SQL 部署 Bicep MS Entra Group

Question

我想使用 bicep 在我的资源组中部署 sql server 并将 entra 组分配为管理员。接下来还有 dacpac 部署任务。每次我尝试时，我要么得到“参数登录给出的值无效”或“参数密码给出的值无效”

这是模板

resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = {
  name: 
  location: 
  properties: {
    administratorLogin: ''
    administratorLoginPassword: guid()
    minimalTlsVersion: '1.2'
    administrators: {
      administratorType: 'ActiveDirectory'
      principalType: 'Group'
      login: sqlServerLoginName
      sid: sqlServerGroupObjectId
      tenantId: subscription().tenantId
      azureADOnlyAuthentication: true
    }
    version: '12.0'
  }
  identity:{
    type: 'SystemAssigned'
  }
}

resource sqlServerDatabase 'Microsoft.Sql/servers/databases@2021-11-01' = {
  parent: sqlServer
  name: 
  location: 
  sku: 
  properties: {
    maxSizeBytes: 1073741824
  }
}

resource sqlServerAdminResource 'Microsoft.Sql/servers/administrators@2023-05-01-preview' = {
  parent: sqlServer
  name: 'ActiveDirectory'
  properties: {
        administratorType: 'ActiveDirectory'
        login: sqlServerLoginName
        sid: sqlServerGroupObjectId
        tenantId: subscription().tenantId
    }  
}


resource sqlServerAzureAdOnly 'Microsoft.Sql/servers/azureADOnlyAuthentications@2023-05-01-preview' = {
  name: ''
  parent: sqlServer
  properties: {
    azureADOnlyAuthentication: true
  }
  dependsOn:[sqlServerAdminResource ]
}

Dacpac 部署任务供参考

- task: SqlAzureDacpacDeployment@1
        displayName: Deploy DB
        inputs:
          azureSubscription: 
          AuthenticationType: servicePrincipal
          ServerName: '***.database.windows.net'
          DatabaseName: ''
          deployType: 'DacpacTask'
          DeploymentAction: 'Publish'
          DacpacFile: '***\Database.dacpac'
          AdditionalArguments: ''
          IpDetectionMethod: 'IPAddressRange'
          StartIpAddress: '0.0.0.0'
          EndIpAddress: '0.0.0.0'
          DeleteFirewallRule: true

我尝试了多种推荐的变体，但似乎没有任何效果。

Answer 1

部署失败：服务器 Active Directory 管理员类型应为 ActiveDirectory（代码：InvalidServerAdministratorTypePropertyName）：

感谢@Thomas您对上述问题的意见。经过评论部分的讨论后，我添加了以下解决方法来解决您的问题。

您需要添加

Microsoft.Sql/servers/azureADOnlyAuthentications

才能部署仅使用

AzureADOnly

身份验证的 SQL Server。请参考下面的代码。

param administratorLogin string = 'roots'
param administratorLoginPassword string = 'xxxx'
param location string = resourceGroup().location
resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = {
  name: 'sqlserverjah'
  location: location
  properties: {
    administratorLogin: administratorLogin
    administratorLoginPassword: administratorLoginPassword
  }
}

resource sqlAdminsResource 'Microsoft.Sql/servers/administrators@2023-05-01-preview' = {
  parent: sqlServer
  name: 'sqlserverName-ActiveDirectory'
  properties: {
    administratorType: 'ActiveDirectory'
    login: administratorLogin
    sid: 'xxxx'
    tenantId: subscription().tenantId
  }
}

resource AzureAdOnly 'Microsoft.Sql/servers/azureADOnlyAuthentications@2023-05-01-preview' = {
  name: 'Default'
  parent: sqlServer
  properties: {
    azureADOnlyAuthentication: true
  }
  dependsOn: [sqlAdminsResource]
}

enter image description here

SQL 部署 Bicep MS Entra Group

问题描述投票：0回答：1

1个回答

最新问题

SQL 部署 Bicep MS Entra Group

问题描述 投票：0回答：1

1个回答

最新问题

问题描述投票：0回答：1