我想使用 bicep 在我的资源组中部署 sql server 并将 entra 组分配为管理员。接下来还有 dacpac 部署任务。每次我尝试时,我要么得到“参数登录给出的值无效”或“参数密码给出的值无效”
这是模板
resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = {
name:
location:
properties: {
administratorLogin: ''
administratorLoginPassword: guid()
minimalTlsVersion: '1.2'
administrators: {
administratorType: 'ActiveDirectory'
principalType: 'Group'
login: sqlServerLoginName
sid: sqlServerGroupObjectId
tenantId: subscription().tenantId
azureADOnlyAuthentication: true
}
version: '12.0'
}
identity:{
type: 'SystemAssigned'
}
}
resource sqlServerDatabase 'Microsoft.Sql/servers/databases@2021-11-01' = {
parent: sqlServer
name:
location:
sku:
properties: {
maxSizeBytes: 1073741824
}
}
resource sqlServerAdminResource 'Microsoft.Sql/servers/administrators@2023-05-01-preview' = {
parent: sqlServer
name: 'ActiveDirectory'
properties: {
administratorType: 'ActiveDirectory'
login: sqlServerLoginName
sid: sqlServerGroupObjectId
tenantId: subscription().tenantId
}
}
resource sqlServerAzureAdOnly 'Microsoft.Sql/servers/azureADOnlyAuthentications@2023-05-01-preview' = {
name: ''
parent: sqlServer
properties: {
azureADOnlyAuthentication: true
}
dependsOn:[sqlServerAdminResource ]
}
Dacpac 部署任务供参考
- task: SqlAzureDacpacDeployment@1
displayName: Deploy DB
inputs:
azureSubscription:
AuthenticationType: servicePrincipal
ServerName: '***.database.windows.net'
DatabaseName: ''
deployType: 'DacpacTask'
DeploymentAction: 'Publish'
DacpacFile: '***\Database.dacpac'
AdditionalArguments: ''
IpDetectionMethod: 'IPAddressRange'
StartIpAddress: '0.0.0.0'
EndIpAddress: '0.0.0.0'
DeleteFirewallRule: true
我尝试了多种推荐的变体,但似乎没有任何效果。
部署失败:服务器 Active Directory 管理员类型应为 ActiveDirectory(代码:InvalidServerAdministratorTypePropertyName):
感谢@Thomas您对上述问题的意见。经过评论部分的讨论后,我添加了以下解决方法来解决您的问题。
Microsoft.Sql/servers/azureADOnlyAuthentications
才能部署仅使用 AzureADOnly
身份验证的 SQL Server。请参考下面的代码。
param administratorLogin string = 'roots'
param administratorLoginPassword string = 'xxxx'
param location string = resourceGroup().location
resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = {
name: 'sqlserverjah'
location: location
properties: {
administratorLogin: administratorLogin
administratorLoginPassword: administratorLoginPassword
}
}
resource sqlAdminsResource 'Microsoft.Sql/servers/administrators@2023-05-01-preview' = {
parent: sqlServer
name: 'sqlserverName-ActiveDirectory'
properties: {
administratorType: 'ActiveDirectory'
login: administratorLogin
sid: 'xxxx'
tenantId: subscription().tenantId
}
}
resource AzureAdOnly 'Microsoft.Sql/servers/azureADOnlyAuthentications@2023-05-01-preview' = {
name: 'Default'
parent: sqlServer
properties: {
azureADOnlyAuthentication: true
}
dependsOn: [sqlAdminsResource]
}