有一种逻辑应用标准使用 Dataverse 连接器。需要访问策略,以便逻辑应用中的工作流可以使用连接器。以下是二头肌文件,但我无权访问的服务计划除外。使用各种快速入门 templates from Azure repos似乎没有解决问题。
问题是为什么会出现这个错误以及可以采取什么措施来解决?
仅当添加访问策略时才会引发错误,如下所示:
"errorCode: PropertyImmutable. Message: The property 'ConnectionAceStorageEntity.PrincipalId' is immutable."
二头肌连接器:
param DataverseConnectionClient string
param DataverseConnectionName string
param DataverseConnectionTenant string
param Location string
@secure()
param DataverseConnectionSecret string
resource DataverseConnection 'Microsoft.Web/connections@2016-06-01' = {
// This property may give a warning but the it should work and passed further
// https://github.com/Azure/bicep/issues/3512
kind: 'V2'
name: DataverseConnectionName
location: Location
properties: {
displayName: DataverseConnectionName
parameterValues: {
'token:TenantId': DataverseConnectionTenant
'token:clientId': DataverseConnectionClient
'token:grantType': 'client_credentials'
'token:clientSecret': DataverseConnectionSecret
}
api: {
name: 'commondataservice'
displayName: 'Microsoft Dataverse (legacy)'
description: 'Provides access to the environment database in Microsoft Dataverse.'
category: 'Standard'
id: '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Web/locations/${Location}/managedApis/commondataservice'
type: 'Microsoft.Web/locations/managedApis'
}
}
}
// This reference may give a warning but the top level property 'connectionRuntimeUrl' should be offered back
// https://github.com/Azure/bicep/issues/3494
output connectionRuntimeUrl string = DataverseConnection.properties.connectionRuntimeUrl
逻辑应用程序的二头肌:
resource LogicAppSite 'Microsoft.Web/sites@2022-09-01' = {
name: LogicAppSiteName
location: LogicAppLocation
tags: {
'hidden-link: /app-insights-resource-id': '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Insights/components/${AppInsightsName}'
}
kind: 'functionapp,workflowapp'
identity: {
type: 'SystemAssigned'
}
properties: {
enabled: true
serverFarmId: ServerFarmId
reserved: false
isXenon: false
hyperV: false
vnetRouteAllEnabled: false
vnetImagePullEnabled: false
vnetContentShareEnabled: false
siteConfig: {
numberOfWorkers: 1
acrUseManagedIdentityCreds: false
alwaysOn: false
http20Enabled: false
appSettings: [
{
name: 'APP_KIND'
value: 'workflowApp'
}
{
name: 'AzureFunctionsJobHost__extensionBundle__id'
value: 'Microsoft.Azure.Functions.ExtensionBundle.Workflows'
}
{
name: 'AzureFunctionsJobHost__extensionBundle__version'
value: '[1.*, 2.0.0)'
}
{
name: 'AzureWebJobsStorage'
value: 'DefaultEndpointsProtocol=https;AccountName=${StorageAccountName};AccountKey=${listKeys('${resourceGroup().id}/providers/Microsoft.Storage/storageAccounts/${StorageAccountName}', '2019-06-01').keys[0].value};EndpointSuffix=core.windows.net'
}
// {
// name: 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING'
// value: 'DefaultEndpointsProtocol=https;AccountName=${StorageAccountName};AccountKey=${listKeys('${resourceGroup().id}/providers/Microsoft.Storage/storageAccounts/${StorageAccountName}', '2019-06-01').keys[0].value};EndpointSuffix=core.windows.net'
// }
// {
// name: 'WEBSITE_CONTENTSHARE'
// value: LogicAppSiteName
// }
{
name: 'FUNCTIONS_EXTENSION_VERSION'
value: '~4'
}
{
name: 'WEBSITE_CONTENTOVERVNET'
value: '1'
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: reference(resourceId('Microsoft.Insights/components', AppInsightsName), '2020-02-02').ConnectionString
}
{
name: 'WORKFLOWS_SUBSCRIPTION_ID'
value: subscription().subscriptionId
}
{
name: 'WORKFLOWS_LOCATION_NAME'
value: LogicAppLocation
}
{
name: 'WORKFLOWS_RESOURCE_GROUP_NAME'
value: resourceGroup().name
}
{
name: 'WORKFLOWS_DATAVERSE_CONNECTION_NAME'
value: DataverseConnectionName
}
{
name: 'WORKFLOWS_DATAVERSE_CONN_ID'
value: DataverseConnection.id
}
{
name: 'WORKFLOWS_DATAVERSE_CONN_RUNTIMEURL'
// This reference may give a warning but the top level property 'connectionRuntimeUrl' should be offered back
// https://github.com/Azure/bicep/issues/3494
value: DataverseConnection.properties.connectionRuntimeUrl
}
{
name: 'WORKFLOWS_DATAVERSE_URL'
value: DataverseUrl
}
]
}
scmSiteAlsoStopped: false
clientAffinityEnabled: false
clientCertEnabled: false
clientCertMode: 'Required'
hostNamesDisabled: false
customDomainVerificationId: '...'
containerSize: 1536
dailyMemoryTimeQuota: 0
httpsOnly: true
redundancyMode: 'None'
publicNetworkAccess: 'Enabled'
storageAccountRequired: false
keyVaultReferenceIdentity: 'SystemAssigned'
}
}
resource LogicAppSiteName_web 'Microsoft.Web/sites/config@2022-09-01' = {
parent: LogicAppSite
name: 'web'
properties: {
numberOfWorkers: 1
defaultDocuments: [
'Default.htm'
'Default.html'
'Default.asp'
'index.htm'
'index.html'
'iisstart.htm'
'default.aspx'
'index.php'
]
netFrameworkVersion: 'v6.0'
requestTracingEnabled: false
remoteDebuggingEnabled: false
httpLoggingEnabled: false
acrUseManagedIdentityCreds: false
logsDirectorySizeLimit: 35
detailedErrorLoggingEnabled: false
publishingUsername: LogicAppSiteName
scmType: 'None'
use32BitWorkerProcess: false
webSocketsEnabled: false
alwaysOn: false
managedPipelineMode: 'Integrated'
preWarmedInstanceCount: 0
elasticWebAppScaleLimit: 0
functionsRuntimeScaleMonitoringEnabled: true
functionAppScaleLimit: 0
virtualApplications: [
{
virtualPath: '/'
physicalPath: 'site\\wwwroot'
preloadEnabled: false
}
]
loadBalancing: 'LeastRequests'
experiments: {
rampUpRules: []
}
autoHealEnabled: false
vnetRouteAllEnabled: true
vnetPrivatePortsCount: 0
publicNetworkAccess: 'Enabled'
cors: {
supportCredentials: false
}
localMySqlEnabled: false
managedServiceIdentityId: 37494
ipSecurityRestrictions: [
{
ipAddress: 'Any'
action: 'Allow'
priority: 2147483647
name: 'Allow all'
description: 'Allow all access'
}
]
http20Enabled: false
minTlsVersion: '1.2'
scmMinTlsVersion: '1.2'
azureStorageAccounts: {}
}
}
resource LogicAppSiteName_LogicAppSiteName_azurewebsites_net 'Microsoft.Web/sites/hostNameBindings@2022-09-01' = {
parent: LogicAppSite
name: '${LogicAppSiteName}.azurewebsites.net'
properties: {
siteName: LogicAppSiteName
hostNameType: 'Verified'
}
}
最后是访问策略的二头肌:
resource connections_dataverse_logicAppSystemAssignedIdentityObjectId 'Microsoft.Web/connections/accessPolicies@2016-06-01' = {
name: DataversePolicyName
parent: DataverseConnection
location: LogicAppLocation
properties: {
principal: {
type: 'ActiveDirectory'
identity: {
tenantId: subscription().tenantId
objectId: LogicAppSite.identity.principalId
}
}
}
}
最佳答案
找到了罪魁祸首:如果在门户中手动创建相同的连接,具有相同的名称但不同的PrincipalID,ARM/Bicep 部署无法覆盖它。
只需确保 Portal.azure.com 中的实验不会与管道中的部署重叠即可。
关于azure - 逻辑应用连接器策略引发 "Property Immutable"错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/76465070/