您好,我正在尝试使用二头肌为 Key Vault、服务总线和存储帐户创建 API 连接。不幸的是没有看到微软方面的明确文档。
使用以下代码创建了 API 连接(Azure Key Vault、服务总线和存储帐户),部署成功,但连接进入错误状态。
resource ServicebusApiCon 'Microsoft.Web/connections@2016-06-01' = {
name: 'servicebus'
location: Location
kind: 'V2'
properties: {
displayName: 'servicebus'
api: {
name: 'servicebus'
description: 'Connect to Azure Serice Bus to send and receive messages'
id: '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Web/
locations/${Location}/managedApis/servicebus'
type: 'Microsoft.Web/locations/managedApis'
}
}
}
resource keyvaultApiCon 'Microsoft.Web/connections@2016-06-01' = {
name: 'keyvault'
location: Location
kind: 'V2'
properties: {
displayName: 'keyvault'
api:{
id: '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Web/
locations/${Location}/managedApis/keyvault'
displayName: ' Azure key vault'
type: 'Microsoft.Web/locations/managedApis'
}
}
}
resource blobApiConnection 'Microsoft.Web/connections@2016-06-01' = {
name: 'azureblob'
location: Location
kind: 'V2'
properties: {
displayName: 'azureblob'
api: {
name: 'azureblob'
displayName: 'Azure Blob storage'
id: '/subscriptions/${subscription().subscriptionId}/providers
/Microsoft.Web/locations/${Location}/managedApis/azureblob'
}
}
}
如果我做错了什么或遗漏了什么,你可以建议我吗
说实话,这些连接 api 根本没有记录...... 最好的办法是从 Azure 门户创建它们,并打开网络选项卡,以便您可以查看发送的请求:
从那里我能够为
创建连接密钥库:
param logicAppName string
param location string = resourceGroup().location
param keyVaultName string
param name string = 'keyvault'
// Get a reference to the existing logic app
resource logicApp 'Microsoft.Web/sites@2021-03-01' existing = {
name: logicAppName
}
resource keyvaultConnector 'Microsoft.Web/connections@2018-07-01-preview' = {
name: name
location: location
kind: 'V2'
properties: {
displayName: name
parameterValueType: 'Alternative'
alternativeParameterValues: {
vaultName: keyVaultName
}
api: {
id: subscriptionResourceId('Microsoft.Web/locations/managedApis', location, 'keyvault')
type: 'Microsoft.Web/locations/managedApis'
}
}
}
// Grant permission to the logic app standard to access the connection api
resource keyvaultConnectorAccessPolicy 'Microsoft.Web/connections/accessPolicies@2018-07-01-preview' = {
name: logicAppName
parent: keyvaultConnector
location: location
properties: {
principal: {
type: 'ActiveDirectory'
identity: {
tenantId: subscription().tenantId
objectId: logicApp.identity.principalId
}
}
}
}
output connectionRuntimeUrl string = keyvaultConnector.properties.connectionRuntimeUrl
服务巴士:
param logicAppName string
param location string = resourceGroup().location
param servicebusName string
param name string = 'servicebus'
// Get a reference to the existing logic app
resource logicApp 'Microsoft.Web/sites@2021-03-01' existing = {
name: logicAppName
}
resource servicebusConnector 'Microsoft.Web/connections@2018-07-01-preview' = {
name: name
location: location
kind: 'V2'
properties: {
api: {
id: subscriptionResourceId('Microsoft.Web/locations/managedApis', location, 'servicebus')
}
displayName: name
parameterValueSet: {
name: 'managedIdentityAuth'
values: {
namespaceEndpoint: {
value: 'sb://${servicebusName}.servicebus.windows.net/'
}
}
}
}
}
// Grant permission to the logic app standard to access the connection api
resource servicebusConnectorAccessPolicy 'Microsoft.Web/connections/accessPolicies@2018-07-01-preview' = {
name: logicAppName
parent: servicebusConnector
location: location
properties: {
principal: {
type: 'ActiveDirectory'
identity: {
tenantId: subscription().tenantId
objectId: logicApp.identity.principalId
}
}
}
}
output connectionRuntimeUrl string = servicebusConnector.properties.connectionRuntimeUrl
您仍然需要向托管标识授予访问密钥保管库或服务总线的权限。
您还需要更新
connectionRuntimeUrl
,因此可能为此创建一个应用程序设置,以便更容易更新:
我已按照上述服务总线管理连接器的说明进行操作。但我仍然需要从设计师那里手动进行授权。不知道我错过了什么。