我正在通过ARM脚本创建一个包含两个数据库和一个弹性池的新Azure SQL。这些是我的脚本
azure.deploy.ps1
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"administratorLogin": {
"type": "string",
"metadata": {
"description": "The SQL Server administrator login"
}
},
"administratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "The SQL Server administrator login password."
}
},
"serverName": {
"type": "string",
"metadata": {
"description": "The SQL Server name."
}
},
"elasticPoolName": {
"type": "string",
"metadata": {
"description": "The Elastic Pool name."
}
},
"edition": {
"type": "string",
"defaultValue": "Standard",
"allowedValues": [
"Basic",
"Standard",
"Premium"
],
"metadata": {
"description": "The Elastic Pool edition."
}
},
"poolDtu": {
"type": "int",
"metadata": {
"description": "The Elastic Pool DTU."
}
},
"databaseDtuMin": {
"type": "int",
"defaultValue": 0,
"metadata": {
"description": "The Elastic Pool database DTU min."
}
},
"databaseDtuMax": {
"type": "int",
"metadata": {
"description": "The Elastic Pool database DTU max."
}
},
"databasesNames": {
"type": "array",
"defaultValue": [
"db1",
"db2"
],
"metadata": {
"description": "The SQL Databases names."
}
},
"databaseCollation": {
"type": "string",
"defaultValue": "SQL_Latin1_General_CP1_CI_AS",
"metadata": {
"description": "The SQL Database collation."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {},
"resources": [
{
"apiVersion": "2014-04-01-preview",
"location": "[parameters('location')]",
"name": "[parameters('serverName')]",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"version": "12.0"
},
"type": "Microsoft.Sql/servers"
},
{
"apiVersion": "2014-04-01",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
],
"location": "[parameters('location')]",
"name": "[concat(parameters('serverName'), '/', parameters('elasticPoolName'))]",
"properties": {
"edition": "[parameters('edition')]",
"dtu": "[parameters('poolDtu')]",
"databaseDtuMin": "[parameters('databaseDtuMin')]",
"databaseDtuMax": "[parameters('databaseDtuMax')]"
},
"type": "Microsoft.Sql/servers/elasticPools"
},
{
"type": "Microsoft.Sql/servers/databases",
"name": "[concat(parameters('serverName'), '/', parameters('databasesNames')[copyIndex()])]",
"location": "[parameters('location')]",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName') ,'/elasticpools/', parameters('elasticPoolName'))]"
],
"properties": {
"collation": "[parameters('databaseCollation')]",
"requestedServiceObjectiveName": "ElasticPool",
"elasticPoolName": "[parameters('elasticPoolName')]"
},
"copy": {
"name": "addDatabasesInElasticPool",
"count": "[length(parameters('databasesNames'))]"
}
},
{
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
],
"location": "[parameters('location')]",
"name": "[concat(parameters('serverName'), '/', 'AllowAllWindowsAzureIps')]",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
},
"type": "Microsoft.Sql/servers/firewallrules"
}
]
}
这是参数文件:
azure.deploy.parameters.ps1
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"administratorLogin": {
"value": "bogblogsqldbadmin"
},
"serverName": {
"value": "azrsqlsrv1"
},
"elasticPoolName": {
"value": "azrsqlsrve1"
},
"poolDtu": {
"value": 100
},
"databaseDtuMax": {
"value": 100
},
"databasesNames": {
"value": [ "asqldb11", "asqldb12" ]
}
}
}
我想使用Azure AD和组来验证这些数据库上的用户。我想在我的ARM脚本中直接添加这些组和配置以使用Azure AD。我怎样才能做到这一点?这可能吗?
答案 0 :(得分:2)
以下示例可能有所帮助:
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"SQL Administrator Login": {
"type": "String"
},
"SQL Administrator Password": {
"type": "SecureString"
},
"AAD Admin Login": {
"type": "String"
},
"AAD Admin ObjectID": {
"type": "String"
},
"AAD TenantId": {
"type": "String"
},
"Location (Region)": {
"type": "String"
},
"Server Name": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Sql/servers",
"name": "[parameters('Server Name')]",
"apiVersion": "2014-04-01-preview",
"location": "[parameters('Location (Region)')]",
"properties": {
"administratorLogin": "[parameters('SQL Administrator Login')]",
"administratorLoginPassword": "[parameters('SQL Administrator Password')]",
"version": "12.0"
},
"resources": [
{
"type": "firewallrules",
"name": "AllowAllWindowsAzureIps",
"apiVersion": "2014-04-01-preview",
"location": "[parameters('Location (Region)')]",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
},
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('Server Name'))]"
]
},
{
"type": "administrators",
"name": "activeDirectory",
"apiVersion": "2014-04-01-preview",
"location": "[parameters('Location (Region)')]",
"properties": {
"administratorType": "ActiveDirectory",
"login": "[parameters('AAD Admin Login')]",
"sid": "[parameters('AAD Admin ObjectID')]",
"tenantId": "[parameters('AAD TenantID')]"
},
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('Server Name'))]"
]
}
]
}
]
}