managedApis', resourceGroup().location, 'azureeventgrid')]"
},
"parameterValueType": "Alternative"
}
}这里的parameterValueType是一个重要的设置。正如MicroSoft文档化中所指出的
如果您使用ARM模板自动部署,并且逻辑应用工作流包括使用托管标识的托管连接器触发器或操作,请确认底层连接资源定义包括以替代作为属性值的parameterValueType属性。否则,ARM部署将不会设置连接以使用托管标识进行身份验证.
然后,逻辑应用程序引用该连接,并将标识作为resourceId包括在内:
"$connections": {
"value": {
"azureeventgrid": {
"connectionId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/connections/', variables('eventApiConnectionName'))]",
"connectionName": "[variables('eventApiConnectionName')]",
"connectionProperties": {
"authentication": {
"type": "ManagedServiceIdentity",
"identity": "[parameters('userManagedIdentity')]"
}
},
"id": "[concat('/subscriptions/',subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azureeventgrid')]"
}
}
}注意在事件网格连接的identity部分中添加了authentication字段。
有关这方面的更多信息,请参见MicroSoft文档:https://learn.microsoft.com/en-us/azure/logic-apps/create-managed-service-identity?tabs=consumption#create-user-assigned-identity-in-an-arm-template-consumption-only。
标识值应该是托管标识的ID。您可以通过Azure门户查看托管标识的JSON视图。
Stack Overflow用户
发布于 2021-02-02 13:47:36
答案似乎是,目前看来,这仍在预览(afaik)
要使用ARM模板创建托管标识api连接,需要包含"parameterValueType":"Alternative“
"properties": {
"displayName": "ARM API connection",
"customParameterValues": {},
"parameterValueType": "Alternative",
"api": {
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/arm')]"
}
}我没有发现任何关于这个财产的文件。我发现的唯一原因是查看了我使用门户创建的api连接的原始json (json视图)。
Stack Overflow用户
发布于 2021-08-12 00:15:34
我有一个ARM模板,它将部署事件网格、自定义主题和Logic,并使用托管标识连接订阅。
ARM模板是:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workflows_lgeventgridtriggermaindev_name": {
"type": "String"
},
"topics_eglogicappscratchtestdev_externalid": {
"type": "String"
},
"topics_eglogicappscratchtestdev_name": {
"type": "String"
},
"topics_eglogicappscratchtestdev_lgsubscriptionName": {
"type": "String"
},
"LogicAppLocation": {
"type": "string",
"minLength": 1,
"defaultValue": "northeurope"
},
"azureeventgrid_1_Connection_Name": {
"type": "string",
"defaultValue": "azureeventgrid"
},
"azureeventgrid_1_Connection_DisplayName": {
"type": "string",
"defaultValue": "lgapiegscratch"
}
},
"variables": {
"targetLogicApp": {
"triggerId": "[resourceId('Microsoft.Logic/workflows/triggers', parameters('workflows_lgeventgridtriggermaindev_name'), 'When_a_resource_event_occurs')]"
}
},
"resources": [
{
"type": "Microsoft.EventGrid/topics",
"apiVersion": "2021-06-01-preview",
"name": "[parameters('topics_eglogicappscratchtestdev_name')]",
"location": "uksouth",
"sku": {
"name": "Basic"
},
"kind": "Azure",
"identity": {
"type": "None"
},
"properties": {
"inputSchema": "EventGridSchema",
"publicNetworkAccess": "Enabled"
}
},
{
"type": "MICROSOFT.WEB/CONNECTIONS",
"apiVersion": "2018-07-01-preview",
"name": "[parameters('azureeventgrid_1_Connection_Name')]",
"location": "[parameters('LogicAppLocation')]",
"properties": {
"api": {
"id": "[concat(subscription().id, '/providers/Microsoft.Web/locations/', parameters('LogicAppLocation'), '/managedApis/', 'azureeventgrid')]"
},
"displayName": "[parameters('azureeventgrid_1_Connection_DisplayName')]",
"parameterValueType": "Alternative"
}
},
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2017-07-01",
"name": "[parameters('workflows_lgeventgridtriggermaindev_name')]",
"location": "[parameters('LogicAppLocation')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"state": "Enabled",
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"actions": {
"getTopicData": {
"type": "Compose",
"inputs": "@triggerBody()?['data']",
"runAfter": {}
}
},
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"When_a_resource_event_occurs": {
"type": "ApiConnectionWebhook",
"inputs": {
"host": {
"connection": {
"name": "@parameters('$connections')['azureeventgrid']['connectionId']"
}
},
"body": {
"properties": {
"topic": "[parameters('topics_eglogicappscratchtestdev_externalid')]",
"destination": {
"endpointType": "webhook",
"properties": {
"endpointUrl": "@{listCallbackUrl()}"
}
},
"filter": {
"includedEventTypes": [
"TriggerLogicApp"
],
"subjectBeginsWith": "Main"
}
}
},
"path": "[concat('/subscriptions/@{encodeURIComponent(''', subscription().subscriptionId, ''')}/providers/@{encodeURIComponent(''Microsoft.EventGrid.Topics'')}/resource/eventSubscriptions')]",
"queries": {
"x-ms-api-version": "2017-06-15-preview"
}
},
"splitOn": "@triggerBody()"
}
},
"contentVersion": "1.0.0.0",
"outputs": {}
},
"parameters": {
"$connections": {
"value": {
"azureeventgrid": {
"id": "[concat(subscription().id, '/providers/Microsoft.Web/locations/', parameters('LogicAppLocation'), '/managedApis/', 'azureeventgrid')]",
"connectionId": "[resourceId('Microsoft.Web/connections', parameters('azureeventgrid_1_Connection_Name'))]",
"connectionName": "[parameters('azureeventgrid_1_Connection_Name')]",
"connectionProperties": {
"authentication": {
"type": "ManagedServiceIdentity"
}
}
}
}
}
}
},
"tags": {
"displayName": "LogicApp"
},
"dependsOn": [
"[resourceId('Microsoft.Web/connections', parameters('azureeventgrid_1_Connection_Name'))]",
"[resourceId('Microsoft.EventGrid/topics', parameters('topics_eglogicappscratchtestdev_name'))]"
]
},
{
"name": "[parameters('topics_eglogicappscratchtestdev_lgsubscriptionName')]",
"scope": "[format('Microsoft.EventGrid/topics/{0}', parameters('topics_eglogicappscratchtestdev_name'))]",
"type": "Microsoft.EventGrid/eventSubscriptions",
"location": "[parameters('LogicAppLocation')]",
"apiVersion": "2020-04-01-preview",
"properties": {
"destination": {
"endpointType": "WebHook",
"properties": {
"endpointUrl": "[listCallbackUrl(variables('TargetLogicApp').triggerId, '2019-05-01').value]"
}
},
"filter": {
"subjectBeginsWith": "Main",
"includedEventTypes": [
"TriggerLogicApp"
]
}
},
"dependsOn": [
"[resourceId('Microsoft.Web/connections', parameters('azureeventgrid_1_Connection_Name'))]"
]
}
]
}一个示例参数文件是:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workflows_lgeventgridtriggermaindev_name": {
"value": "lgeventgridtriggerscratch"
},
"topics_eglogicappscratchtestdev_externalid": {
"value": "/subscriptions/<subscriptionid>/resourceGroups/<resourcegroupname>/providers/Microsoft.EventGrid/topics/eglogicappscratch"
},
"topics_eglogicappscratchtestdev_name": {
"value": "eglogicappscratch"
},
"topics_eglogicappscratchtestdev_lgsubscriptionName": {
"value": "lgeventgridtriggerscratchsub"
},
"LogicAppLocation": {
"value": "uksouth"
},
"azureeventgrid_1_Connection_Name": {
"value": "azureeventgrid"
},
"azureeventgrid_1_Connection_DisplayName": {
"value": "lgapiegscratch"
}
}
}当我将这个模板加载到VisualStudio2019中时,我在这里看到了一个我已经记录过的问题:
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/65915994
复制相关文章
相似问题
腾讯云开发者
