我已经使用Terraform在Synapse Analytics工作区上创建了几个受管理的私有端点。现在我不知道如何“批准”它们,因为我似乎找不到执行此操作的正确资源。要手动执行,我需要转到存储帐户->网络->私有端点,选择要“批准”的并按批准。
mnemlml81#
如果你还感兴趣,我在Terraform中这样做了:
resource "null_resource" "endpoint_approval" { depends_on = [module.sql_managed_endpoint, module.storage_managed_endpoint] provisioner "local-exec" { command = <<-EOT $sql_id = $(az network private-endpoint-connection list --id ${module.mssql_server.id} --query "[?contains(properties.privateEndpoint.id, 'vnet')].id" -o json) | ConvertFrom-Json $storage_id = $(az network private-endpoint-connection list --id ${module.storage_account.storage_account_id} --query "[?contains(properties.privateEndpoint.id, 'vnet')].id" -o json) | ConvertFrom-Json az network private-endpoint-connection approve --id $sql_id --description "Approved in Terraform" az network private-endpoint-connection approve --id $storage_id --description "Approved in Terraform" EOT interpreter = ["pwsh", "-Command"] } }
thigvfpy2#
从今天起,您无法使用Terraform批准托管专用端点。你可以 checkout 已经在hashicorp问过的Synapse Managed Private Endpoint - auto_approval option。
注意:Azure PowerShell和Azure CLI是管理Microsoft合作伙伴服务或客户拥有的服务上的专用端点连接的首选方法。
Azure PowerShell
Azure CLI
有关详细信息,请参阅管理客户/合作伙伴拥有的专用链接服务上的专用端点连接。
eqzww0vc3#
可以批准与Terraform的私有端点连接。请参阅下面的示例,以批准Synapse Analytics工作区和存储帐户之间的托管专用端点。诀窍是使用azapi提供程序检索和过滤存储帐户上的私有端点连接,然后批准它。
azapi
resource "azurerm_resource_group" "example" { name = "example-resources" location = "West Europe" } resource "azurerm_storage_account" "example" { name = "examplestorageacc" resource_group_name = azurerm_resource_group.example.name location = azurerm_resource_group.example.location account_tier = "Standard" account_replication_type = "LRS" account_kind = "StorageV2" is_hns_enabled = "true" } resource "azurerm_storage_data_lake_gen2_filesystem" "example" { name = "example" storage_account_id = azurerm_storage_account.example.id } resource "azurerm_synapse_workspace" "example" { name = "example" resource_group_name = azurerm_resource_group.example.name location = azurerm_resource_group.example.location storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.example.id sql_administrator_login = "sqladminuser" sql_administrator_login_password = "H@Sh1CoR3!" managed_virtual_network_enabled = true identity { type = "SystemAssigned" } } resource "azurerm_synapse_firewall_rule" "example" { name = "AllowAll" synapse_workspace_id = azurerm_synapse_workspace.example.id start_ip_address = "0.0.0.0" end_ip_address = "255.255.255.255" } resource "azurerm_storage_account" "example_connect" { name = "examplestorage2" resource_group_name = azurerm_resource_group.example.name location = azurerm_resource_group.example.location account_tier = "Standard" account_replication_type = "LRS" account_kind = "BlobStorage" } resource "azurerm_synapse_managed_private_endpoint" "example" { name = "example-endpoint" synapse_workspace_id = azurerm_synapse_workspace.example.id target_resource_id = azurerm_storage_account.example_connect.id subresource_name = "blob" depends_on = [azurerm_synapse_firewall_rule.example] } # Retrieve the storage account details, including the private endpoint connections data "azapi_resource" "example_storage" { type = "Microsoft.Storage/storageAccounts@2022-09-01" resource_id = azurerm_storage_account.example.id response_export_values = ["properties.privateEndpointConnections"] } # Retrieve the private endpoint connection name from the storage account based on the private endpoint name locals { private_endpoint_connection_name = element([ for connection in jsondecode(data.azapi_resource.example_storage.output).properties.privateEndpointConnections : connection.name if endswith(connection.properties.privateEndpoint.id, azurerm_synapse_managed_private_endpoint.example.name) ], 0) } # Approve the private endpoint resource "azapi_update_resource" "approval" { type = "Microsoft.Storage/storageAccounts/privateEndpointConnections@2022-09-01" name = local.private_endpoint_connection_name parent_id = azurerm_storage_account.example.id body = jsonencode({ properties = { privateLinkServiceConnectionState = { description = "Approved via Terraform" status = "Approved" } } }) }
3条答案
按热度按时间mnemlml81#
如果你还感兴趣,我在Terraform中这样做了:
thigvfpy2#
从今天起,您无法使用Terraform批准托管专用端点。
你可以 checkout 已经在hashicorp问过的Synapse Managed Private Endpoint - auto_approval option。
注意:
Azure PowerShell和Azure CLI是管理Microsoft合作伙伴服务或客户拥有的服务上的专用端点连接的首选方法。有关详细信息,请参阅管理客户/合作伙伴拥有的专用链接服务上的专用端点连接。
eqzww0vc3#
可以批准与Terraform的私有端点连接。
请参阅下面的示例,以批准Synapse Analytics工作区和存储帐户之间的托管专用端点。
诀窍是使用
azapi提供程序检索和过滤存储帐户上的私有端点连接,然后批准它。