Microsoft.ServiceLinker linkers
Bicep resource definition
The linkers resource type is an extension resource, which means you can apply it to another resource.
Use the scope
property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.
The linkers resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ServiceLinker/linkers resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.ServiceLinker/linkers@2022-11-01-preview' = {
name: 'string'
scope: resourceSymbolicName
properties: {
authInfo: {
authType: 'string'
// For remaining properties, see AuthInfoBase objects
}
clientType: 'string'
configurationInfo: {
action: 'string'
additionalConfigurations: {
{customized property}: 'string'
}
customizedKeys: {
{customized property}: 'string'
}
daprProperties: {
componentType: 'string'
metadata: [
{
name: 'string'
secretRef: 'string'
value: 'string'
}
]
scopes: [
'string'
]
secretStoreComponent: 'string'
version: 'string'
}
deleteOrUpdateBehavior: 'string'
}
publicNetworkSolution: {
action: 'string'
deleteOrUpdateBehavior: 'string'
firewallRules: {
azureServices: 'string'
callerClientIP: 'string'
ipRanges: [
'string'
]
}
}
scope: 'string'
secretStore: {
keyVaultId: 'string'
keyVaultSecretName: 'string'
}
targetService: {
type: 'string'
// For remaining properties, see TargetServiceBase objects
}
vNetSolution: {
deleteOrUpdateBehavior: 'string'
type: 'string'
}
}
}
AuthInfoBase objects
Set the authType property to specify the type of object.
For accessKey, use:
authType: 'accessKey'
permissions: [
'string'
]
For secret, use:
authType: 'secret'
name: 'string'
secretInfo: {
secretType: 'string'
// For remaining properties, see SecretInfoBase objects
}
For servicePrincipalCertificate, use:
authType: 'servicePrincipalCertificate'
certificate: 'string'
clientId: 'string'
deleteOrUpdateBehavior: 'string'
principalId: 'string'
roles: [
'string'
]
For servicePrincipalSecret, use:
authType: 'servicePrincipalSecret'
clientId: 'string'
deleteOrUpdateBehavior: 'string'
principalId: 'string'
roles: [
'string'
]
secret: 'string'
userName: 'string'
For systemAssignedIdentity, use:
authType: 'systemAssignedIdentity'
deleteOrUpdateBehavior: 'string'
roles: [
'string'
]
userName: 'string'
For userAccount, use:
authType: 'userAccount'
deleteOrUpdateBehavior: 'string'
principalId: 'string'
roles: [
'string'
]
userName: 'string'
For userAssignedIdentity, use:
authType: 'userAssignedIdentity'
clientId: 'string'
deleteOrUpdateBehavior: 'string'
roles: [
'string'
]
subscriptionId: 'string'
userName: 'string'
SecretInfoBase objects
Set the secretType property to specify the type of object.
For keyVaultSecretReference, use:
secretType: 'keyVaultSecretReference'
name: 'string'
version: 'string'
For keyVaultSecretUri, use:
secretType: 'keyVaultSecretUri'
value: 'string'
For rawValue, use:
secretType: 'rawValue'
value: 'string'
TargetServiceBase objects
Set the type property to specify the type of object.
For AzureResource, use:
type: 'AzureResource'
id: 'string'
resourceProperties: {
type: 'string'
// For remaining properties, see AzureResourcePropertiesBase objects
}
For ConfluentBootstrapServer, use:
type: 'ConfluentBootstrapServer'
endpoint: 'string'
For ConfluentSchemaRegistry, use:
type: 'ConfluentSchemaRegistry'
endpoint: 'string'
For SelfHostedServer, use:
type: 'SelfHostedServer'
endpoint: 'string'
AzureResourcePropertiesBase objects
Set the type property to specify the type of object.
For KeyVault, use:
type: 'KeyVault'
connectAsKubernetesCsiDriver: bool
Property values
linkers
Name | Description | Value |
---|---|---|
name | The resource name | string (required) |
scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For Bicep, set this property to the symbolic name of the resource to apply the extension resource. |
properties | The properties of the Linker. | LinkerProperties (required) |
LinkerProperties
Name | Description | Value |
---|---|---|
authInfo | The authentication type. | AuthInfoBase |
clientType | The application client type | 'dapr' 'django' 'dotnet' 'go' 'java' 'kafka-springBoot' 'nodejs' 'none' 'php' 'python' 'ruby' 'springBoot' |
configurationInfo | The connection information consumed by applications, including secrets, connection strings. | ConfigurationInfo |
publicNetworkSolution | The network solution. | PublicNetworkSolution |
scope | connection scope in source service. | string |
secretStore | An option to store secret value in secure place | SecretStore |
targetService | The target service properties | TargetServiceBase |
vNetSolution | The VNet solution. | VNetSolution |
AuthInfoBase
Name | Description | Value |
---|---|---|
authType | Set the object type | accessKey secret servicePrincipalCertificate servicePrincipalSecret systemAssignedIdentity userAccount userAssignedIdentity (required) |
AccessKeyInfoBase
Name | Description | Value |
---|---|---|
authType | The authentication type. | 'accessKey' (required) |
permissions | Permissions of the accessKey. Read and Write are for Azure Cosmos DB and Azure App Configuration, Listen , Send and Manage are for Azure Event Hub and Azure Service Bus. |
String array containing any of: 'Listen' 'Manage' 'Read' 'Send' 'Write' |
SecretAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | 'secret' (required) |
name | Username or account name for secret auth. | string |
secretInfo | Password or key vault secret for secret auth. | SecretInfoBase |
SecretInfoBase
Name | Description | Value |
---|---|---|
secretType | Set the object type | keyVaultSecretReference keyVaultSecretUri rawValue (required) |
KeyVaultSecretReferenceSecretInfo
Name | Description | Value |
---|---|---|
secretType | The secret type. | 'keyVaultSecretReference' (required) |
name | Name of the Key Vault secret. | string |
version | Version of the Key Vault secret. | string |
KeyVaultSecretUriSecretInfo
Name | Description | Value |
---|---|---|
secretType | The secret type. | 'keyVaultSecretUri' (required) |
value | URI to the keyvault secret | string |
ValueSecretInfo
Name | Description | Value |
---|---|---|
secretType | The secret type. | 'rawValue' (required) |
value | The actual value of the secret. | string Constraints: Sensitive value. Pass in as a secure parameter. |
ServicePrincipalCertificateAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | 'servicePrincipalCertificate' (required) |
certificate | ServicePrincipal certificate for servicePrincipal auth. | string (required) Constraints: Sensitive value. Pass in as a secure parameter. |
clientId | Application clientId for servicePrincipal auth. | string (required) |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | 'Default' 'ForcedCleanup' |
principalId | Principal Id for servicePrincipal auth. | string (required) |
roles | Optional, this value specifies the Azure roles to be assigned. Automatically | string[] |
ServicePrincipalSecretAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | 'servicePrincipalSecret' (required) |
clientId | ServicePrincipal application clientId for servicePrincipal auth. | string (required) |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | 'Default' 'ForcedCleanup' |
principalId | Principal Id for servicePrincipal auth. | string (required) |
roles | Optional, this value specifies the Azure roles to be assigned. Automatically | string[] |
secret | Secret for servicePrincipal auth. | string (required) Constraints: Sensitive value. Pass in as a secure parameter. |
userName | Username created in the database which is mapped to a user in AAD. | string |
SystemAssignedIdentityAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | 'systemAssignedIdentity' (required) |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | 'Default' 'ForcedCleanup' |
roles | Optional, this value specifies the Azure role to be assigned | string[] |
userName | Username created in the database which is mapped to a user in AAD. | string |
UserAccountAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | 'userAccount' (required) |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | 'Default' 'ForcedCleanup' |
principalId | Principal Id for user account. | string |
roles | Optional, this value specifies the Azure roles to be assigned. Automatically | string[] |
userName | Username created in the database which is mapped to a user in AAD. | string |
UserAssignedIdentityAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | 'userAssignedIdentity' (required) |
clientId | Client Id for userAssignedIdentity. | string |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | 'Default' 'ForcedCleanup' |
roles | Optional, this value specifies the Azure role to be assigned | string[] |
subscriptionId | Subscription id for userAssignedIdentity. | string |
userName | Username created in the database which is mapped to a user in AAD. | string |
ConfigurationInfo
Name | Description | Value |
---|---|---|
action | Optional, indicate whether to apply configurations on source application. If enable, generate configurations and applied to the source application. Default is enable. If optOut, no configuration change will be made on source. | 'Internal' 'enable' 'optOut' |
additionalConfigurations | A dictionary of additional configurations to be added. Service will auto generate a set of basic configurations and this property is to full fill more customized configurations | ConfigurationInfoAdditionalConfigurations |
customizedKeys | Optional. A dictionary of default key name and customized key name mapping. If not specified, default key name will be used for generate configurations | ConfigurationInfoCustomizedKeys |
daprProperties | Indicates some additional properties for dapr client type | DaprProperties |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | 'Default' 'ForcedCleanup' |
ConfigurationInfoAdditionalConfigurations
Name | Description | Value |
---|---|---|
{customized property} | string |
ConfigurationInfoCustomizedKeys
Name | Description | Value |
---|---|---|
{customized property} | string |
DaprProperties
Name | Description | Value |
---|---|---|
componentType | The dapr component type | string |
metadata | Additional dapr metadata | DaprMetadata[] |
scopes | The dapr component scopes | string[] |
secretStoreComponent | The name of a secret store dapr to retrieve secret | string |
version | The dapr component version | string |
DaprMetadata
Name | Description | Value |
---|---|---|
name | Metadata property name. | string |
secretRef | The secret name where dapr could get value | string |
value | Metadata property value. | string |
PublicNetworkSolution
Name | Description | Value |
---|---|---|
action | Optional. Indicates public network solution. If enable, enable public network access of target service with best try. Default is enable. If optOut, opt out public network access configuration. | 'Internal' 'enable' 'optOut' |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation(such as firewall rules) when Linker is updating or deleting | 'Default' 'ForcedCleanup' |
firewallRules | Describe firewall rules of target service to make sure source application could connect to the target. | FirewallRules |
FirewallRules
Name | Description | Value |
---|---|---|
azureServices | Allow Azure services to access the target service if true. | 'false' 'true' |
callerClientIP | Allow caller client IP to access the target service if true. the property is used when connecting local application to target service. | 'false' 'true' |
ipRanges | This value specifies the set of IP addresses or IP address ranges in CIDR form to be included as the allowed list of client IPs for a given database account. | string[] |
SecretStore
Name | Description | Value |
---|---|---|
keyVaultId | The key vault id to store secret | string |
keyVaultSecretName | The key vault secret name to store secret, only valid when storing one secret | string |
TargetServiceBase
Name | Description | Value |
---|---|---|
type | Set the object type | AzureResource ConfluentBootstrapServer ConfluentSchemaRegistry SelfHostedServer (required) |
AzureResource
Name | Description | Value |
---|---|---|
type | The target service type. | 'AzureResource' (required) |
id | The Id of azure resource. | string |
resourceProperties | The azure resource connection related properties. | AzureResourcePropertiesBase |
AzureResourcePropertiesBase
Name | Description | Value |
---|---|---|
type | Set the object type | KeyVault (required) |
AzureKeyVaultProperties
Name | Description | Value |
---|---|---|
type | The azure resource type. | 'KeyVault' (required) |
connectAsKubernetesCsiDriver | True if connect via Kubernetes CSI Driver. | bool |
ConfluentBootstrapServer
Name | Description | Value |
---|---|---|
type | The target service type. | 'ConfluentBootstrapServer' (required) |
endpoint | The endpoint of service. | string |
ConfluentSchemaRegistry
Name | Description | Value |
---|---|---|
type | The target service type. | 'ConfluentSchemaRegistry' (required) |
endpoint | The endpoint of service. | string |
SelfHostedServer
Name | Description | Value |
---|---|---|
type | The target service type. | 'SelfHostedServer' (required) |
endpoint | The endpoint of service. | string |
VNetSolution
Name | Description | Value |
---|---|---|
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | 'Default' 'ForcedCleanup' |
type | Type of VNet solution. | 'privateLink' 'serviceEndpoint' |
ARM template resource definition
The linkers resource type is an extension resource, which means you can apply it to another resource.
Use the scope
property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.
The linkers resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ServiceLinker/linkers resource, add the following JSON to your template.
{
"type": "Microsoft.ServiceLinker/linkers",
"apiVersion": "2022-11-01-preview",
"name": "string",
"scope": "string",
"properties": {
"authInfo": {
"authType": "string"
// For remaining properties, see AuthInfoBase objects
},
"clientType": "string",
"configurationInfo": {
"action": "string",
"additionalConfigurations": {
"{customized property}": "string"
},
"customizedKeys": {
"{customized property}": "string"
},
"daprProperties": {
"componentType": "string",
"metadata": [
{
"name": "string",
"secretRef": "string",
"value": "string"
}
],
"scopes": [ "string" ],
"secretStoreComponent": "string",
"version": "string"
},
"deleteOrUpdateBehavior": "string"
},
"publicNetworkSolution": {
"action": "string",
"deleteOrUpdateBehavior": "string",
"firewallRules": {
"azureServices": "string",
"callerClientIP": "string",
"ipRanges": [ "string" ]
}
},
"scope": "string",
"secretStore": {
"keyVaultId": "string",
"keyVaultSecretName": "string"
},
"targetService": {
"type": "string"
// For remaining properties, see TargetServiceBase objects
},
"vNetSolution": {
"deleteOrUpdateBehavior": "string",
"type": "string"
}
}
}
AuthInfoBase objects
Set the authType property to specify the type of object.
For accessKey, use:
"authType": "accessKey",
"permissions": [ "string" ]
For secret, use:
"authType": "secret",
"name": "string",
"secretInfo": {
"secretType": "string"
// For remaining properties, see SecretInfoBase objects
}
For servicePrincipalCertificate, use:
"authType": "servicePrincipalCertificate",
"certificate": "string",
"clientId": "string",
"deleteOrUpdateBehavior": "string",
"principalId": "string",
"roles": [ "string" ]
For servicePrincipalSecret, use:
"authType": "servicePrincipalSecret",
"clientId": "string",
"deleteOrUpdateBehavior": "string",
"principalId": "string",
"roles": [ "string" ],
"secret": "string",
"userName": "string"
For systemAssignedIdentity, use:
"authType": "systemAssignedIdentity",
"deleteOrUpdateBehavior": "string",
"roles": [ "string" ],
"userName": "string"
For userAccount, use:
"authType": "userAccount",
"deleteOrUpdateBehavior": "string",
"principalId": "string",
"roles": [ "string" ],
"userName": "string"
For userAssignedIdentity, use:
"authType": "userAssignedIdentity",
"clientId": "string",
"deleteOrUpdateBehavior": "string",
"roles": [ "string" ],
"subscriptionId": "string",
"userName": "string"
SecretInfoBase objects
Set the secretType property to specify the type of object.
For keyVaultSecretReference, use:
"secretType": "keyVaultSecretReference",
"name": "string",
"version": "string"
For keyVaultSecretUri, use:
"secretType": "keyVaultSecretUri",
"value": "string"
For rawValue, use:
"secretType": "rawValue",
"value": "string"
TargetServiceBase objects
Set the type property to specify the type of object.
For AzureResource, use:
"type": "AzureResource",
"id": "string",
"resourceProperties": {
"type": "string"
// For remaining properties, see AzureResourcePropertiesBase objects
}
For ConfluentBootstrapServer, use:
"type": "ConfluentBootstrapServer",
"endpoint": "string"
For ConfluentSchemaRegistry, use:
"type": "ConfluentSchemaRegistry",
"endpoint": "string"
For SelfHostedServer, use:
"type": "SelfHostedServer",
"endpoint": "string"
AzureResourcePropertiesBase objects
Set the type property to specify the type of object.
For KeyVault, use:
"type": "KeyVault",
"connectAsKubernetesCsiDriver": "bool"
Property values
linkers
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.ServiceLinker/linkers' |
apiVersion | The resource api version | '2022-11-01-preview' |
name | The resource name | string (required) |
scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For JSON, set the value to the full name of the resource to apply the extension resource to. |
properties | The properties of the Linker. | LinkerProperties (required) |
LinkerProperties
Name | Description | Value |
---|---|---|
authInfo | The authentication type. | AuthInfoBase |
clientType | The application client type | 'dapr' 'django' 'dotnet' 'go' 'java' 'kafka-springBoot' 'nodejs' 'none' 'php' 'python' 'ruby' 'springBoot' |
configurationInfo | The connection information consumed by applications, including secrets, connection strings. | ConfigurationInfo |
publicNetworkSolution | The network solution. | PublicNetworkSolution |
scope | connection scope in source service. | string |
secretStore | An option to store secret value in secure place | SecretStore |
targetService | The target service properties | TargetServiceBase |
vNetSolution | The VNet solution. | VNetSolution |
AuthInfoBase
Name | Description | Value |
---|---|---|
authType | Set the object type | accessKey secret servicePrincipalCertificate servicePrincipalSecret systemAssignedIdentity userAccount userAssignedIdentity (required) |
AccessKeyInfoBase
Name | Description | Value |
---|---|---|
authType | The authentication type. | 'accessKey' (required) |
permissions | Permissions of the accessKey. Read and Write are for Azure Cosmos DB and Azure App Configuration, Listen , Send and Manage are for Azure Event Hub and Azure Service Bus. |
String array containing any of: 'Listen' 'Manage' 'Read' 'Send' 'Write' |
SecretAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | 'secret' (required) |
name | Username or account name for secret auth. | string |
secretInfo | Password or key vault secret for secret auth. | SecretInfoBase |
SecretInfoBase
Name | Description | Value |
---|---|---|
secretType | Set the object type | keyVaultSecretReference keyVaultSecretUri rawValue (required) |
KeyVaultSecretReferenceSecretInfo
Name | Description | Value |
---|---|---|
secretType | The secret type. | 'keyVaultSecretReference' (required) |
name | Name of the Key Vault secret. | string |
version | Version of the Key Vault secret. | string |
KeyVaultSecretUriSecretInfo
Name | Description | Value |
---|---|---|
secretType | The secret type. | 'keyVaultSecretUri' (required) |
value | URI to the keyvault secret | string |
ValueSecretInfo
Name | Description | Value |
---|---|---|
secretType | The secret type. | 'rawValue' (required) |
value | The actual value of the secret. | string Constraints: Sensitive value. Pass in as a secure parameter. |
ServicePrincipalCertificateAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | 'servicePrincipalCertificate' (required) |
certificate | ServicePrincipal certificate for servicePrincipal auth. | string (required) Constraints: Sensitive value. Pass in as a secure parameter. |
clientId | Application clientId for servicePrincipal auth. | string (required) |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | 'Default' 'ForcedCleanup' |
principalId | Principal Id for servicePrincipal auth. | string (required) |
roles | Optional, this value specifies the Azure roles to be assigned. Automatically | string[] |
ServicePrincipalSecretAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | 'servicePrincipalSecret' (required) |
clientId | ServicePrincipal application clientId for servicePrincipal auth. | string (required) |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | 'Default' 'ForcedCleanup' |
principalId | Principal Id for servicePrincipal auth. | string (required) |
roles | Optional, this value specifies the Azure roles to be assigned. Automatically | string[] |
secret | Secret for servicePrincipal auth. | string (required) Constraints: Sensitive value. Pass in as a secure parameter. |
userName | Username created in the database which is mapped to a user in AAD. | string |
SystemAssignedIdentityAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | 'systemAssignedIdentity' (required) |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | 'Default' 'ForcedCleanup' |
roles | Optional, this value specifies the Azure role to be assigned | string[] |
userName | Username created in the database which is mapped to a user in AAD. | string |
UserAccountAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | 'userAccount' (required) |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | 'Default' 'ForcedCleanup' |
principalId | Principal Id for user account. | string |
roles | Optional, this value specifies the Azure roles to be assigned. Automatically | string[] |
userName | Username created in the database which is mapped to a user in AAD. | string |
UserAssignedIdentityAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | 'userAssignedIdentity' (required) |
clientId | Client Id for userAssignedIdentity. | string |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | 'Default' 'ForcedCleanup' |
roles | Optional, this value specifies the Azure role to be assigned | string[] |
subscriptionId | Subscription id for userAssignedIdentity. | string |
userName | Username created in the database which is mapped to a user in AAD. | string |
ConfigurationInfo
Name | Description | Value |
---|---|---|
action | Optional, indicate whether to apply configurations on source application. If enable, generate configurations and applied to the source application. Default is enable. If optOut, no configuration change will be made on source. | 'Internal' 'enable' 'optOut' |
additionalConfigurations | A dictionary of additional configurations to be added. Service will auto generate a set of basic configurations and this property is to full fill more customized configurations | ConfigurationInfoAdditionalConfigurations |
customizedKeys | Optional. A dictionary of default key name and customized key name mapping. If not specified, default key name will be used for generate configurations | ConfigurationInfoCustomizedKeys |
daprProperties | Indicates some additional properties for dapr client type | DaprProperties |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | 'Default' 'ForcedCleanup' |
ConfigurationInfoAdditionalConfigurations
Name | Description | Value |
---|---|---|
{customized property} | string |
ConfigurationInfoCustomizedKeys
Name | Description | Value |
---|---|---|
{customized property} | string |
DaprProperties
Name | Description | Value |
---|---|---|
componentType | The dapr component type | string |
metadata | Additional dapr metadata | DaprMetadata[] |
scopes | The dapr component scopes | string[] |
secretStoreComponent | The name of a secret store dapr to retrieve secret | string |
version | The dapr component version | string |
DaprMetadata
Name | Description | Value |
---|---|---|
name | Metadata property name. | string |
secretRef | The secret name where dapr could get value | string |
value | Metadata property value. | string |
PublicNetworkSolution
Name | Description | Value |
---|---|---|
action | Optional. Indicates public network solution. If enable, enable public network access of target service with best try. Default is enable. If optOut, opt out public network access configuration. | 'Internal' 'enable' 'optOut' |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation(such as firewall rules) when Linker is updating or deleting | 'Default' 'ForcedCleanup' |
firewallRules | Describe firewall rules of target service to make sure source application could connect to the target. | FirewallRules |
FirewallRules
Name | Description | Value |
---|---|---|
azureServices | Allow Azure services to access the target service if true. | 'false' 'true' |
callerClientIP | Allow caller client IP to access the target service if true. the property is used when connecting local application to target service. | 'false' 'true' |
ipRanges | This value specifies the set of IP addresses or IP address ranges in CIDR form to be included as the allowed list of client IPs for a given database account. | string[] |
SecretStore
Name | Description | Value |
---|---|---|
keyVaultId | The key vault id to store secret | string |
keyVaultSecretName | The key vault secret name to store secret, only valid when storing one secret | string |
TargetServiceBase
Name | Description | Value |
---|---|---|
type | Set the object type | AzureResource ConfluentBootstrapServer ConfluentSchemaRegistry SelfHostedServer (required) |
AzureResource
Name | Description | Value |
---|---|---|
type | The target service type. | 'AzureResource' (required) |
id | The Id of azure resource. | string |
resourceProperties | The azure resource connection related properties. | AzureResourcePropertiesBase |
AzureResourcePropertiesBase
Name | Description | Value |
---|---|---|
type | Set the object type | KeyVault (required) |
AzureKeyVaultProperties
Name | Description | Value |
---|---|---|
type | The azure resource type. | 'KeyVault' (required) |
connectAsKubernetesCsiDriver | True if connect via Kubernetes CSI Driver. | bool |
ConfluentBootstrapServer
Name | Description | Value |
---|---|---|
type | The target service type. | 'ConfluentBootstrapServer' (required) |
endpoint | The endpoint of service. | string |
ConfluentSchemaRegistry
Name | Description | Value |
---|---|---|
type | The target service type. | 'ConfluentSchemaRegistry' (required) |
endpoint | The endpoint of service. | string |
SelfHostedServer
Name | Description | Value |
---|---|---|
type | The target service type. | 'SelfHostedServer' (required) |
endpoint | The endpoint of service. | string |
VNetSolution
Name | Description | Value |
---|---|---|
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | 'Default' 'ForcedCleanup' |
type | Type of VNet solution. | 'privateLink' 'serviceEndpoint' |
Terraform (AzAPI provider) resource definition
The linkers resource type is an extension resource, which means you can apply it to another resource.
Use the parent_id
property on this resource to set the scope for this resource.
The linkers resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ServiceLinker/linkers resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.ServiceLinker/linkers@2022-11-01-preview"
name = "string"
parent_id = "string"
body = jsonencode({
properties = {
authInfo = {
authType = "string"
// For remaining properties, see AuthInfoBase objects
}
clientType = "string"
configurationInfo = {
action = "string"
additionalConfigurations = {
{customized property} = "string"
}
customizedKeys = {
{customized property} = "string"
}
daprProperties = {
componentType = "string"
metadata = [
{
name = "string"
secretRef = "string"
value = "string"
}
]
scopes = [
"string"
]
secretStoreComponent = "string"
version = "string"
}
deleteOrUpdateBehavior = "string"
}
publicNetworkSolution = {
action = "string"
deleteOrUpdateBehavior = "string"
firewallRules = {
azureServices = "string"
callerClientIP = "string"
ipRanges = [
"string"
]
}
}
scope = "string"
secretStore = {
keyVaultId = "string"
keyVaultSecretName = "string"
}
targetService = {
type = "string"
// For remaining properties, see TargetServiceBase objects
}
vNetSolution = {
deleteOrUpdateBehavior = "string"
type = "string"
}
}
})
}
AuthInfoBase objects
Set the authType property to specify the type of object.
For accessKey, use:
authType = "accessKey"
permissions = [
"string"
]
For secret, use:
authType = "secret"
name = "string"
secretInfo = {
secretType = "string"
// For remaining properties, see SecretInfoBase objects
}
For servicePrincipalCertificate, use:
authType = "servicePrincipalCertificate"
certificate = "string"
clientId = "string"
deleteOrUpdateBehavior = "string"
principalId = "string"
roles = [
"string"
]
For servicePrincipalSecret, use:
authType = "servicePrincipalSecret"
clientId = "string"
deleteOrUpdateBehavior = "string"
principalId = "string"
roles = [
"string"
]
secret = "string"
userName = "string"
For systemAssignedIdentity, use:
authType = "systemAssignedIdentity"
deleteOrUpdateBehavior = "string"
roles = [
"string"
]
userName = "string"
For userAccount, use:
authType = "userAccount"
deleteOrUpdateBehavior = "string"
principalId = "string"
roles = [
"string"
]
userName = "string"
For userAssignedIdentity, use:
authType = "userAssignedIdentity"
clientId = "string"
deleteOrUpdateBehavior = "string"
roles = [
"string"
]
subscriptionId = "string"
userName = "string"
SecretInfoBase objects
Set the secretType property to specify the type of object.
For keyVaultSecretReference, use:
secretType = "keyVaultSecretReference"
name = "string"
version = "string"
For keyVaultSecretUri, use:
secretType = "keyVaultSecretUri"
value = "string"
For rawValue, use:
secretType = "rawValue"
value = "string"
TargetServiceBase objects
Set the type property to specify the type of object.
For AzureResource, use:
type = "AzureResource"
id = "string"
resourceProperties = {
type = "string"
// For remaining properties, see AzureResourcePropertiesBase objects
}
For ConfluentBootstrapServer, use:
type = "ConfluentBootstrapServer"
endpoint = "string"
For ConfluentSchemaRegistry, use:
type = "ConfluentSchemaRegistry"
endpoint = "string"
For SelfHostedServer, use:
type = "SelfHostedServer"
endpoint = "string"
AzureResourcePropertiesBase objects
Set the type property to specify the type of object.
For KeyVault, use:
type = "KeyVault"
connectAsKubernetesCsiDriver = bool
Property values
linkers
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.ServiceLinker/linkers@2022-11-01-preview" |
name | The resource name | string (required) |
parent_id | The ID of the resource to apply this extension resource to. | string (required) |
properties | The properties of the Linker. | LinkerProperties (required) |
LinkerProperties
Name | Description | Value |
---|---|---|
authInfo | The authentication type. | AuthInfoBase |
clientType | The application client type | "dapr" "django" "dotnet" "go" "java" "kafka-springBoot" "nodejs" "none" "php" "python" "ruby" "springBoot" |
configurationInfo | The connection information consumed by applications, including secrets, connection strings. | ConfigurationInfo |
publicNetworkSolution | The network solution. | PublicNetworkSolution |
scope | connection scope in source service. | string |
secretStore | An option to store secret value in secure place | SecretStore |
targetService | The target service properties | TargetServiceBase |
vNetSolution | The VNet solution. | VNetSolution |
AuthInfoBase
Name | Description | Value |
---|---|---|
authType | Set the object type | accessKey secret servicePrincipalCertificate servicePrincipalSecret systemAssignedIdentity userAccount userAssignedIdentity (required) |
AccessKeyInfoBase
Name | Description | Value |
---|---|---|
authType | The authentication type. | "accessKey" (required) |
permissions | Permissions of the accessKey. Read and Write are for Azure Cosmos DB and Azure App Configuration, Listen , Send and Manage are for Azure Event Hub and Azure Service Bus. |
String array containing any of: "Listen" "Manage" "Read" "Send" "Write" |
SecretAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | "secret" (required) |
name | Username or account name for secret auth. | string |
secretInfo | Password or key vault secret for secret auth. | SecretInfoBase |
SecretInfoBase
Name | Description | Value |
---|---|---|
secretType | Set the object type | keyVaultSecretReference keyVaultSecretUri rawValue (required) |
KeyVaultSecretReferenceSecretInfo
Name | Description | Value |
---|---|---|
secretType | The secret type. | "keyVaultSecretReference" (required) |
name | Name of the Key Vault secret. | string |
version | Version of the Key Vault secret. | string |
KeyVaultSecretUriSecretInfo
Name | Description | Value |
---|---|---|
secretType | The secret type. | "keyVaultSecretUri" (required) |
value | URI to the keyvault secret | string |
ValueSecretInfo
Name | Description | Value |
---|---|---|
secretType | The secret type. | "rawValue" (required) |
value | The actual value of the secret. | string Constraints: Sensitive value. Pass in as a secure parameter. |
ServicePrincipalCertificateAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | "servicePrincipalCertificate" (required) |
certificate | ServicePrincipal certificate for servicePrincipal auth. | string (required) Constraints: Sensitive value. Pass in as a secure parameter. |
clientId | Application clientId for servicePrincipal auth. | string (required) |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | "Default" "ForcedCleanup" |
principalId | Principal Id for servicePrincipal auth. | string (required) |
roles | Optional, this value specifies the Azure roles to be assigned. Automatically | string[] |
ServicePrincipalSecretAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | "servicePrincipalSecret" (required) |
clientId | ServicePrincipal application clientId for servicePrincipal auth. | string (required) |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | "Default" "ForcedCleanup" |
principalId | Principal Id for servicePrincipal auth. | string (required) |
roles | Optional, this value specifies the Azure roles to be assigned. Automatically | string[] |
secret | Secret for servicePrincipal auth. | string (required) Constraints: Sensitive value. Pass in as a secure parameter. |
userName | Username created in the database which is mapped to a user in AAD. | string |
SystemAssignedIdentityAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | "systemAssignedIdentity" (required) |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | "Default" "ForcedCleanup" |
roles | Optional, this value specifies the Azure role to be assigned | string[] |
userName | Username created in the database which is mapped to a user in AAD. | string |
UserAccountAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | "userAccount" (required) |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | "Default" "ForcedCleanup" |
principalId | Principal Id for user account. | string |
roles | Optional, this value specifies the Azure roles to be assigned. Automatically | string[] |
userName | Username created in the database which is mapped to a user in AAD. | string |
UserAssignedIdentityAuthInfo
Name | Description | Value |
---|---|---|
authType | The authentication type. | "userAssignedIdentity" (required) |
clientId | Client Id for userAssignedIdentity. | string |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | "Default" "ForcedCleanup" |
roles | Optional, this value specifies the Azure role to be assigned | string[] |
subscriptionId | Subscription id for userAssignedIdentity. | string |
userName | Username created in the database which is mapped to a user in AAD. | string |
ConfigurationInfo
Name | Description | Value |
---|---|---|
action | Optional, indicate whether to apply configurations on source application. If enable, generate configurations and applied to the source application. Default is enable. If optOut, no configuration change will be made on source. | "Internal" "enable" "optOut" |
additionalConfigurations | A dictionary of additional configurations to be added. Service will auto generate a set of basic configurations and this property is to full fill more customized configurations | ConfigurationInfoAdditionalConfigurations |
customizedKeys | Optional. A dictionary of default key name and customized key name mapping. If not specified, default key name will be used for generate configurations | ConfigurationInfoCustomizedKeys |
daprProperties | Indicates some additional properties for dapr client type | DaprProperties |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | "Default" "ForcedCleanup" |
ConfigurationInfoAdditionalConfigurations
Name | Description | Value |
---|---|---|
{customized property} | string |
ConfigurationInfoCustomizedKeys
Name | Description | Value |
---|---|---|
{customized property} | string |
DaprProperties
Name | Description | Value |
---|---|---|
componentType | The dapr component type | string |
metadata | Additional dapr metadata | DaprMetadata[] |
scopes | The dapr component scopes | string[] |
secretStoreComponent | The name of a secret store dapr to retrieve secret | string |
version | The dapr component version | string |
DaprMetadata
Name | Description | Value |
---|---|---|
name | Metadata property name. | string |
secretRef | The secret name where dapr could get value | string |
value | Metadata property value. | string |
PublicNetworkSolution
Name | Description | Value |
---|---|---|
action | Optional. Indicates public network solution. If enable, enable public network access of target service with best try. Default is enable. If optOut, opt out public network access configuration. | "Internal" "enable" "optOut" |
deleteOrUpdateBehavior | Indicates whether to clean up previous operation(such as firewall rules) when Linker is updating or deleting | "Default" "ForcedCleanup" |
firewallRules | Describe firewall rules of target service to make sure source application could connect to the target. | FirewallRules |
FirewallRules
Name | Description | Value |
---|---|---|
azureServices | Allow Azure services to access the target service if true. | "false" "true" |
callerClientIP | Allow caller client IP to access the target service if true. the property is used when connecting local application to target service. | "false" "true" |
ipRanges | This value specifies the set of IP addresses or IP address ranges in CIDR form to be included as the allowed list of client IPs for a given database account. | string[] |
SecretStore
Name | Description | Value |
---|---|---|
keyVaultId | The key vault id to store secret | string |
keyVaultSecretName | The key vault secret name to store secret, only valid when storing one secret | string |
TargetServiceBase
Name | Description | Value |
---|---|---|
type | Set the object type | AzureResource ConfluentBootstrapServer ConfluentSchemaRegistry SelfHostedServer (required) |
AzureResource
Name | Description | Value |
---|---|---|
type | The target service type. | "AzureResource" (required) |
id | The Id of azure resource. | string |
resourceProperties | The azure resource connection related properties. | AzureResourcePropertiesBase |
AzureResourcePropertiesBase
Name | Description | Value |
---|---|---|
type | Set the object type | KeyVault (required) |
AzureKeyVaultProperties
Name | Description | Value |
---|---|---|
type | The azure resource type. | "KeyVault" (required) |
connectAsKubernetesCsiDriver | True if connect via Kubernetes CSI Driver. | bool |
ConfluentBootstrapServer
Name | Description | Value |
---|---|---|
type | The target service type. | "ConfluentBootstrapServer" (required) |
endpoint | The endpoint of service. | string |
ConfluentSchemaRegistry
Name | Description | Value |
---|---|---|
type | The target service type. | "ConfluentSchemaRegistry" (required) |
endpoint | The endpoint of service. | string |
SelfHostedServer
Name | Description | Value |
---|---|---|
type | The target service type. | "SelfHostedServer" (required) |
endpoint | The endpoint of service. | string |
VNetSolution
Name | Description | Value |
---|---|---|
deleteOrUpdateBehavior | Indicates whether to clean up previous operation when Linker is updating or deleting | "Default" "ForcedCleanup" |
type | Type of VNet solution. | "privateLink" "serviceEndpoint" |
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for