如何解决部署 SQL Server 后,如何将 SQL Server 上的 Azure Active Directory 管理员添加到 Azure 组
我正在尝试创建一个自动化流程,在 SQL Server 部署后将 SQL Server 上的 Azure Active Directory 添加到 Azure 组。我也想添加的组是安全组。我正在考虑使用 Azure 策略来实现这一点。政策规则会是什么样子?如果有更好的 Azure 服务/功能来实现我的任务,那是什么?
解决方法
以下是对我有用的示例政策定义,它评估并提供关于现有资源的投诉和非投诉资源。另请注意,在评估周期中,匹配资源的具有“DeployIfNotExists”效果的策略定义被标记为不合规,但不会对该资源采取任何操作。可以通过修复任务修复现有的不合规资源。
{
"mode": "All","policyRule": {
"if": {
"allOf": [
{
"field": "type","equals": "Microsoft.Sql/servers"
}
]
},"then": {
"effect": "deployIfNotExists","details": {
"type": "Microsoft.Sql/servers/administrators","existenceCondition": {
"allOf": [
{
"field": "Microsoft.Sql/servers/administrators/administratorType","equals": "ActiveDirectory"
},{
"field": "Microsoft.Sql/servers/administrators/login","equals": "xxxx@xxxxxx.com"
},{
"field": "Microsoft.Sql/servers/administrators/sid","equals": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx"
},{
"field": "Microsoft.Sql/servers/administrators/tenantId","equals": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx"
}
]
},"deployment": {
"properties": {
"mode": "incremental","template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#","contentVersion": "1.0.0.0","parameters": {
"location": {
"type": "string"
},"sqlServerName": {
"type": "string"
}
},"variables": {},"resources": [
{
"name": "[parameters('sqlServerName')]","type": "Microsoft.Sql/servers","apiVersion": "2019-06-01-preview","location": "[parameters('location')]","resources": [
{
"type": "Microsoft.Sql/servers/administrators","name": "[concat(parameters('sqlServerName'),'/ActiveDirectory')]","dependsOn": [
"[resourceId('Microsoft.Sql/servers',parameters('sqlServerName'))]"
],"properties": {
"administratorType": "ActiveDirectory","login": "xxxx@xxxxxx.com","sid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx","tenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx"
}
}
]
}
]
},"parameters": {
"sqlServerName": {
"value": "[field('Name')]"
},"location": {
"value": "[field('Location')]"
}
}
}
},"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"
]
}
}
},"parameters": {}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
