时间戳

首页 > 解决方案 > SQL Server 部署后如何将 SQL Server 上的 Azure Active Directory 管理员添加到 Azure 组

azure - SQL Server 部署后如何将 SQL Server 上的 Azure Active Directory 管理员添加到 Azure 组

问题描述

我正在尝试创建一个自动化过程,在 SQL Server 部署后将 SQL Server 上的 Azure Active Directory 添加到 Azure 组。我也想添加的组是安全组。我正在考虑使用 Azure 策略来实现这一点。政策规则是什么样的?如果有更好的 Azure 服务/功能来实现我的任务,那是什么?

标签: azureazure-active-directoryazure-sql-serverazure-policy

解决方案

这是对我有用的示例策略定义,它评估并提供现有资源的投诉和非投诉资源。另请注意,在评估周期中,匹配资源的具有“DeployIfNotExists”效果的策略定义被标记为不合规,但不会对该资源执行任何操作。可以通过修复任务修复现有的不合规资源。

{
  "mode": "All",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Sql/servers"
        }
      ]
    },
    "then": {
      "effect": "deployIfNotExists",
      "details": {
        "type": "Microsoft.Sql/servers/administrators",
        "existenceCondition": {
          "allOf": [
            {
              "field": "Microsoft.Sql/servers/administrators/administratorType",
              "equals": "ActiveDirectory"
            },
            {
              "field": "Microsoft.Sql/servers/administrators/login",
              "equals": "xxxx@xxxxxx.com"
            },
            {
              "field": "Microsoft.Sql/servers/administrators/sid",
              "equals": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx"
            },
            {
              "field": "Microsoft.Sql/servers/administrators/tenantId",
              "equals": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx"
            }
          ]
        },
        "deployment": {
          "properties": {
            "mode": "incremental",
            "template": {
              "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
              "contentVersion": "1.0.0.0",
              "parameters": {
                "location": {
                  "type": "string"
                },
                "sqlServerName": {
                  "type": "string"
                }
              },
              "variables": {},
              "resources": [
                {
                  "name": "[parameters('sqlServerName')]",
                  "type": "Microsoft.Sql/servers",
                  "apiVersion": "2019-06-01-preview",
                  "location": "[parameters('location')]",
                  "resources": [
                    {
                      "type": "Microsoft.Sql/servers/administrators",
                      "apiVersion": "2019-06-01-preview",
                      "name": "[concat(parameters('sqlServerName'), '/ActiveDirectory')]",
                      "dependsOn": [
                        "[resourceId('Microsoft.Sql/servers', parameters('sqlServerName'))]"
                      ],
                      "properties": {
                        "administratorType": "ActiveDirectory",
                        "login": "xxxx@xxxxxx.com",
                        "sid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx",
                        "tenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx"
                      }
                    }
                  ]
                }
              ]
            },
            "parameters": {
              "sqlServerName": {
                "value": "[field('Name')]"
              },
              "location": {
                "value": "[field('Location')]"
              }
            }
          }
        },
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
          "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"
        ]
      }
    }
  },
  "parameters": {}
}

推荐阅读