I am using an ARM template to deploy a logic app in a second subscription in Azure which needs to trigger a POST to a webhook URL of a runbook in the first subscription.
I use the full reference to the webhook URL object in the ARM template, but unforuntately although there is no error, the logic app ends up with a blank URI.
The reference to the webhook looks like:
"RunbookWebHook": {
"type": "string",
"defaultValue": "/subscriptions/----/resourceGroups/RunbookResources/providers/Microsoft.Automation/automationAccounts/RunbookAutomationAccount/webhooks/RunbookWebhook"
},
An example reference to the webhook URI in the logic app:
"actions": {
"Runbook_Webhook": {
"runAfter": {},
"type": "Http",
"inputs": {
"headers": {
"operationName": "#{triggerBody()['data']['operationName']}",
"resourceId": "#triggerBody()?['subject']"
},
"method": "POST",
"uri": "[reference(parameters('RunbookWebHook'), '2015-10-31').uri]"
}
}
How can I get the correct URL for the webhook URI?
This is because of a restriction in Azure with regards to the Webhook URL.
In the MicroSoft documentation: https://learn.microsoft.com/en-us/azure/automation/automation-webhooks#webhook-properties
it mentions the URL property (which is actually the uri field) and it says:
URL of the webhook. This is the unique address that a client calls with an HTTP POST to start the runbook linked to the webhook. It's automatically generated when you create the webhook. You can't specify a custom URL.
The URL contains a security token that allows a third-party system to invoke the runbook with no further authentication. For this reason, you should treat the URL like a password. For security reasons, you can only view the URL in the Azure portal when creating the webhook. Note the URL in a secure location for future use.
So the URL cannot be further retrieved after creation. :(
Related
I need to build a generic Logic app using which i can send mail with attachment.
Is this possible to pass path and file name as parameter so i can use same logic app for different ADF pipelines.
Of course we can use a generic with a generic logic app. You just need to set the "When a HTTP request is received" trigger with two parameters, we can do it by specify the schema of it(shown like below).
schema:
{
"type": "object",
"properties": {
"path": {
"type": "string"
},
"fileName": {
"type": "string"
}
}
}
In following actions of your logic app, you can use the parameters path and fileName when you get the file from Azure Data Lake.
Then you can use the logic app in Azure Data Factory by a "Web" activity.
I have a shared calendar in Office 365 with read and write permissions and I am trying to get it using Get calendar (V2) connector but it is only getting my own calendar. Is there a way to get shared calendars for Office 365 in Azure logic apps?
For this problem I did some test and it seems the "Get calendar (V2)" action in logic app can't get the calendars which others shared to you. But I provide another solution(use graph api) below for your reference:
1. You need to ask others to share a calendar to you on office 365 web page but not in outlook app.
2. Then you need to create an application in your azure AD, please refer to this tutorial.
In the application you created in azure ad above, please do the steps below:
After that, please do not forget click the "Grant admin consent for xxx" button(Maybe you need to wait a few minutes until this button become clickable).
Then click "Certificates & secrets" in your application in azure ad and new a client secret.(copy this client secret to your note book)
3. Then create a "HTTP" action in your logic app and refer to the screenshot below to request for the access token.
The "client_id" is your appliction id in azure ad, "username" and "password" is your azure user name and password, the "client_secret" is what you got above. This "HTTP" action will help us to get the access token. The response should be like below:
Then we need to parse the response data in json type, you can use "Parse JSON" action.
Use the "Body" from the "HTTP" action and fill in the "Schema" box with the code below:
{
"properties": {
"access_token": {
"type": "string"
},
"expires_in": {
"type": "integer"
},
"ext_expires_in": {
"type": "integer"
},
"scope": {
"type": "string"
},
"token_type": {
"type": "string"
}
},
"type": "object"
}
4. After that, we can create another "HTTP" action in logic app and request the graph api for all of the calendars which you can see (please note there is a space between the "Bearer" and the "access_token").
5. At last, we can get all of the calendars in the second "HTTP" action's "OUTPUTS" box.
Hope it helps~
I'm able to create app id using Graph API but app secret/password is not generated with it. I need a way to generate/set a password using APIs.
Am I missing something?
You could create the password via Azure AD Graph API, you can test it in the AAD Graph Explorer.
My test sample:
Request URL:
PATCH https://graph.windows.net/{tenant id}/applications/{application object id}?api-version=1.6
Request body:
{
"passwordCredentials": [{
"endDate": "2020-08-12T02:54:44.2530506Z",
"keyId": "77fe4bf5-5d04-4a62-abc2-f064a9213d3f",
"startDate": "2019-08-12T02:54:44.2530506Z",
"customKeyIdentifier": "dGVzdA==",
"value": "XnkNIsT+cScOYeYJayQ4WNmp9tgAqw5z773uI9WQtAw="
}]
}
For more details about the request body, refer to this link - PasswordCredential.
Note: In the AAD Graph Explorer, when you send the request, the progress bar will never finish, but actually it works, you could check the result in the portal -> Azure Active Directory after a while.
Besides, there is also a Beta api in Microsoft Graph - Update application, I have not tested it, so I am not sure if it works. It is a Beta version, even if it works, I don't recommend you to use it in the production environment.
Are you following the correct API link?
Create User
It is easy to create Azure AD users using the Microsoft Graph REST. Here is a code sample for your reference:
POST https://graph.microsoft.com/v1.0/users
Authorization: Bearer {token}
Content-type: application/json
{
"accountEnabled": true,
"displayName": "Sajee",
"mailNickname": "Sinna",
"userPrincipalName": "upn-value#tenant-value.onmicrosoft.com",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "password-value"
}
}
I am trying to create a VM using the azure Rest API. I am trying to call the REST Api through Postman.
PUT Request:-
https://management.dev.azure.com/subscriptions/subscriptionID/resourcegroups/ResourceGroupName/providers/Microsoft.Resources/deployementName/DetDeployment?api-version=2019-05-01
I am using the above REST API with my subscription ID and resouceGroupName.
In the Authorization section, I am providing the Type as Basic Authentication and passing my credentials in the username and password section. Along with this, I am also passing values in the Body section.
{
"properties": {
"templateLink": {
"uri": "https://mystoragename.blob.core.windows.net/templates/VMTemplate.json",
"contentVersion": "1.0.0.0"
},
"parametersLink": {
"uri": "https://mystoragename.blob.core.windows.net/templates/VMParam.json",
"contentVersion": "1.0.0.0"
},
"mode": "Incremental",
"debugSetting": {
"detailLevel": "requestContent, responseContent"
}
}
}
Whenever I am sending this request so it is giving me an error like 400 Bad Request and message in the body section is :
Our services aren't available right nowWe're working to restore all services as soon as possible. Please check back soon.0ddImXQAAAABmya8eHqWDRp1JX69tDGdATUFBMDFFREdFMDIyMABFZGdl
Please tell me what wrong I am Doing here. From last 1 day, I am trying this.
Looks like your resource is wrong, it should be https://management.azure.com not https://management.dev.azure.com.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Resources/deployments/{deploymentName}?api-version=2019-05-01
Reference - Deploy resources with Resource Manager templates and Resource Manager REST API
Besides, I notice you use the Basic Authentication, not sure if it works for azure rest API(I think may not), even the way will work, but if your account is MFA-enabled, then you will not be able to use that.
So for the Authentication, i recommend you to see this link to get an access token to call the rest api. Or you could try the easiest way -> click Try it in this doc -> login in your account -> then you will be able to test the rest api like that in postman. Also, you can copy the Authorization token and test it in the postman.
I would like to change the price tier of my azure analysis service via rest API in logic APP.
To do this job I have founded this API
In logic APP I have set such a request
{
"uri": "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.AnalysisServices/servers/{serverName}?api-version=2017-08-01",
"method": "PATCH",
"authentication": {
"tenant": "GUID, which I get from Azure AD for AzureAS",
"audience": "https://management.azure.windows.net",
"clientId": "GUID, which I get from AzureAD for AzureAS",
"secret": "*sanitized*",
"type": "ActiveDirectoryOAuth"
},
"body": {
"sku": {
"capacity": 1,
"name": "S4",
"tier": "Standard"
},
"tags": {
"testKey": "testValue"
}
}
}
After sending this request I get this message:
BadRequest. Http request failed as there is an error getting AD OAuth token: 'AADSTS50001: The application named https://management.azure.windows.net was not found in the tenant named xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
In AzureAD I see the following:
My question is now for this API which API-Permission should I add in AzureAD?
As mentioned in the comments, the resource (audience) for which the code/token should be acquired is https://management.core.windows.net/.
Moreover you need to have following delegated permission to execute Azure API: Execute Windows Azure Service Management API.
Once you do that, you should be able to perform the operation.