使用 C# 向 Azure 数据资源管理器添加群集主体Add cluster principals for Azure Data Explorer by using C#
Azure 数据资源管理器是一项快速且高度可缩放的数据探索服务,适用于日志和遥测数据。Azure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. 在本文中,将使用 C# 向 Azure 数据资源管理器添加群集主体。In this article, you add cluster principals for Azure Data Explorer by using C#.
必备条件Prerequisites
- 如果尚未安装 Visual Studio 2019,可以下载并使用免费的 Visual Studio 2019 Community Edition。If you don't have Visual Studio 2019 installed, you can download and use the free Visual Studio 2019 Community Edition. 在安装 Visual Studio 的过程中,请确保启用“Azure 开发”。 Make sure that you enable Azure development during the Visual Studio setup.
- 如果没有 Azure 订阅,请在开始前创建一个试用 Azure 帐户。If you don't have an Azure subscription, create a trial Azure account before you begin.
- 创建群集。Create a cluster.
安装 C# NuGetInstall C# NuGet
- 安装 Microsoft.Azure.Management.kusto。Install Microsoft.Azure.Management.kusto.
- 安装 Microsoft.Rest.ClientRuntime.Azure.Authentication 以进行身份验证。Install Microsoft.Rest.ClientRuntime.Azure.Authentication for authentication.
AuthenticationAuthentication
若要运行以下示例,需要可以访问资源的 Azure Active Directory (Azure AD) 应用程序和服务主体。To run the following example, you need an Azure Active Directory (Azure AD) application and service principal that can access resources. 若要创建免费的 Azure AD 应用程序并在订阅级别添加角色分配,请参阅创建 Azure AD 应用程序。To create a free Azure AD application and add role assignment at the subscription level, see Create an Azure AD application. 还需要目录(租户)ID、应用程序 ID 和客户端密码。You also need the directory (tenant) ID, application ID, and client secret.
添加群集主体Add a cluster principal
以下示例演示如何以编程方式添加群集主体。The following example shows you how to add a cluster principal programmatically.
var tenantId = "xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx";//Directory (tenant) ID
var clientId = "xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx";//Application ID
var clientSecret = "xxxxxxxxxxxxxx";//Client Secret
var subscriptionId = "xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx";
var serviceCreds = await ApplicationTokenProvider.LoginSilentAsync(tenantId, clientId, clientSecret);
var kustoManagementClient = new KustoManagementClient(serviceCreds)
{
SubscriptionId = subscriptionId
};
var resourceGroupName = "testrg";
//The cluster that is created as part of the Prerequisites
var clusterName = "mykustocluster";
string principalAssignmentName = "clusterPrincipalAssignment1";
string principalId = "xxxxxxxx";//User email, application ID, or security group name
string role = "AllDatabasesAdmin";//AllDatabasesAdmin or AllDatabasesViewer
string tenantIdForPrincipal = tenantId;
string principalType = "App";//User, App, or Group
var clusterPrincipalAssignment = new ClusterPrincipalAssignment(principalId, role, principalType, tenantId: tenantIdForPrincipal);
await kustoManagementClient.ClusterPrincipalAssignments.CreateOrUpdateAsync(resourceGroupName, clusterName, principalAssignmentName, clusterPrincipalAssignment);
| 设置Setting | 建议的值Suggested value | 字段说明Field description |
|---|---|---|
| tenantIdtenantId | xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx | 租户 ID。Your tenant ID. 也称为目录 ID。Also known as directory ID. |
| subscriptionIdsubscriptionId | xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx | 用于创建资源的订阅 ID。The subscription ID that you use for resource creation. |
| clientIdclientId | xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx | 可以访问租户中资源的应用程序的客户端 ID。The client ID of the application that can access resources in your tenant. |
| clientSecretclientSecret | xxxxxxxxxxxxxxxxxxxxxxxxxxxx | 可以访问租户中资源的应用程序的客户端密码。The client secret of the application that can access resources in your tenant. |
| resourceGroupNameresourceGroupName | testrgtestrg | 包含群集的资源组的名称。The name of the resource group containing your cluster. |
| clusterNameclusterName | mykustocluster mykustocluster | 群集的名称。The name of your cluster. |
| principalAssignmentNameprincipalAssignmentName | clusterPrincipalAssignment1clusterPrincipalAssignment1 | 群集主体资源的名称。The name of your cluster principal resource. |
| principalIdprincipalId | xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx | 主体 ID,可以是用户电子邮件、应用程序 ID 或安全组名称。The principal ID, which can be user email, application ID, or security group name. |
| 角色 (role)role | AllDatabasesAdminAllDatabasesAdmin | 群集主体的角色,可以是“AllDatabasesAdmin”或“AllDatabasesViewer”。The role of your cluster principal, which can be 'AllDatabasesAdmin' or 'AllDatabasesViewer'. |
| tenantIdForPrincipaltenantIdForPrincipal | xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx | 主体的租户 ID。The tenant ID of the principal. |
| principalTypeprincipalType | 应用App | 主体的类型,可以是“User”、“App”或“Group”The type of the principal, which can be 'User', 'App', or 'Group' |