批准了 DFS 的 Synapse 私有托管端

问题描述 投票:0回答:1

我有一个 Terraform 脚本,用于创建 Synapse 托管专用端点 (PEP)。

PEP 是通过 Terraform 在 Synapse 中创建的,但对于“dfs”(Az 存储帐户 - datalake),执行 PEP 批准的 Terraform 代码(执行 Powershell)似乎不起作用。我已调试并运行该脚本,并将 PEP 视为待处理并运行“az 网络专用端点连接批准”,但这并未反映在 Azure 门户和 Synapse 中已批准。

$text = $(az network private-endpoint-connection list --id "/subscriptions/XXXXXX/resourceGroups/isl-lds-ABC-solution-rg/providers/Microsoft.Storage/storageAccounts/XXXXXXXdatalakesa")    
          $json = $text | ConvertFrom-Json

          foreach($connection in $json)
          {   
            $privateEndpointConnectionId = $connection.id    
            $privateEndpointId = $connection.properties.privateEndpoint.id    
            $status = $connection.properties.privateLinkServiceConnectionState.status 

            Write-Host '*********************'
            Write-Host 'Current Status:'

            Write-Host 'privateEndpointConnectionId:'
            Write-Host $privateEndpointConnectionId
            
            Write-Host 'privateEndpointId:'
        Write-Host $privateEndpointId
            Write-Host $status       

            if($status -eq "Pending"){
              Write-Host ''
              Write-Host 'About to Approve:'
              Write-Host $privateEndpointConnectionId
              Write-Host $status
              az network private-endpoint-connection approve --id $privateEndpointConnectionId --description "Approved in Terraform"
            }
          };

azure-synapse terraform-provider-azure azure-cli
1个回答
0
投票

批准了 DFS 的 Synapse 私有托管端 “az 网络专用端点连接批准”,但这并未反映在 Azure 门户和 Synapse 中已批准

Terraforms 配置程序中的 

endpointid
命令语法似乎可能存在问题。

要在 Terraform 中使用 

private-endpoint-connection
批准 
PowerShell
状态,您可以使用以下命令将值存储在变量中。

endpointid=$(az network private-endpoint-connection list --id "${azurerm_storage_account.example.id}" --query "[?properties.privateLinkServiceConnectionState.status=='Pending'].id" -o tsv)

这里是用于创建私有端点并批准连接的更新代码。

provider "azurerm"{
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "synapse-resources"
  location = "West Europe"
  lifecycle {
  ignore_changes = all 
  }
}

resource "azurerm_virtual_network" "example" {
  name                = "synapse1-network"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  lifecycle {
  ignore_changes = all 
  }
}


resource "azurerm_subnet" "service" {
  name                 = "service"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.1.0/24"]
  lifecycle {
  ignore_changes = all 
  }
}

resource "azurerm_storage_account" "example" {
  name                     = "demosynapsetest"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
  account_kind             = "StorageV2"
  is_hns_enabled           = "true"
  lifecycle {
  ignore_changes = all 
  }
}

resource "azurerm_storage_data_lake_gen2_filesystem" "data_lake_g2fs" {
  name               =  "demostorage"
  storage_account_id =  azurerm_storage_account.example.id
  lifecycle {
  ignore_changes = all 
  }
}

   
# create azure synapse
resource "azurerm_synapse_workspace" "synapse" {
  name                            = "samplesynapse"
  resource_group_name             = azurerm_resource_group.example.name
  location                        = azurerm_resource_group.example.location
  storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.data_lake_g2fs.id
  managed_resource_group_name     = "${azurerm_resource_group.example.name}-syn-managed"
  managed_virtual_network_enabled = true
  public_network_access_enabled   = false
  data_exfiltration_protection_enabled = true
  sql_administrator_login              = "Venkatsql"
  sql_administrator_login_password     = "Welcome@123$"
      identity {
    type = "SystemAssigned"
  }  
}


resource "azurerm_private_endpoint" "example" {
  name                = "demoendpoint"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  subnet_id           = azurerm_subnet.service.id

  private_service_connection {
    name                           = "sample-connection"
    is_manual_connection           = true
    private_connection_resource_id = azurerm_storage_account.example.id
    subresource_names              = ["blob"]
    request_message                   = "Approval for Private Endpoint connection"
  }
}

resource "null_resource" "powershell" {
  triggers = {
    dummy = "${timestamp()}"
  }
  provisioner "local-exec" {
    command = <<-EOT
      endpointid=$(az network private-endpoint-connection list --id "${azurerm_storage_account.example.id}" --query "[?properties.privateLinkServiceConnectionState.status=='Pending'].id" -o tsv)
      az network private-endpoint-connection approve --id "$endpointid" --description "Approved in Terraform"
    EOT
  }
  depends_on = [azurerm_private_endpoint.example]
}

批准之前

enter image description here

执行代码后,连接状态已被approved

enter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.