个人中心
gpt4 book ai didi

azure-logic-apps - 如何使用托管标识为逻辑应用程序创建到 Azure KeyVault 的 Api 连接

转载 作者:行者123 更新时间:2023-12-05 02:01:46 26 4
gpt4 key购买 nike

场景

您好,我想创建 Logic App,它从 Azure KeyVault 获取密码,并使用来自 vault 的密码向 API 发送经过身份验证的请求。

问题

我收到:工作流连接参数“keyvault”无效。 API 连接“keyvault”未配置为支持托管身份。 在我的 ARM 部署期间。如何使用 ARM 模板中的托管标识创建 Microsoft.Web/Connections。文档中没有关于它的信息:apiConnection logicapp-MSI

复制

{
  "type": "Microsoft.Web/connections",
  "apiVersion": "2016-06-01",
  "name": "[variables('KeyVault_Connection_Name')]",
  "location": "[variables('location')]",
  "kind": "V1",
  "properties": {
    "api": {
      "id": "[concat('/subscriptions/', variables('subscriptionId'), '/providers/Microsoft.Web/locations/', variables('location'), '/managedApis/', 'keyvault')]"
    },
    "parameterValues": {
      "vaultName": "[variables('keyVaultName')]"
    },
    "displayName": "[variables('KeyVault_Display_Connection_Name')]"
  }
},
{
  "type": "Microsoft.Logic/workflows",
  "apiVersion": "2017-07-01",
  "name": "[variables('logicAppName')]",
  "location": "[variables('location')]",
  "identity": {
    "type": "SystemAssigned"
  },
  "dependsOn": [
    "[resourceId('Microsoft.Web/Connections', variables('KeyVault_Connection_Name'))]"
  ],
  "properties": {
    "state": "Enabled",
    "definition": {
      "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
      "contentVersion": "1.0.0.0",
      "parameters": {
        "$connections": {
          "defaultValue": {},
          "type": "Object"
        }
      },
      "triggers": {schedule trigger},
      "actions": {get secret, send HTTP},
      "outputs": {}
    },
    "parameters": {
      "$connections": {
        "value": {
          "keyvault": {
            "connectionId": "[concat('/subscriptions/', variables('subscriptionId'), '/resourceGroups/', variables('resourceGroupName'), '/providers/Microsoft.Web/connections/', variables('KeyVault_Connection_Name'))]",
            "connectionName": "[variables('KeyVault_Display_Connection_Name')]",
            "connectionProperties": {
              "authentication": {
                "type": "ManagedServiceIdentity"
              }
            },
            "id": "[concat('/subscriptions/', variables('subscriptionId'), '/providers/Microsoft.Web/locations/', variables('location'),'/managedApis/keyvault')]"
          }
        }
      }
    }
  }
}

尝试过

我添加了 parameterValueType,其值替代 Microsoft.Web/connections。还需要删除 parameterValue,因为它会导致错误。

{
    "type": "Microsoft.Web/connections",
    "apiVersion": "2016-06-01",
    "name": "[variables('KeyVault_Connection_Name')]",
    "location": "[variables('location')]",
    "kind": "V1",
    "properties": {
        "api": {
            "id": "[concat('/subscriptions/', variables('subscriptionId'), '/providers/Microsoft.Web/locations/', variables('location'), '/managedApis/', 'keyvault')]"
        },
        "parameterValueType": "Alternative",
        "displayName": "[variables('KeyVault_Display_Connection_Name')]"
    }
},

现在我在获取 secret 时在运行时收到错误:

{
  "status": 400,
  "message": "The connection does not contain a vault name. Please edit the connection and enter a valid key vault name.",
  "error": {
    "message": "The connection does not contain a vault name. Please edit the connection and enter a valid key vault name."
  },
  "source": "keyvault-we.azconn-we.p.azurewebsites.net"
}

我也曾尝试将 vaultName 添加到 customParameterValues 但它没有帮助。

最佳答案

"parameterValueType": "Alternative" 一起,您还需要在 alternativeParameterValues 中指定要访问的 keyvault 名称,如下所示。

该示例适用于我,joykeyvault123 是我的 keyvualt 名称。

{
    "type": "Microsoft.Web/connections",
    "apiVersion": "2016-06-01",
    "name": "[variables('KeyVault_Connection_Name')]",
    "location": "[variables('location')]",
    "kind": "V1",
    "properties": {
        "api": {
            "id": "[concat('/subscriptions/', variables('subscriptionId'), '/providers/Microsoft.Web/locations/', variables('location'), '/managedApis/', 'keyvault')]"
        },
        "parameterValueType": "Alternative",
        "alternativeParameterValues": {
                    "vaultName": "joykeyvault123"
                },
        "displayName": "[variables('KeyVault_Display_Connection_Name')]"
    }
},

关于azure-logic-apps - 如何使用托管标识为逻辑应用程序创建到 Azure KeyVault 的 Api 连接,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/66307261/

26 4 0
文章推荐: python - 使用日志记录或返回值而不是打印来测试点击
文章推荐: Spring Boot 云配置客户端未获取云配置,错误消息为 : no suitable HttpMessageConverter found?
文章推荐: dictionary - 我如何获得 Julia 字典的大小
文章推荐: java - 如何处理 Sonarlint java :S2259 (Null pointers should not be dereferenced)
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com