I have developed a powershell script that allows me to download the Logic Apps from the portal in Visual Studio. Along with the JSON template it also downloads the parameters defined in the Logic App (which is how I wanted). We had established connections with Dataverse and Salesforce via Sign in method. But the problem is that when I download the template via Powershell script and update the parameter file to deploy to a different environment it asks for the credentials which are for service principal login. I haven't used service principal login when creating the connection and I don't have those credentials. I tried removing those parameters from both the parameter file and .JSON file but I am getting error as below:
Error: Code=InvalidDeploymentParameterValue; Message=The value of deployment parameter 'commondataservice-5_token:clientSecret' is null. Please specify the value or use the parameter reference.
These parameters were automatically added in my parameter.json file.
"commondataservice-5_token:clientId": {
"value": null
},
"commondataservice-5_token:clientSecret": {
"value": null
},
"commondataservice-5_token:resourceUri": {
"value": null
},
"commondataservice-5_token:grantType": {
"value": "code"
}
This is how the main Logic App template looks like for the dataverse connection
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"location": "[parameters('logicAppLocation')]",
"name": "[parameters('commondataservice-5_name')]",
"properties": {
"api": {
"id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',parameters('logicAppLocation'),'/managedApis/commondataservice')]"
},
"displayName": "[parameters('commondataservice-5_displayName')]",
"parameterValues": {
"token:clientId": "[parameters('commondataservice-5_token:clientId')]",
"token:clientSecret": "[parameters('commondataservice-5_token:clientSecret')]",
"token:TenantId": "[parameters('commondataservice-5_token:TenantId')]",
"token:resourceUri": "[parameters('commondataservice-5_token:resourceUri')]",
"token:grantType": "[parameters('commondataservice-5_token:grantType')]"
}
}
}
Below is the Powershell command to get the LA template:
Get-LogicAppTemplate -LogicApp fc-cus-dev-int-test-param-dynamicexpression -ResourceGroup FC-CUS-DEV-INT-RG -SubscriptionId xxxxx-xxxxxx -Verbose | Out-File "C:\Users\xxxxxx\Desktop\DynamicExpression-NA.LogicApp.json"
#Powershell command to get the Parameters:
Get-ParameterTemplate -TemplateFile "C:\Users\xxxxx\Desktop\DynamicExpression-NA.LogicApp.json" | Out-File "C:\Users\xxxxxx\DynamicExpression-NA.LAparameters.json"
I have followed this article to download the Logic App: https://blog.sandro-pereira.com/2020/12/21/logic-apps-moving-from-azure-portal-to-visual-studio/
I am having a hard time trying to remove the connection parameters from the parameter file and deploying the LA. Any suggestions or pointers are highly appreciated
You have to update the parameter file with actual values. When you extract a template it creates the parameter file but for for security reasons any value that should not be public (i.e. password) it does not retrieve the existing value. Those values all show as null in your parameter file. You need to get those values and update the parameter file before deploying.
Related
I am trying to create an ARM template which creates a policy definition and an policy assignment as well. While creating policy assignment, I am getting an error that says - "The policy assignment 'xyz' create request is invalid. Policy assignment scope '/subscriptions/<subscription_id>/providers/subscriptions/' must match the scope specified on the Uri '/subscriptions/<subscription_id>'" and the policy does not get assigned to the subscription level. Not sure the reason for this error. Pasting the part of the script here.
{
"type": "Microsoft.Authorization/policyAssignments",
"apiVersion": "2021-06-01",
"name": "require-tags",
"properties":{
"scope": "[subscriptionResourceId('/subscriptions' ,parameters('targetSubs'))]",
"policyDefinitionId": "[extensionResourceId(variables('subscriptionScope'), 'Microsoft.Authorization/policyDefinitions' , variables('policyDefinitionName'))]"
},
"dependsOn": [
"[format('Microsoft.Authorization/policyDefinitions/{0}', variables('policyDefinitionName'))]"
]
}
and the variable is defined as follows -
"variables": {
"subscriptionScope":"[subscriptionResourceId('/subscriptions' ,parameters('targetSubs'))]",
"policyDefinitionName": "RequireTagsifnotPresent"
}
It looks like you are trying to deploy to a different subscription scope.
If you're using "az deployment sub create" to deploy the ARM, make sure you set beforehand the subscription to the "targetSubs" that you use in your template (az account set targetSubs).
I would like to change the application settings of an azure functions via API. I have found this API For this API I generate such a body:
{
"properties":
{
"appSettings":[
{
"Name":"452bb"
}
]
}
}
After sending my request I get Response Code: 200 but the value of Name doesn't change in Application settings of the Azure functions
Do you have any idea, why it doesn't work for me?
Suppose what you need is Update Application Settings, I try this this could update the application settings.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/config/appsettings?api-version=2019-08-01
Body
{
"id": "subscriptions/{subscriptionId}/resourceGroups/{resource group}/providers/Microsoft.Web/sites/{WebAppName}/config/appsettings",
"name": "appsettings",
"type": "Microsoft.Web/sites/config",
"location": "South Central US",
"tags": {
"hidden-related:/subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Web/serverfarms/tomfreePlan": "empty"
},
"properties": {
"Test1": "testValue1" //Added value
}
}
And before update the settings, you could use List Application Settings post way to list the appsetting body firstly.
As for the api you post, this appsettings I check the resource explorer, it's under the web tag and the appsettings you want it's the first tag shown in the below pics. And I try to just change it in the resource explorer, it doesn't show any error however the value still keep null, so just use the Update Application Settings API
I am trying to create an Azure bot using Azure Rest API.
I am hitting this API (PUT Request) via the code by replacing the subscription id, resource group name
https://management.azure.com/subscriptions/{subscription id}/resourceGroups/{resourcegroupId}
/providers/Microsoft.BotService/botServices/{botName}?api-version=2018-07-12
Request body as follows
{"location":"global","properties":{"displayName":"{botName}","description":"{botName}","iconUrl":"https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png","endpoint":"{endPoint}","msaAppId":"{app ID}"}}
However I am getting the error as
{
"error": {
"code": "InvalidBotData",
"message": "Bot is not valid. Errors: RuntimeVersion is required. See https://aka.ms/bot-requirements for detailed requirements."
}
}
I tried using nodejs (arm-botservice SDK) to create the bot using the same parameters (of course changing the parameters according to our azure portal ids) but I am still getting the same error. I guess internally it will call the same API as above.
Any help would be appreciated to resolve this issue.
Finally, I was able to do it.
I added the kind parameter and then it worked.
Following is the request
{"location":"global",kind="registration","properties":{"displayName":"{botName}","description":"{botName}","iconUrl":"https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png","endpoint":"{endPoint}","msaAppId":"{app ID}"}}
Programmatic bot creation can not be done with REST at this time.
How to create Web App bot in azure using programmatically?
Use az cli as #joey-cai mentioned.
To create a Microsoft.BotService/botServices/channels resource, add the following JSON to the resources section of your template.
{
"name": "string",
"type": "Microsoft.BotService/botServices/channels",
"apiVersion": "2018-07-12",
"location": "string",
"tags": {},
"sku": {
"name": "string"
},
"kind": "string",
"properties": {
"channelName": "string"
}
}
Source : https://learn.microsoft.com/en-us/azure/templates/microsoft.botservice/2018-07-12/botservices/channels
I tried to automate to manage hybrid connections in azure through deployment of arm template through storage blobs . The problems comes when it asks for key and value which is entered in user metadata property .The template is deployed successfully but when I try to open the properties page of Hybrid connection it shows an error whose image is being shared.
I am also sharing some part of the arm template which shows how I define user metadata.
I have tried changing the syntax of the user metadata property in the json file but that doesn't help.
{
"name": "[concat(parameters('servicebus_name'),
'/hybridConnectionName')]",
"type": "Microsoft.Relay/namespaces/hybridConnections",
"apiVersion": "2017-04-01",
"location": "East US",
"dependsOn": [
"[resourceId('Microsoft.Relay/namespaces',
parameters('servicebus_name'))]"
],
"properties": {
"requiresClientAuthorization": true,
"userMetadata": "\"
[concat('[{\\\"key\\\":\\\"endpoint\\\",\\\"value\\\":\\\"',
variables('myEndpoint'), '\\\"}]')]\" "
]
}
}
The error message is displayed on the properties page of Hybrid connections and it shows :
Part's onInputsSet promise failed.(id: Microsoft_Azure_Relay-fx-010-00e)
I was trying to add Azure key vault integration with our ARM deployment, so we can keep all password in Azure Key-Vault.
I was following this to try to access secret (adminPassword) I have created in Azure KeyVault (dSentienceAnalytics). Here is my template
I tried to deploy this template through Powershell, but it asked me to enter value for variable “adminPassword”, which it supposed to retrieve from Azure key vault.
Do you see what I am missing here?
You cannot use a KeyVault reference in the template itself, only in the parameters file. So your template will not look any differently if you're using KeyVault, the adminPassword parameter will simply be defined as a secureString. The template's use of the password can look exactly like this:
https://github.com/Azure/azure-quickstart-templates/blob/master/101-vm-simple-linux/azuredeploy.json
The parameters file, is where the reference will be used. The first code sample here:
https://azure.microsoft.com/en-us/documentation/articles/resource-manager-keyvault-parameter/#reference-a-secret-with-static-id
Is showing you the parameters file, not the template file's parameter object (it is a bit confusing).
For a really simple example, see the KeyVaultUse.json and KeyVaultUse.parameters.json here:
https://github.com/rjmax/ArmExamples/tree/master/keyvaultexamples
Note that there's nothing unique or different about KeyVaultUse.json, the "key" is in the parameters file.
That help?
You can create a linked template and pass the keyvault secret to that as a parameter. Your linked template will need to be accessible to Azure at some uri.
"name": "linked-template",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri":"<your linked template uri, e.g. a blob-store file with a sas token>"
},
"parameters": {
"password": {
"reference": {
"keyVault": {
"id": "[variables('keyVaultId')]"
},
"secretName": "password"
}
},
You will need the id of your key vault, e.g. here, it's assume to be in a variable constructed from parameters on the top-level template where the user specifies a resource group and name for the key-vault:
"deploymentKeyVaultId" : "[resourceid(subscription().subscriptionId,
parameters('keyVaultResourceGroup'), 'Microsoft.KeyVault/vaults',
parameters('keyVaultName'))]",
What are you trying to deploy? If it is an app service you can retrieve the secret from Key Vault with the combination of leveraging Managed Service Identity and access policy on the Key Vault. Here's how to turn on MSI authentication for App Service and add access policy
In the App Service can add something like this:
{
"apiVersion": "2018-11-01",
"name": "appsettings",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', WEBSITE NAME))]",
"Microsoft.ApplicationInsights.AzureWebSites",
"[resourceId('Microsoft.KeyVault/vaults/', variables('keyVaultName'))]",
"[resourceId('Microsoft.KeyVault/vaults/secrets', variables('keyVaultName'), variables('secretName'))]"
],
"properties": {
"ConnectionSecret": "[concat('#Microsoft.KeyVault(SecretUri=', reference(SECRET NAME).secretUriWithVersion, ')')]"
}