Bing 资源的角色定义

问题描述 投票:0回答:1

我想授予 AppService 对 Bing 资源的访问权限 (

Microsoft.Bing/accounts@2020-06-10
)。 我应该在 Bing 的 IAM (
Microsoft.Authorization/roleDefinitions
) 中设置哪个角色 (
Microsoft.Authorization/roleAssignments
)?

详细来说,我需要了解以下内容

xxx

var role = subscriptionResourceId(
  'Microsoft.Authorization/roleDefinitions',
  'xxx-xxx-xxx-xxx-xxx'
)

resource searchServiceIndexAppPermissions 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
  name: guid(bingSearch.id, webApp.name, role)
  scope: bingSearch
  properties: {
    principalId: webApp.identity.principalId
    principalType: 'ServicePrincipal'
    roleDefinitionId: role
  }
}
azure roles azure-bicep bing-api identity-management
1个回答
0
投票

使用二头肌的 Bing 搜索服务的角色定义

随着Github Bing 搜索的跟进,我们需要使用MSDoc,这有助于实现您在需求中提到的要求。

分配角色所需的角色是 用户访问管理员,这有助于向 webapp 提供角色,我们需要 搜索服务贡献者贡献者 基于我们需要通过搜索服务通过网络应用程序获得的权限。

二头肌文件:

param location string = resourceGroup().location
param appServicePlanName string = 'vkkAppServicePlan'
param webAppName string = 'vkkWebApp'
param bingSearchName string = 'vkkbingsearch'

resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = {
  name: appServicePlanName
  location: location
  sku: {
    name: 'B1'
    capacity: 1
  }
  properties: {
    reserved: false
  }
}

resource webApp 'Microsoft.Web/sites@2021-02-01' = {
  name: webAppName
  location: location
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    serverFarmId: appServicePlan.id
  }
  kind: 'app'
}

resource bingSearch 'Microsoft.Search/searchServices@2024-03-01-preview' = {
  name: bingSearchName
  location: location
  sku: {
    name: 'standard'
  }
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    hostingMode: 'default'
    partitionCount: 1
    replicaCount: 1
    publicNetworkAccess: 'Enabled'
    authOptions: {
      aadOrApiKey: {
        aadAuthFailureMode: 'http401WithBearerChallenge' 
      }
    }
    disabledDataExfiltrationOptions: ['All'] 
    encryptionWithCmk: {
      enforcement: 'Unspecified' 
    }
  }
}

var roleDefinitionId = subscriptionResourceId(
  'Microsoft.Authorization/roleDefinitions',
  'role_ID'
)

resource searchServiceIndexAppPermissions 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
  name: guid(bingSearch.id, webApp.name, roleDefinitionId)
  scope: bingSearch
  properties: {
    principalId: webApp.identity.principalId
    principalType: 'ServicePrincipal'
    roleDefinitionId: roleDefinitionId
  }
}

部署成功:

enter image description here

enter image description here

enter image description here

enter image description here

© www.soinside.com 2019 - 2024. All rights reserved.