使用 Bicep 创建 Azure Purview 私有终结点
Posted
技术标签:
【中文标题】使用 Bicep 创建 Azure Purview 私有终结点【英文标题】:Azure Purview Ingestion Private Endpoint Creation using Bicep 【发布时间】:2021-11-09 05:16:38 【问题描述】:在大多数 Azure 资源专用端点中,我可以通过调用“Microsoft.Network/privateEndpoints”使用二头肌脚本对其进行配置。使用 Purview,它有两种私有端点:常规私有端点和摄取私有端点。使用提到的库时,虽然我可以创建一个端点,但它没有显示在 Ingestion 私有端点连接名称下。如果您通过门户执行此操作,您将看到在那里创建的端点连接。
我还注意到还有另一个名为“Microsoft.Purview/accounts/privateEndpointConnections”的 API,但是它只公开了两个属性 privateEndpoint.id 和 privateLinkServiceConnectionState - 所以这看起来也不适合使用?
因此我想知道是否有人尝试使用二头肌来完成上述操作?我意识到 Purview Private 端点仍处于公共预览阶段,所以可能还没有办法使用 Bicep 进行配置。我还注意到,我们无法从 Azure 门户将 Purview 资源导出为 ARM 模板,所以这让我更加相信 Bicep 不适用于 Purview?只是想在我决定放弃之前与更了解这方面的人确认。
【问题讨论】:
【参考方案1】:由于 Azure Purview 仍处于预览阶段,它是一个不断发展的工具。 下面我提供了两个 ARM 模板一个用于帐户和门户端点,一个用于摄取端点(我在这里粘贴了两个 ARM 模板和参数化文件) 注意:- 门户、帐户和摄取端点应该在同一个 vnet 和子网中
门户和帐户端点的 1-ARM 模板
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters":
"location":
"type": "String"
,
"privateEndpointName-account":
"type": "String"
,
"privateEndpointName-portal":
"type": "String"
,
"purview_account_externalid":
"type": "String"
,
"targetSubResource-account":
"type": "Array"
,
"targetSubResource-portal":
"type": "Array"
,
"subnet":
"type": "String"
,
"virtualNetworkName":
"type": "String"
,
"privateDnsDeploymentName":
"type": "String"
,
"virtualNetworkLinkName":
"type": "String"
,
"privateDNS":
"type": "String"
,
"resources": [
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-03-01",
"name": "[parameters('privateEndpointName-account')]",
"location": "[parameters('location')]",
"tags":
,
"properties":
"subnet":
"id": "[concat(resourceGroup().id, '/providers/Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'), '/subnets/', parameters('subnet'))]"
,
"privateLinkServiceConnections": [
"name": "[parameters('privateEndpointName-account')]",
"properties":
"privateLinkServiceId": "[parameters('purview_account_externalid')]",
"groupIds": "[parameters('targetSubResource-account')]"
]
,
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-03-01",
"name": "[parameters('privateEndpointName-portal')]",
"location": "[parameters('location')]",
"tags":
,
"properties":
"subnet":
"id": "[concat(resourceGroup().id, '/providers/Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'), '/subnets/', parameters('subnet'))]"
,
"privateLinkServiceConnections": [
"name": "[parameters('privateEndpointName-portal')]",
"properties":
"privateLinkServiceId": "[parameters('purview_account_externalid')]",
"groupIds": "[parameters('targetSubResource-portal')]"
]
,
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"name": "[parameters('privateDnsDeploymentName')]",
"dependsOn": [
"[parameters('privateEndpointName-portal')]",
"[parameters('privateEndpointName-account')]"
],
"properties":
"mode": "Incremental",
"template":
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
"apiVersion": "2017-05-10",
"name": "[concat(parameters('privateDnsDeploymentName'), '-zone')]",
"type": "Microsoft.Resources/deployments",
"properties":
"mode": "Incremental",
"template":
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "2018-09-01",
"name": "[parameters('privateDNS')]",
"location": "global",
"tags":
,
"properties":
]
]
,
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"name": "[parameters('virtualNetworkLinkName')]",
"dependsOn": [
"[parameters('privateDnsDeploymentName')]"
],
"properties":
"mode": "Incremental",
"template":
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
"apiVersion": "2017-05-10",
"name": "[concat(parameters('virtualNetworkLinkName'), '-link')]",
"type": "Microsoft.Resources/deployments",
"properties":
"mode": "Incremental",
"template":
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
"type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
"apiVersion": "2018-09-01",
"name": "[concat(parameters('privateDNS'), '/', uniqueString(parameters('virtualNetworkName')))]",
"location": "global",
"properties":
"virtualNetwork":
"id": "[concat(resourceGroup().id, '/providers/Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
,
"registrationEnabled": false
]
]
,
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"name": "[concat(parameters('privateEndpointName-account'), '-', 'default')]",
"dependsOn": [
"[parameters('privateEndpointName-account')]",
"[parameters('privateDnsDeploymentName')]"
],
"properties":
"mode": "Incremental",
"template":
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-03-01",
"name": "[concat(parameters('privateEndpointName-account'), '/', 'default')]",
"location": "[parameters('location')]",
"properties":
"privateDnsZoneConfigs": [
"name": "[parameters('privateDNS')]",
"properties":
"privateDnsZoneId": "[concat(resourceGroup().id, '/providers/Microsoft.Network/privateDnsZones/', parameters('privateDNS'))]"
]
]
,
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"name": "[concat(parameters('privateEndpointName-portal'), '-', 'default')]",
"dependsOn": [
"[parameters('privateEndpointName-portal')]",
"[parameters('privateDnsDeploymentName')]"
],
"properties":
"mode": "Incremental",
"template":
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-03-01",
"name": "[concat(parameters('privateEndpointName-portal'), '/', 'default')]",
"location": "[parameters('location')]",
"properties":
"privateDnsZoneConfigs": [
"name": "[parameters('privateDNS')]",
"properties":
"privateDnsZoneId": "[concat(resourceGroup().id, '/providers/Microsoft.Network/privateDnsZones/', parameters('privateDNS'))]"
]
]
]
2- 帐户和门户端点的参数化文件
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters":
"location":
"value": "Type the location of endpoint here"
,
"privateEndpointName-account":
"value": "Type the name of Account endpoint here"
,
"privateEndpointName-portal":
"value": "Type the name of Portal Endpoint here"
,
"purview_account_externalid":
"value": "Go to azure portal > Purview >Properties >Resource Id,This is resource ID of the Purview "
,
"targetSubResource-account":
"value": [
"account"
]
,
"targetSubResource-portal":
"value": [
"portal"
]
,
"subnet":
"value": "Type the name subnet here "
,
"virtualNetworkName":
"value": "Type the name of the virtual network here "
,
"privateDnsDeploymentName":
"value": "privatelink.purview.azure.com"
,
"virtualNetworkLinkName":
"value": ""
,
"privateDNS":
"value": "privatelink.purview.azure.com"
摄取端点的 3-ARM 模板
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters":
"ingestionEndpointName":
"type": "String"
,
"purviewManagedRGId":
"type": "String"
,
"virtualNetworksName":
"type": "String"
,
"purviewManagedRGEventHubsNamespaceId":
"type": "String"
,
"managedStorageAccountName":
"type": "string"
,
"resourceGroupId":
"type": "string"
,
"subnet":
"type": "String"
,
"privateDnsZonesLinkBlob":
"defaultValue": "privatelink.blob.core.windows.net",
"type": "String"
,
"privateDnsZonesLinkServicebus":
"defaultValue": "privatelink.servicebus.windows.net",
"type": "String"
,
"privateDnsZonesLinkQueue":
"defaultValue": "privatelink.queue.core.windows.net",
"type": "String"
,
"variables": ,
"resources": [
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-11-01",
"name": "[concat(parameters('ingestionEndpointName'),'-blob')]",
"location": "eastus",
"tags":
"ContactEmail": "<not defined, please set>",
"ContactName": "<not defined, please set>",
"Department": "<not defined, please set>",
"Environment": "SANDBOX",
"OwnerName": "<not defined, please set>",
"Project": "<not defined, please set>"
,
"properties":
"privateLinkServiceConnections": [
"name": "[concat(parameters('ingestionEndpointName'),'-blob')]",
"properties":
"privateLinkServiceId": "[concat(parameters('purviewManagedRGId'),'/providers/Microsoft.Storage/storageAccounts/',parameters('managedStorageAccountName'))]",
"groupIds": [
"blob"
],
"privateLinkServiceConnectionState":
"status": "Approved",
"description": "Auto-Approved",
"actionsRequired": "None"
],
"manualPrivateLinkServiceConnections": [],
"subnet":
"id": "[concat(parameters('resourceGroupId'),'/providers/Microsoft.Network/virtualNetworks/',parameters('virtualNetworksName'), '/subnets/',parameters('subnet'))]"
,
"customDnsConfigs": []
,
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-11-01",
"name": "[concat(parameters('ingestionEndpointName'),'-namespace')]",
"location": "eastus",
"tags":
"ContactEmail": "<not defined, please set>",
"ContactName": "<not defined, please set>",
"Department": "<not defined, please set>",
"Environment": "SANDBOX",
"OwnerName": "<not defined, please set>",
"Project": "<not defined, please set>"
,
"properties":
"privateLinkServiceConnections": [
"name": "[concat(parameters('ingestionEndpointName'),'-namespace')]",
"properties":
"privateLinkServiceId": "[parameters('purviewManagedRGEventHubsNamespaceId')]",
"groupIds": [
"namespace"
],
"privateLinkServiceConnectionState":
"status": "Approved",
"description": "Auto-Approved",
"actionsRequired": "None"
],
"manualPrivateLinkServiceConnections": [],
"subnet":
"id": "[concat(parameters('resourceGroupId'), '/providers/Microsoft.Network/virtualNetworks/',parameters('virtualNetworksName'), '/subnets/',parameters('subnet'))]"
,
"customDnsConfigs": []
,
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-11-01",
"name": "[concat(parameters('ingestionEndpointName'),'-queue')]",
"location": "eastus",
"tags":
"ContactEmail": "<not defined, please set>",
"ContactName": "<not defined, please set>",
"Department": "<not defined, please set>",
"Environment": "SANDBOX",
"OwnerName": "<not defined, please set>",
"Project": "<not defined, please set>"
,
"properties":
"privateLinkServiceConnections": [
"name": "[concat(parameters('ingestionEndpointName'),'-queue')]",
"properties":
"privateLinkServiceId": "[concat(parameters('purviewManagedRGId'),'/providers/Microsoft.Storage/storageAccounts/',parameters('managedStorageAccountName'))]",
"groupIds": [
"queue"
],
"privateLinkServiceConnectionState":
"status": "Approved",
"description": "Auto-Approved",
"actionsRequired": "None"
],
"manualPrivateLinkServiceConnections": [],
"subnet":
"id": "[concat(parameters('resourceGroupId'), '/providers/Microsoft.Network/virtualNetworks/',parameters('virtualNetworksName'), '/subnets/',parameters('subnet'))]"
,
"customDnsConfigs": []
,
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-11-01",
"name": "[concat(parameters('ingestionEndpointName'),'-blob','/default')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', concat(parameters('ingestionEndpointName'),'-blob'))]"
],
"properties":
"privateDnsZoneConfigs": [
"name": "privatelink-blob-core-windows-net",
"properties":
"privateDnsZoneId": "[concat(parameters('resourceGroupId'),'/providers/Microsoft.Network/privateDnsZones/',parameters('privateDnsZonesLinkBlob'))]"
]
,
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-11-01",
"name": "[concat(parameters('ingestionEndpointName'),'-namespace','/default')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', concat(parameters('ingestionEndpointName'),'-namespace'))]"
],
"properties":
"privateDnsZoneConfigs": [
"name": "privatelink-servicebus-windows-net",
"properties":
"privateDnsZoneId": "[concat(parameters('resourceGroupId'),'/providers/Microsoft.Network/privateDnsZones/',parameters('privateDnsZonesLinkServicebus'))]"
]
,
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-11-01",
"name": "[concat(parameters('ingestionEndpointName'),'-queue','/default')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', concat(parameters('ingestionEndpointName'),'-queue'))]"
],
"properties":
"privateDnsZoneConfigs": [
"name": "privatelink-queue-core-windows-net",
"properties":
"privateDnsZoneId": "[concat(parameters('resourceGroupId'),'/providers/Microsoft.Network/privateDnsZones/',parameters('privateDnsZonesLinkQueue'))]"
]
]
4- Ingestion Endpoint 模板的参数化文件
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters":
"ingestionEndpointName":
"value": "Type the name of Ingestion Endpoint here"
,
"purviewManagedRGId":
"value": "Go to azure portal > Purview> ManagedResource > Properties> Resource id This is the Resources ID of purview managed resource group"
,
"virtualNetworkName":
"value": "Give the name of the Virtual network here"
,
"purviewManagedRGEventHubsNamespaceId":
"value": "Go to azure portal > Purview>Managed Resource > Event Hubs namespace name>properties >Resource IDThis is Purview managed Event hub name space resources Id "
,
"managedStorageAccountName":
"value": "Go to azure portal > Purview>Managed Resource > Storage Account"
,
"resourceGroupId":
"value": "Go to azure portal > Purview> overview >resourceGroup"
,
"subnet":
"value": "Give the name the subnet"
【讨论】:
非常感谢。在作为摄取模板参数的最后一个文件中,您能告诉我您在哪里引用参数“ingestionEndpointName”吗? @HT1 现在请检查编辑后的答案。出现复制粘贴错误。 :) 谢谢@kanika kala,我需要处理其他优先事项,但会回过头来测试一下,会再次向您更新我的发现。以上是关于使用 Bicep 创建 Azure Purview 私有终结点的主要内容,如果未能解决你的问题,请参考以下文章