Parameters.json
"parameters": {
"dataFactoryName": { "type": "string", "metadata": { "description": "Name of the data factory. Name must be globally unique" } },
"resourceTags": { "type": "object" },
"diagnosticSettingsStorageAccount": { "type": "string", "metadata": { "description": "Resource ID of the storage account used to store diagnostic logs" } },
"cmkIdentity": {
"type": "string"
},
"vaultBaseUrl": {
"type": "string"
},
"keyName": {
"type": "string"
},
"keyVersion": {
"type": "string"
}
},
Template.json
{
"type": "Microsoft.DataFactory/factories",
"apiVersion": "2018-06-01",
"name": "[parameters('dataFactoryName')]",
"location": "[resourceGroup().location]",
"tags": "[parameters('resourceTags')]",
"identity": {
"type": "SystemAssigned,UserAssigned",
"userAssignedIdentities": {"[parameters('cmkIdentity')]": {}}},
"properties": {
"publicNetworkAccess": "Disabled",
"encryption": {
"identity": {
"userAssignedIdentity": "[parameters('cmkIdentity')]"
},
"vaultBaseUrl": "[parameters('vaultBaseUrl')]",
"keyName": "[parameters('keyName')]",
"keyVersion": "[parameters('keyVersion')]"
}
},
"dependsOn": ["[resourceId('Microsoft.OperationalInsights/workspaces',variables('workspaceName'))]"]
},
我正在传递这些值:
cmkIdentity:"/subscriptions/xxxxx/resourcegroups/xxxxx/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity"
vaultBaseUrl:https://testkeyvault123.vault.azure.net/
键名:test-key
keyVersion:t5dca2a5xxxxx399we5
验证通过并部署数据工厂。我可以在 Managed Identity 部分看到 test-identity
。但是,当我打开数据工厂的 UI 并导航到 Manage
和 Customer managed key
时,我什么也没看到。所有字段都是空的,见下图:
为 test-identity
提供了对测试密钥保管库的访问策略。无法弄清楚是什么问题。
更新参数和模板
参数
"parameters": {
"dataFactoryName": { "type": "string", "metadata": { "description": "Name of the data factory. Name must be globally unique" } },
"resourceTags": { "type": "object" },
"diagnosticSettingsStorageAccount": { "type": "string", "metadata": { "description": "Resource ID of the storage account used to store diagnoistic logs" } },
"cmkIdentity": {
"type": "object",
"defaultValue": {
"/subscriptions/xxxxx/resourcegroups/xxxxx/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {
}
}
},
"vaultBaseUrl": {
"type": "string"
},
"keyName": {
"type": "string"
},
"keyVersion": {
"type": "string"
}
},
template.json
{
"type": "Microsoft.DataFactory/factories",
"apiVersion": "2018-06-01",
"name": "[parameters('dataFactoryName')]",
"location": "[resourceGroup().location]",
"tags": "[parameters('resourceTags')]",
"identity": {
"type": "SystemAssigned,UserAssigned",
"principalId": "",
"tenantId": "",
"userAssignedIdentities": "[parameters('cmkIdentity')]"
},
"properties": {
"publicNetworkAccess": "Disabled",
"encryption": {
"identity": {
"userAssignedIdentity": "[parameters('cmkIdentity')]"
},
"vaultBaseUrl": "[parameters('vaultBaseUrl')]",
"keyName": "[parameters('keyName')]",
"keyVersion": "[parameters('keyVersion')]"
}
},
"dependsOn": ["[resourceId('Microsoft.OperationalInsights/workspaces',variables('workspaceName'))]"]
},
答案 0 :(得分:1)
我已经尝试通过 json 模板以两种方式进行操作,甚至通过门户都可以正常工作,只是为了有另一个对象类型的参数,如下所示:
更新信息:请添加一个新参数作为 cmkidentity_obj
,即 type: object
,并将另一个参数 cmkidentity
添加为 type: string
并传入字符串:
"encryption": {
"identity": {
"userAssignedIdentity": "[parameters('cmkidentity')]"
},
"VaultBaseUrl": "[parameters('dataFactory_properties_encryption_VaultBaseUrl')]",
"KeyName": "[parameters('dataFactory_properties_encryption_KeyName')]",
"KeyVersion": "[parameters('dataFactory_properties_encryption_KeyVersion')]"
}
Parameter- cmkidentity_obj
abd 在下面的 template.json 中传递它 :
"cmkidentity_obj": {
"type": "object",
"defaultValue": {
"/subscriptions/xxxxx/resourcegroups/xxxxx/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {
}
}
}
然后在我的 template.json 中传递这个对象:
"identity": {
"type": "[parameters('dataFactory_identity_type')]",
"principalId": "",
"tenantId": "",
"userAssignedIdentities": "[parameters('cmkidentity_obj')]"
}
这已成功部署,但有任何错误,并且能够在 Azure 数据工厂 (UI) 中查看我的客户管理密钥,请尝试相同并查看。
我的 Template.json:
"resources": [
{
"name": "[parameters('factoryName')]",
"type": "Microsoft.DataFactory/factories",
"apiVersion": "2018-06-01",
"properties": {
"encryption": {
"identity": {
"userAssignedIdentity": "[parameters('cmkidentity')]"
},
"VaultBaseUrl": "[parameters('dataFactory_properties_encryption_VaultBaseUrl')]",
"KeyName": "[parameters('dataFactory_properties_encryption_KeyName')]",
"KeyVersion": "[parameters('dataFactory_properties_encryption_KeyVersion')]"
}
},
"dependsOn": [],
"location": "[parameters('dataFactory_location')]",
"identity": {
"type": "[parameters('dataFactory_identity_type')]",
"principalId": "",
"tenantId": "",
"userAssignedIdentities": "[parameters('cmkIdentity_obj')]"
}
}
]