带有存储和 Cosmos Db 连接字符串的 Azure ARM 模板
Azure ARM templates with Storage and Cosmos Db connection strings
我希望有人知道如何做到这一点。
我已经设置了一个 ARM 模板,它在我执行 CI/CD 时创建我的资源,这很棒。
我什至设法设置了一个连接字符串:
"ConnectionStrings:ConnectionString": "[concat('Data Source=tcp:', reference(concat('Microsoft.Sql/servers/', variables('name'))).fullyQualifiedDomainName, ',1433;Initial Catalog=', variables('sqlMasterName'), ';User Id=', variables('sqlServerUser'), '@', reference(concat('Microsoft.Sql/servers/', variables('name'))).fullyQualifiedDomainName, ';Password=', variables('sqlServerPassword'), ';')]",
变量sqlServerPassword由此随机生成:
"sqlServerPassword": "[concat('P', uniqueString(resourceGroup().id, '224F5A8B-51DB-46A3-A7C8-59B0DD584A41'), 'x', '!')]",
考虑到这一点,有谁知道我如何为存储帐户和 azure cosmos db 做同样的事情?
好像不太一样
我创建存储帐户的模板如下所示:
{
"apiVersion": "2018-11-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('name')]",
"location": "[variables('location')]",
"tags": {
"displayName": "SXP storage"
},
"kind": "Storage",
"sku": {
"name": "Standard_LRS"
}
},
其中没有提到密码等。
另外,对于我的 CosmosDb,我有同样的问题:
{
"name": "[variables('name')]",
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2015-04-08",
"location": "[variables('location')]",
"tags": {
"displayName": "Cosmos DB Account"
},
"properties": {
"locations": "[variables('locations')]",
"databaseAccountOfferType": "Standard"
}
},
{
"name": "[concat(variables('name'), '/sql/', variables('cosmosMasterName'))]",
"type": "Microsoft.DocumentDB/databaseAccounts/apis/databases",
"apiVersion": "2016-03-31",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/', variables('name'))]"
],
"properties": {
"resource": {
"id": "[variables('cosmosMasterName')]"
},
"options": { "throughput": "[variables('cosmosMasterThroughPut')]" }
}
},
{
"name": "[concat(variables('name'), '/sql/', variables('cosmosMasterName'), '/', variables('cosmosContainerName'))]",
"type": "Microsoft.DocumentDb/databaseAccounts/apis/databases/containers",
"apiVersion": "2016-03-31",
"dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/apis/databases', variables('name'), 'sql', variables('cosmosMasterName'))]" ],
"properties": {
"resource": {
"id": "[variables('cosmosContainerName')]",
"partitionKey": {
"paths": [
"/gtin"
],
"kind": "Hash"
},
"indexingPolicy": {
"indexingMode": "consistent",
"includedPaths": [
{
"path": "/*"
}
]
}
}
}
},
{
"name": "[concat(variables('name'), '/sql/', variables('cosmosDevelopName'))]",
"type": "Microsoft.DocumentDB/databaseAccounts/apis/databases",
"apiVersion": "2016-03-31",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/', variables('name'))]"
],
"properties": {
"resource": {
"id": "[variables('cosmosDevelopName')]"
},
"options": { "throughput": "[variables('cosmosDevelopThroughPut')]" }
}
},
{
"name": "[concat(variables('name'), '/sql/', variables('cosmosDevelopName'), '/', variables('cosmosContainerName'))]",
"type": "Microsoft.DocumentDb/databaseAccounts/apis/databases/containers",
"apiVersion": "2016-03-31",
"dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/apis/databases', variables('name'), 'sql', variables('cosmosDevelopName'))]" ],
"properties": {
"resource": {
"id": "[variables('cosmosContainerName')]",
"partitionKey": {
"paths": [
"/gtin"
],
"kind": "Hash"
},
"indexingPolicy": {
"indexingMode": "consistent",
"includedPaths": [
{
"path": "/*"
}
]
}
}
}
}
如果有人能帮忙,那就太好了。
David Makogon 是正确的,但有一种方法可以在 ARM 模板中检索存储帐户和 CosmosDB 生成的密钥和连接字符串。使用 ARM ListKeys 函数。
这是我自己的 ARM 模板之一的示例。这是 Azure Functions 中的一个应用程序设置,我在其中引用存储帐户生成的密钥:
{
"name": "StorageConnectionString",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(resourceId(variables('InfrastructureResourceGroupName'), 'Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2015-05-01-preview').key1)]"
},
请注意,如果您的存储帐户在同一资源组中,我相信您可以省略 ListKeys 的第一个参数。
获取 CosmosDB 数据库的密钥非常相似。如果您遇到困难,请告诉我,我也会找出那个例子。
使用 Cosmos DB 2019-08-01 模板 listKeys returns 这样的对象;
{
"primaryMasterKey": "...==",
"secondaryMasterKey": "...==",
"primaryReadonlyMasterKey": "...==",
"secondaryReadonlyMasterKey": "...=="
}
这提供了只读或 read/write 连接选项。您可以像这样建立连接;
{
"name": "DatabaseConnectionString",
"value": "[concat('AccountEndpoint=https://', variables('accountName'),'.documents.azure.com:443/;AccountKey=', listKeys(resourceId('Microsoft.DocumentDB/databaseAccounts', variables('accountName')), '2019-08-01').primaryMasterKey, ';')]"
},
我希望有人知道如何做到这一点。 我已经设置了一个 ARM 模板,它在我执行 CI/CD 时创建我的资源,这很棒。 我什至设法设置了一个连接字符串:
"ConnectionStrings:ConnectionString": "[concat('Data Source=tcp:', reference(concat('Microsoft.Sql/servers/', variables('name'))).fullyQualifiedDomainName, ',1433;Initial Catalog=', variables('sqlMasterName'), ';User Id=', variables('sqlServerUser'), '@', reference(concat('Microsoft.Sql/servers/', variables('name'))).fullyQualifiedDomainName, ';Password=', variables('sqlServerPassword'), ';')]",
变量sqlServerPassword由此随机生成:
"sqlServerPassword": "[concat('P', uniqueString(resourceGroup().id, '224F5A8B-51DB-46A3-A7C8-59B0DD584A41'), 'x', '!')]",
考虑到这一点,有谁知道我如何为存储帐户和 azure cosmos db 做同样的事情? 好像不太一样
我创建存储帐户的模板如下所示:
{
"apiVersion": "2018-11-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('name')]",
"location": "[variables('location')]",
"tags": {
"displayName": "SXP storage"
},
"kind": "Storage",
"sku": {
"name": "Standard_LRS"
}
},
其中没有提到密码等。 另外,对于我的 CosmosDb,我有同样的问题:
{
"name": "[variables('name')]",
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2015-04-08",
"location": "[variables('location')]",
"tags": {
"displayName": "Cosmos DB Account"
},
"properties": {
"locations": "[variables('locations')]",
"databaseAccountOfferType": "Standard"
}
},
{
"name": "[concat(variables('name'), '/sql/', variables('cosmosMasterName'))]",
"type": "Microsoft.DocumentDB/databaseAccounts/apis/databases",
"apiVersion": "2016-03-31",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/', variables('name'))]"
],
"properties": {
"resource": {
"id": "[variables('cosmosMasterName')]"
},
"options": { "throughput": "[variables('cosmosMasterThroughPut')]" }
}
},
{
"name": "[concat(variables('name'), '/sql/', variables('cosmosMasterName'), '/', variables('cosmosContainerName'))]",
"type": "Microsoft.DocumentDb/databaseAccounts/apis/databases/containers",
"apiVersion": "2016-03-31",
"dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/apis/databases', variables('name'), 'sql', variables('cosmosMasterName'))]" ],
"properties": {
"resource": {
"id": "[variables('cosmosContainerName')]",
"partitionKey": {
"paths": [
"/gtin"
],
"kind": "Hash"
},
"indexingPolicy": {
"indexingMode": "consistent",
"includedPaths": [
{
"path": "/*"
}
]
}
}
}
},
{
"name": "[concat(variables('name'), '/sql/', variables('cosmosDevelopName'))]",
"type": "Microsoft.DocumentDB/databaseAccounts/apis/databases",
"apiVersion": "2016-03-31",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/', variables('name'))]"
],
"properties": {
"resource": {
"id": "[variables('cosmosDevelopName')]"
},
"options": { "throughput": "[variables('cosmosDevelopThroughPut')]" }
}
},
{
"name": "[concat(variables('name'), '/sql/', variables('cosmosDevelopName'), '/', variables('cosmosContainerName'))]",
"type": "Microsoft.DocumentDb/databaseAccounts/apis/databases/containers",
"apiVersion": "2016-03-31",
"dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/apis/databases', variables('name'), 'sql', variables('cosmosDevelopName'))]" ],
"properties": {
"resource": {
"id": "[variables('cosmosContainerName')]",
"partitionKey": {
"paths": [
"/gtin"
],
"kind": "Hash"
},
"indexingPolicy": {
"indexingMode": "consistent",
"includedPaths": [
{
"path": "/*"
}
]
}
}
}
}
如果有人能帮忙,那就太好了。
David Makogon 是正确的,但有一种方法可以在 ARM 模板中检索存储帐户和 CosmosDB 生成的密钥和连接字符串。使用 ARM ListKeys 函数。
这是我自己的 ARM 模板之一的示例。这是 Azure Functions 中的一个应用程序设置,我在其中引用存储帐户生成的密钥:
{
"name": "StorageConnectionString",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(resourceId(variables('InfrastructureResourceGroupName'), 'Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2015-05-01-preview').key1)]"
},
请注意,如果您的存储帐户在同一资源组中,我相信您可以省略 ListKeys 的第一个参数。
获取 CosmosDB 数据库的密钥非常相似。如果您遇到困难,请告诉我,我也会找出那个例子。
使用 Cosmos DB 2019-08-01 模板 listKeys returns 这样的对象;
{
"primaryMasterKey": "...==",
"secondaryMasterKey": "...==",
"primaryReadonlyMasterKey": "...==",
"secondaryReadonlyMasterKey": "...=="
}
这提供了只读或 read/write 连接选项。您可以像这样建立连接;
{
"name": "DatabaseConnectionString",
"value": "[concat('AccountEndpoint=https://', variables('accountName'),'.documents.azure.com:443/;AccountKey=', listKeys(resourceId('Microsoft.DocumentDB/databaseAccounts', variables('accountName')), '2019-08-01').primaryMasterKey, ';')]"
},