如何通过ARM脚本将Azure AD组添加到Azure SQL数据库?

内容来源于 Stack Overflow,并遵循CC BY-SA 3.0许可协议进行翻译与使用

  • 回答 (1)
  • 关注 (0)
  • 查看 (84)

正在通过ARM脚本创建一个带有两个数据库和弹性池的新Azure SQL。这些是我的脚本

azure.deploy.ps1

{
  "$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "administratorLogin": {
      "type": "string",
      "metadata": {
        "description": "The SQL Server administrator login"
      }
    },
    "administratorLoginPassword": {
      "type": "securestring",
      "metadata": {
        "description": "The SQL Server administrator login password."
      }
    },
    "serverName": {
      "type": "string",
      "metadata": {
        "description": "The SQL Server name."
      }
    },
    "elasticPoolName": {
      "type": "string",
      "metadata": {
        "description": "The Elastic Pool name."
      }
    },
    "edition": {
      "type": "string",
      "defaultValue": "Standard",
      "allowedValues": [
        "Basic",
        "Standard",
        "Premium"
      ],
      "metadata": {
        "description": "The Elastic Pool edition."
      }
    },
    "poolDtu": {
      "type": "int",
      "metadata": {
        "description": "The Elastic Pool DTU."
      }
    },
    "databaseDtuMin": {
      "type": "int",
      "defaultValue": 0,
      "metadata": {
        "description": "The Elastic Pool database DTU min."
      }
    },
    "databaseDtuMax": {
      "type": "int",
      "metadata": {
        "description": "The Elastic Pool database DTU max."
      }
    },
    "databasesNames": {
      "type": "array",
      "defaultValue": [
        "db1",
        "db2"
      ],
      "metadata": {
        "description": "The SQL Databases names."
      }
    },
    "databaseCollation": {
      "type": "string",
      "defaultValue": "SQL_Latin1_General_CP1_CI_AS",
      "metadata": {
        "description": "The SQL Database collation."
      }
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "Location for all resources."
      }
    }
  },
  "variables": {},
  "resources": [
    {
      "apiVersion": "2014-04-01-preview",
      "location": "[parameters('location')]",
      "name": "[parameters('serverName')]",
      "properties": {
        "administratorLogin": "[parameters('administratorLogin')]",
        "administratorLoginPassword": "[parameters('administratorLoginPassword')]",
        "version": "12.0"
      },
      "type": "Microsoft.Sql/servers"
    },
    {
      "apiVersion": "2014-04-01",
      "dependsOn": [
        "[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
      ],
      "location": "[parameters('location')]",
      "name": "[concat(parameters('serverName'), '/', parameters('elasticPoolName'))]",
      "properties": {
        "edition": "[parameters('edition')]",
        "dtu": "[parameters('poolDtu')]",
        "databaseDtuMin": "[parameters('databaseDtuMin')]",
        "databaseDtuMax": "[parameters('databaseDtuMax')]"
      },
      "type": "Microsoft.Sql/servers/elasticPools"
    },
    {
      "type": "Microsoft.Sql/servers/databases",
      "name": "[concat(parameters('serverName'), '/', parameters('databasesNames')[copyIndex()])]",
      "location": "[parameters('location')]",
      "apiVersion": "2014-04-01-preview",
      "dependsOn": [
        "[concat('Microsoft.Sql/servers/', parameters('serverName'))]",
        "[concat('Microsoft.Sql/servers/', parameters('serverName') ,'/elasticpools/', parameters('elasticPoolName'))]"
      ],
      "properties": {
        "collation": "[parameters('databaseCollation')]",
        "requestedServiceObjectiveName": "ElasticPool",
        "elasticPoolName": "[parameters('elasticPoolName')]"
      },
      "copy": {
        "name": "addDatabasesInElasticPool",
        "count": "[length(parameters('databasesNames'))]"
      }
    },
    {
      "apiVersion": "2014-04-01-preview",
      "dependsOn": [
        "[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
      ],
      "location": "[parameters('location')]",
      "name": "[concat(parameters('serverName'), '/', 'AllowAllWindowsAzureIps')]",
      "properties": {
        "endIpAddress": "0.0.0.0",
        "startIpAddress": "0.0.0.0"
      },
      "type": "Microsoft.Sql/servers/firewallrules"
    }
  ]
}

这是参数文件:

azure.deploy.parameters.ps1

{
  "$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "administratorLogin": {
      "value": "bogblogsqldbadmin"
    },
    "serverName": {
      "value": "azrsqlsrv1"
    },
    "elasticPoolName": {
      "value": "azrsqlsrve1"
    },
    "poolDtu": {
      "value": 100
    },
    "databaseDtuMax": {
      "value": 100
    },
    "databasesNames": {
      "value": [ "asqldb11", "asqldb12" ]
    }
  }
}

想使用Azure AD和组对这些数据库上的用户进行身份验证。想直接在我的ARM脚本中添加这些组和用于使用Azure AD的配置。怎样才能做到这一点?

提问于
用户回答回答于

以下示例可能有所帮助

{
    "$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "SQL Administrator Login": {
            "type": "String"
        },
        "SQL Administrator Password": {
            "type": "SecureString"
        },
        "AAD Admin Login": {
            "type": "String"
        },
        "AAD Admin ObjectID": {
            "type": "String"
        },
        "AAD TenantId": {
            "type": "String"
        },
        "Location (Region)": {
            "type": "String"
        },
        "Server Name": {
            "type": "String"
        }
    },
    "variables": {},
    "resources": [
        {
            "type": "Microsoft.Sql/servers",
            "name": "[parameters('Server Name')]",
            "apiVersion": "2014-04-01-preview",
            "location": "[parameters('Location (Region)')]",
            "properties": {
                "administratorLogin": "[parameters('SQL Administrator Login')]",
                "administratorLoginPassword": "[parameters('SQL Administrator Password')]",
                "version": "12.0"
            },
            "resources": [
                {
                    "type": "firewallrules",
                    "name": "AllowAllWindowsAzureIps",
                    "apiVersion": "2014-04-01-preview",
                    "location": "[parameters('Location (Region)')]",
                    "properties": {
                        "endIpAddress": "0.0.0.0",
                       "startIpAddress": "0.0.0.0"
                    },
                    "dependsOn": [
                        "[concat('Microsoft.Sql/servers/', parameters('Server Name'))]"
                    ]
                },
                {
                    "type": "administrators",
                    "name": "activeDirectory",
                    "apiVersion": "2014-04-01-preview",
                    "location": "[parameters('Location (Region)')]",
                    "properties": {
                        "administratorType": "ActiveDirectory",
                        "login": "[parameters('AAD Admin Login')]",
                        "sid": "[parameters('AAD Admin ObjectID')]",
                        "tenantId": "[parameters('AAD TenantID')]"
                    },
                    "dependsOn": [
                        "[concat('Microsoft.Sql/servers/', parameters('Server Name'))]"
                    ]
                }
            ]
        }
    ]
}

扫码关注云+社区

领取腾讯云代金券