【发布时间】:2021-05-16 06:23:18
【问题描述】:
我使用“经典”Pulumi.Azure 创建应用服务:
var appservice=new AppService(appserviceName, new AppServiceArgs
{
Name = appserviceName,
Location = _resourceGroup.Location,
AppServicePlanId = _servicePlan.Id,
ResourceGroupName = _resourceGroup.Name,
SiteConfig = new Pulumi.Azure.AppService.Inputs.AppServiceSiteConfigArgs
{
DotnetFrameworkVersion = "v5.0",
ScmType = "None",
},
Tags = { { "environemnt", "dev" } },
Logs = new AppServiceLogsArgs
{
HttpLogs = new AppServiceLogsHttpLogsArgs
{
FileSystem = new AppServiceLogsHttpLogsFileSystemArgs { RetentionInDays = 14, RetentionInMb = 35 }
}
}
,
AppSettings = appSettings
});
我还创建了一个密钥库:
var currentConfig=Output.Create(GetClientConfig.InvokeAsync());
var keyVault = new KeyVault(vaultname, new KeyVaultArgs
{
Name = vaultname,
Location = _resourceGroup.Location,
ResourceGroupName = _resourceGroup.Name,
TenantId = currentConfig.Apply(q => q.TenantId),
SkuName="standard"
, AccessPolicies=
{
new Pulumi.Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId=currentConfig.Apply(q=>q.TenantId),
ObjectId=currentConfig.Apply(q=>q.ObjectId),
KeyPermissions={"get", "create", "list"},
SecretPermissions={"set","get","delete","purge","recover", "list"}
}
}
});
两者都按预期工作。我正在创建和访问 KeyVault 和应用服务。现在我需要 App Service 也可以访问 KeyVault。
但是当我添加一个新的访问策略时,我被困在了 ObjectId 上。应用服务似乎没有我可以分配给保管库的有效对象 ID。在 Azure 门户上检查服务时,我还看到缺少身份:
那么作为 pulumi 代码必须做些什么才能实现与在 Azure 中单击“On”并随后检索 ObjectId 相同的功能?
【问题讨论】: