如何使用 ARM 模板在 azure 门户中创建 azure 身份提供程序以实现 azure 功能。
用于部署 azure 资源的 ARM 模板。我能够创建 azure 函数,但我还需要动态创建身份验证 -> 身份提供程序 (Microsoft)。
最佳答案
我们尝试在我们的环境中使用以下模板使用 azure AD 身份验证和身份提供商 (Microsoft) 创建 Azure 函数:
先决条件:-
- 在 Azure AD 中注册应用程序 (
AZURE AD>APP REGISTRATION)。 - 启用 ID token (用于隐式流和混合流)。
ARM 模板:-
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"siteName": {
"type": "string",
"defaultValue": "[concat('FuncApp-', uniqueString(resourceGroup().id))]",
"metadata": {
"description": "The name of your Web Site."
}
},
"storageAccountName": {
"type": "String",
"defaultValue": "[concat('store', uniqueString(resourceGroup().id))]"
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
},
"clientId": {
"type": "string",
"metadata": {
"description": "ClientId of the APP registration to be used by the Function APP authentication"
}
}
},
"variables": {
"hostingPlanName": "[concat('hpn-', resourceGroup().name)]",
"storageAccountid": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
},
"resources": [
{
"type": "Microsoft.Web/sites",
"apiVersion": "2021-02-01",
"name": "[parameters('siteName')]",
"kind": "functionapp,linux",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
],
"properties": {
"name": "[parameters('siteName')]",
"adminEnabled": true,
"enabledHostNames": [
"[concat(parameters('siteName'),'.azurewebsites.net')]",
"[concat(parameters('siteName'),'.scm.azurewebsites.net')]"
],
"hostNameSslStates": [
{
"name": "[concat(parameters('siteName'),'.azurewebsites.net')]",
"sslState": "Disabled",
"ipBasedSslState": "NotConfigured",
"hostType": "Standard"
},
{
"name": "[concat(parameters('siteName'),'.scm.azurewebsites.net')]",
"sslState": "Disabled",
"ipBasedSslState": "NotConfigured",
"hostType": "Repository"
}
],
"siteConfig": {
"appSettings": [
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "python"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~2"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', parameters('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2019-06-01').keys[0].value)]"
}
]
},
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
"clientAffinityEnabled": false
}
},
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2021-02-01",
"name": "[variables('hostingPlanName')]",
"location": "[parameters('location')]",
"kind": "linux",
"properties": {
"reserved": true
},
"sku": {
"Tier": "Standard",
"Name": "S1"
}
},
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"apiVersion": "2019-06-01",
"location": "[parameters('location')]",
"kind": "StorageV2",
"sku": {
"name": "Standard_LRS"
}
},
{
"name": "[concat(parameters('siteName'), '/authsettingsV2')]",
"type": "Microsoft.Web/sites/config",
"apiVersion": "2021-02-01",
"location": "[parameters('location')]",
"properties": {
"platform": {
"enabled": true,
"runtimeVersion": "~1"
},
"globalValidation": {
"requireAuthentication": true,
"unauthenticatedClientAction": "RedirectToLoginPage",
"redirectToProvider": "azureactivedirectory"
},
"identityProviders": {
"azureActiveDirectory": {
"enabled": true,
"registration": {
"openIdIssuer": "[concat('https://sts.windows.net/',tenant().tenantId,'/v2.0')]",
"clientId": "[parameters('clientId')]",
"clientSecretSettingName": "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET"
},
"login": {
"disableWWWAuthenticate": false
},
"validation": {
"jwtClaimChecks": {},
"allowedAudiences": [],
"defaultAuthorizationPolicy": {
"allowedPrincipals": {}
}
}
},
"facebook": {
"enabled": true,
"registration": {},
"login": {}
},
"gitHub": {
"enabled": true,
"registration": {},
"login": {}
},
"google": {
"enabled": true,
"registration": {},
"login": {},
"validation": {}
},
"twitter": {
"enabled": true,
"registration": {}
},
"legacyMicrosoftAccount": {
"enabled": true,
"registration": {},
"login": {},
"validation": {}
},
"apple": {
"enabled": true,
"registration": {},
"login": {}
}
},
"login": {
"routes": {},
"tokenStore": {
"enabled": true,
"tokenRefreshExtensionHours": 72,
"fileSystem": {},
"azureBlobStorage": {}
},
"preserveUrlFragmentsForLogins": false,
"cookieExpiration": {
"convention": "FixedTime",
"timeToExpiration": "08:00:00"
},
"nonce": {
"validateNonce": true,
"nonceExpirationInterval": "00:05:00"
}
},
"httpSettings": {
"requireHttps": true,
"routes": {
"apiPrefix": "/.auth"
},
"forwardProxy": {
"convention": "NoProxy"
}
}
}
}
]
}
注意:在客户端 ID 中提供您之前创建的应用注册应用程序 ID
输出:- 部署使用:
az deployment group create -n TestDeployment -g <resourcegroupname> --template-file "C:\Path\to\template.json"
注意:- 在 APP 注册中,我们必须使用 azure cli cmd 添加回复 uri与 https://yourfunctionappname.azurewebsites.net/.auth/login/aad/callback
az ad app update --id <objectid> --reply-urls https://funcapp-xxxxxxx.azurewebsites.net/.auth/login/aad/callback
测试函数应用输出:
关于azure - 如何使用 ARM 模板为 azure 函数应用程序创建身份提供程序?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/70745464/