我部署了两个连接office365和sharepointonline以与逻辑应用程序(标准)一起使用。这两个连接都是通过 ARM 模板以及逻辑应用程序(标准)创建的。当我通过管道将连接添加到逻辑应用程序时,它缺少访问策略 - 我认为这些是自动生成的?
连接ARM模板:
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[variables('connections_office365_name')]",
"location": "[variables('primaryLocation')]",
"tags": "[variables('tags')]",
"kind": "V2",
"properties": {
"displayName": "Name",
"statuses": [
{
"status": "Connected"
}
],
"customParameterValues": {},
"nonSecretParameterValues": {},
"createdTime": "2024-03-26T09:34:43.4138095Z",
"changedTime": "2024-04-04T20:52:07.4299297Z",
"api": {
"name": "office365",
"displayName": "Office 365 Outlook",
"description": "Microsoft Office 365 is a cloud-based service that is designed to help meet your organization's needs for robust security, reliability, and user productivity.",
"iconUri": "[concat('https://connectoricons-prod.azureedge.net/releases/v1.0.1676/1.0.1676.3617/', variables('connections_office365_name'), '/icon.png')]",
"brandColor": "#0078D4",
"id": "[concat('/subscriptions/',parameters('subscriptionId'),'/providers/Microsoft.Web/locations/uksouth/managedApis/', variables('connections_office365_name'))]",
"type": "Microsoft.Web/locations/managedApis"
},
"testLinks": [
{
"requestUri": "[concat('https://management.azure.com:443/subscriptions/', parameters('subscriptionId'), '/resourceGroups/', parameters('resourceGroup'), '/providers/Microsoft.Web/connections/', variables('connections_office365_name'), '/extensions/proxy/testconnection?api-version=2016-06-01')]",
"method": "get"
}
]
}
}
然后这是我用来尝试将连接添加到逻辑应用程序(标准)的 connection.json 文件
{
"managedApiConnections": {
"office365": {
"api": {
"id": "/subscriptions/@appsetting('WORKFLOWS_SUBSCRIPTION_ID')/providers/Microsoft.Web/locations/@appsetting('WORKFLOWS_LOCATION_NAME')/managedApis/office365"
},
"authentication": {
"type": "ManagedServiceIdentity"
},
"connection": {
"id": "/subscriptions/@appsetting('WORKFLOWS_SUBSCRIPTION_ID')/resourceGroups/@appsetting('WORKFLOWS_RESOURCE_GROUP_NAME')/providers/Microsoft.Web/connections/office365"
},
"connectionRuntimeUrl": "@appsetting('OFFICE365_CONNECTIONURL')"
}
}
我错过了什么吗?
我期待连接的状态'已连接。
访问策略不是自动生成。您确实需要将它们包含在模板中,如下所示 -
{
"type": "Microsoft.Web/connections/accessPolicies",
"apiVersion": "2016-06-01",
"name": "[concat(variables('connections_office365_name'),'/','<object-ID>')]",
"location": "[variables('primaryLocation')]",
"dependsOn": [
"[resourceId('Microsoft.Web/connections', variables('connections_office365_name'))]"
],
"properties": {
"principal": {
"type": "ActiveDirectory",
"identity": {
"objectId": "<object-ID>",
"tenantId": "[subscription().tenantId]"
}
}
}
}
其中
<object-ID>
是 Microsoft Entra 身份的对象 ID。
正如@10p提到的,
Microsoft.Web/connections
只会创建API连接,不会自动添加访问策略。根据官方文档使用支持 Azure Arc 的逻辑应用程序(预览版)创建和部署基于单租户的逻辑应用程序工作流,您需要为每个托管 API 连接包含以下资源定义并提供以下信息:
{
"type": "Microsoft.Web/connections/accessPolicies",
"apiVersion": "2016-06-01",
"name": "[concat('<connection-name>'),'/','<object-ID>')]",
"location": "<location>",
"dependsOn": [
"[resourceId('Microsoft.Web/connections', parameters('connection_name'))]"
],
"properties": {
"principal": {
"type": "ActiveDirectory",
"identity": {
"objectId": "<object-ID>",
"tenantId": "<tenant-ID>"
}
}
}
}