错误 - API 连接“azuredatalake”未配置为支持托管标识。”
我尝试部署 Azure 逻辑应用程序以及 API 连接,以使用托管标识访问 Azure DataLake Gen1。由于上述错误,此操作失败。
还单独部署了 API 连接,成功但状态为“未验证”,因此部署相应的逻辑应用程序失败,缺少 api 连接。
API 连接参考的部分模板:
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('azuredatalake_1_Connection_Name')]",
"location": "[parameters('location')]",
"kind": "V1",
"properties": {
"displayName": "azuredatalakemsi",
"customParameterValues": {},
"api": {
"id": "[variables('managedadlsApi')]"
}
}
}
答案 0 :(得分:0)
如果我们要访问存储在数据湖 gen1 中的数据,我们必须为用于执行身份验证的用户或 sp 配置正确的 ACL。否则,我们将无权访问数据。有关详细信息,请参阅 official document。同时,我们不能通过 arm 模板来做到这一点。我们可以通过 PowerShell 或 Portal 做到这一点。
另外,关于如何在azure logic app中使用MSI访问Azure data Lake gen1,请参考以下步骤
{
"apiVersion": "2016-06-01",
"type": "Microsoft.logic/workflows",
"name": "[variables('logicappName')]",
"location": "[resourceGroup().location]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"actions": {},
"parameters": {},
"triggers": {},
"contentVersion": "1.0.0.0",
"outputs": {}
},
"parameters": {},
"dependsOn": []
}
创建连接
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('azuredatalake_1_Connection_Name')]",
"location": "[parameters('location')]",
"tags": {
"CreatedTime": "2021-05-24T03:11:28.9371899Z"
},
"kind": "V1",
"properties": {
"displayName": "test",
"customParameterValues": {},
"api": {
"id": "[concat(subscription().id,'/providers/Microsoft.Web/locations/', parameters('location'), '/managedApis/azuredatalake')]"
}
}
},
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2017-07-01",
"name": "[parameters('workflows_testlogic05_name')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/connections', parameters('azuredatalake_1_Connection_Name'))]"
],
"properties": {
"state": "Enabled",
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
},
"actions": {
},
"outputs": {}
},
"parameters": {
"$connections": {
"value": {
"azuredatalake": {
"connectionId": "[resourceId('Microsoft.Web/connections', parameters('azuredatalake_1_Connection_Name'))]",
"connectionName": "azuredatalake",
"connectionProperties": {
"authentication": {
"type": "ManagedServiceIdentity"
}
},
"id": "[concat(subscription().id,'/providers/Microsoft.Web/locations/', parameters('location'), '/managedApis/azuredatalake')]"
}
}
}
}
}
}
详情请参考
https://docs.microsoft.com/en-us/azure/logic-apps/create-managed-service-identity
答案 1 :(得分:0)
我能够通过修改此 API 连接的 ARM 模板来解决这个问题,即将“parameterValueType”添加为“Alternative”。
已成功部署 Azure 逻辑应用程序以及 API 连接以使用托管标识访问 Azure DataLake Gen1。
API 连接参考的部分模板:
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('azuredatalake_1_Connection_Name')]",
"location": "[parameters('location')]",
"kind": "V1",
"properties": {
"displayName": "azuredatalakemsi",
"parameterValueType": "Alternative",
"customParameterValues": {},
"api": {
"id": "[variables('managedadlsApi')]"
}
}
}