我想在azure中的sql服务器资源中添加一个用户管理的身份作为admin。我可以使用ARM模板创建用户标识,如下所示:
{
"type": "Microsoft.ManagedIdentity/userAssignedIdentities",
"name": "[variables('identityName')]",
"apiVersion": "2018-11-30",
"location": "[resourceGroup().location]"
},
我也可以从ARM模板创建管理员资源。但是,如何在管理员资源中引用上面创建的标识?:
{
"name": "[concat(variables('serverName'),'/ActiveDirectory')]",
"type": "Microsoft.Sql/servers/administrators",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', variables('serverName'))]"
],
"apiVersion": "2019-06-01-preview",
"properties": {
"administratorType": "ActiveDirectory",
"login": "[parameters('identityName')]",
"sid": "<How do I add reference here>",
"tenantId": "<How do I add reference here>"
}
}
我尝试了一些东西,下面的似乎运行良好:
{
"name": "[concat(variables('serverName'),'/ActiveDirectory')]",
"type": "Microsoft.Sql/servers/administrators",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', variables('serverName'))]",
"[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]"
],
"apiVersion": "2019-06-01-preview",
"properties": {
"administratorType": "ActiveDirectory",
"login": "[variables('identityName')]",
"sid": "[reference(concat('Microsoft.ManagedIdentity/userAssignedIdentities/', variables('identityName'))).clientId]",
"tenantId": "[reference(concat('Microsoft.ManagedIdentity/userAssignedIdentities/', variables('identityName'))).tenantId]"
}
},