从二头肌中的 Azure 应用服务访问应用(客户端)ID
[英]Accessing the App (client) ID from an Azure App Service in bicep
问题描述
In bicep, I am configuring an Azure API Management policy that enables the managed service identity for a specific backend App Service.
在二头肌中,我正在配置一个 Azure API 管理策略,该策略为特定的后端应用服务启用托管服务标识。
This is typically done by setting an XML fragment like this:这通常通过像这样设置 XML 片段来完成:
<policies>
<inbound>
<authentication-managed-identity resource="4d192d04-XXXX-461f-a6ab-XXXXXXXXXXXX" />
<base />
</inbound>
</policies>
What I am now looking for, is how to retrieve that specific resource id from the existing App Service, in my bicep template.我现在正在寻找的是如何在我的二头肌模板中从现有应用服务中检索该特定resource ID。
Some fragments from my existing bicep template below:下面是我现有的二头肌模板中的一些片段:
// The App Service declaration
@description('API Website')
resource backendapi 'Microsoft.Web/sites@2021-03-01' = {
name: 'backend-${environment}'
kind: 'app,linux,container'
location: location
// left out properties, etc for brevity
// This is where I want to retrieve the client ID from that web app, but this fails:
var managed_identity_id = backendapi.identity.principalId
When deploying the above template, I get the following exception (although the identity.principalId was indicated to be valid by the Visual Studio Code intellisense.部署上述模板时,出现以下异常(尽管 Visual Studio Code intellisense 指示identity.principalId有效。
The language expression property 'identity' doesn't exist, available properties are 'apiVersion, location, tags, kind, properties, condition, deploymentResourceLineInfo, existing, isConditionTrue, subscriptionId, resourceGroupName, scope, resourceId, referenceApiVersion, isTemplateResource, isAction, provisioningOperation'
So my question is, how can I access the property from an App Service, in a bicep file.所以我的问题是,如何在二头肌文件中从应用服务访问该属性。 The property of which the value is shown in the following screenshot:其值显示在以下屏幕截图中的属性:
1 个解决方案
解决方案1
1 已采纳 2022-06-13 10:07:40
As explained in the comment section, you are looking for the web app auth settings: Microsoft.Web sites/config 'authsettingsV2' 2020-12-01如评论部分所述,您正在寻找 Web 应用身份验证设置: Microsoft.Web sites/config 'authsettingsV2' 2020-12-01
You could retrieve the clientId for AzureAD Auth Like that:您可以像这样检索 AzureAD Auth 的 clientId:
param webAppName string
resource authsettings 'Microsoft.Web/sites/config@2020-12-01' existing = {
name: '${webAppName}/authsettingsV2'
}
var clientId = authsettings.properties.identityProviders.azureActiveDirectory.registration.clientId
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.