ARM Template for Event HUB logger - arm-template

I am automating some of my Azure deployments and have created automation for API Management instance as well as Event HUB namespace
As part of my APIs I have a log-to-eventhub policy
<log-to-eventhub logger-id="eventhublogger" partition-id="0">
I created a logger using the Rest API passing it a request similar to the following:-
{
"type": "AzureEventHub",
"description": "Sample description",
"credentials": {
"name": "apim",
"connectionString": "Endpoint=sb://contoso-
ns.servicebus.windows.net/;SharedAccessKeyName=Sender;SharedAccessKey=..."
}
}
Is it possible to create the logger in an ARM template instead?

Here is what I came up with
{
// Event HUB Logger
"type": "Microsoft.ApiManagement/service/loggers",
"name": "[concat(variables('ApimServiceName'),'/','eventhublogger')]",
"apiVersion": "2017-03-01",
"dependsOn": [
],
"properties": {
"loggerType": "azureEventHub",
"description": "Log APIM requests and responses to Event HUB",
"credentials": {
"name": "[variables('namespaceName')]",
"connectionString": "[parameters('eventHubNamespaceConnectionString')]"
}
}
}

Related

ARM template for API Connection to Service Bus using Managed Identity

To create an API Connection to Azure Service Bus using Managed Identity I'm using the following template:
"resources": [
{
"type": "MICROSOFT.WEB/CONNECTIONS",
"apiVersion": "2018-07-01-preview",
"name": "[parameters('connections_servicebus_name')]",
"location": "[parameters('connections_servicebus_location')]",
"kind": "V1",
"properties": {
"alternativeParameterValues": {},
"displayName": "[parameters('connections_servicebus_displayname')]",
"api": {
"name": "[parameters('connections_servicebus_name')]",
"displayName": "[parameters('connections_servicebus_displayname')]",
"id": "[concat(subscription().id, '/providers/Microsoft.Web/locations/', parameters('connections_servicebus_location'), '/managedApis/', 'servicebus')]",
"type": "Microsoft.Web/locations/managedApis"
},
"customParameterValues": {},
"parameterValueSet": {
"name": "managedIdentityAuth",
"values": {}
}
}
}
]
that is actually working except for the fact that the 'NamespaceEndpoint' information (like: sb://mySBNS.servicebus.windows.net) is not provided anywhere and so the field appear empty on Azure portal:
After adding it manually, the connection and the LogicApp that is using it, start to work.
What is the json field to provide that information??
You can refer to this question for full details:
"parameterValueSet": {
"name": "managedIdentityAuth",
"values": {
"namespaceEndpoint": {
"value": "sb://<servicebus-namespace-name>.servicebus.windows.net/"
}
}
}

Using Azure Key vault on Azure Logic App API Connection

I have used Azure Key vault on Azure Logic App. But I couldn't access the values to Azure Logic APP API Connection. Basically I have to get the username and password for SQL connector from Azure Key vault. Apprecait if you can suggest, how we can achieve this.
As far as I know, azure logic app can't access key vault in api connection in portal. If you want to access key vault, you can use rest api to access it.
You need to enable msi in your logic app (the link below shows us we can do msi modification in "Workflow Settings" but currently it has changed we need to enable it in "Identity" blade of your logic app) and use http action to access your key vault.
You can refer to this link for further information: https://devkimchi.com/2018/10/24/accessing-key-vault-from-logic-apps-with-managed-identity/
Once created the connection API will not output any sensitive information.
Using ARM template, you can create an API connection but it won't update the connection details when you rotate the credentials, you'll have to redeploy the template.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sqlConnectionAPIName": {
"type": "string",
"metadata": {
"description": "The name of the connection api to access the service bus namepsace."
}
},
"sqlserverName": {
"type": "string",
"metadata": {
"description": "The Name of the SQL Server instance."
}
},
"databaseName": {
"type": "string",
"metadata": {
"description": "The name of the database."
}
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Web/connections",
"name": "[parameters('sqlConnectionAPIName')]",
"apiVersion": "2018-07-01-preview",
"location": "[resourceGroup().location]",
"scale": null,
"properties": {
"displayName": "[parameters('sqlConnectionAPIName')]",
"parameterValues": {
"server": "[reference(resourceId('Microsoft.Sql/servers', parameters('sqlserverName')), '2015-05-01-preview').fullyQualifiedDomainName]",
"database": "[parameters('databaseName')]",
"username": "[reference(resourceId('Microsoft.Sql/servers', parameters('sqlserverName')), '2015-05-01-preview').administratorLogin]",
"password": "[reference(resourceId('Microsoft.Sql/servers', parameters('sqlserverName')), '2015-05-01-preview').administratorLoginPassword]"
},
"api": {
"id": "[concat('subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/sql')]"
}
},
"dependsOn": []
}
]
}

Azure ARM template Logic App authorize OneDrive For Business account when Deploy

I am having problems when deploying a Logic App template in Azure. Everything goes Ok but connection with OneDrive For Business is not authenticated. Which parameter do I need in my template in order to make the connection automatically?
This is my connection resource code:
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('connections_onedriveforbusiness_name')]",
"location": "westeurope",
"properties": {
"displayName": "[parameters('onedrive_email_account')]",
"customParameterValues": {},
"api": {
"id": "[concat(subscription().id, '/providers/Microsoft.Web/locations/westeurope/managedApis/', parameters('connections_onedriveforbusiness_name'))]"
}
}
}
OneDrive For Business Connections is an OAuth connection. So we don't have to add any content to the "parameterValues".
The resource code
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('connections_onedriveforbusiness_name')]",
"location": "westeurope",
"properties": {
"displayName": "[parameters('onedrive_email_account')]",
"api": {
"id": "[concat(subscription().id, '/providers/Microsoft.Web/locations/westeurope/managedApis/',parameters('connections_onedriveforbusiness_name'))]",
"parameterValues": { }
}
}
}
Once you finish the ARM template deployment, you need to open the OneDrive For Business Connection to authenticate.
If you don't like to open the portal. You can also use LogicAppConnectionAuth PowerShell script.
For more details, please refer to https://www.bruttin.com/2017/06/13/deploy-logic-app-with-arm.html

Is it possible to create an Azure Blob Storage Connector using a ARM template or a script?

I'm creating a logic app which will do some operations on a blob storage, thus it needs a Connector to a specific blob storage. I'm able to define which Connector should be used (providing its name and other properties), however if it doesn't exist yet, the template fails to deploy. I know we can create these connectors via logic app designer, but i would very much like to automate that process. Hence the question:
Is it possible to deploy/create this connector using an ARM template or a script?
You can check this post related to Logic App connector.
Here is an ARM Template that create an API connection to blob storage:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"azureBlobConnectionAPIName": {
"type": "string",
"metadata": {
"description": "The name of the connection api to access the azure blob storage."
}
},
"storageAccountName": {
"type": "string",
"metadata": {
"description": "The Storage Account Name."
}
}
},
"variables": {
"storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
},
"resources": [
{
"type": "Microsoft.Web/connections",
"name": "[parameters('azureBlobConnectionAPIName')]",
"apiVersion": "2016-06-01",
"location": "[resourceGroup().location]",
"scale": null,
"properties": {
"displayName": "[parameters('azureBlobConnectionAPIName')]",
"parameterValues": {
"accountName": "[parameters('storageAccountName')]",
"accessKey": "[listKeys(variables('storageAccountId'),'2015-05-01-preview').key1]"
},
"api": {
"id": "[concat('subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', parameters('defaultResourceLocation'), '/managedApis/azureblob')]"
}
},
"dependsOn": []
}
]
}

Is it possible to upload APNS Certificates to the azure notification hub programatically or via the CLI

We are investigating the azure notification hub, and while we have had success sending/receiving messages from it, we also require programatic configuration of the hub.
It seems that the only way possible to create the notification hub is via the azure cli with an azuredeploy.json ARM template like this one. However, I can't find any information about adding an APNS certificate to that.
Looking at the Automation Script generated from our hub, there is no evidence of the google firebase API key or the APNS certificate. Is this possible or do these need to be done through the azure portal at all times.
UPDATED: I have managed to create a notification hub namespace using the arm template with little issue, however I am getting a "bad request" (correlation id - 3faee649-7084-436d-8d7e-4a9c6f79cc4e) when trying to create the notification hub itself with the apns certificate.
this post is someone having a similar problem, however their key for the apns is a lot shorter than mine. I literally created a base64 string from the certificate file which is 5000+ characters wrong, I assume that is incorrect, but I can't figure out what value from apple is meant to go in here.
My template looks like this:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"Gcm.GoogleApiKey": {
"type": "string",
"metadata": {
"description": "Google Cloud Messaging API Key"
},
"defaultValue": ""
},
"Apns.apnsCertificate": {
"type": "string",
"metadata": {
"description": "A certificate (in base 64 format) provided by Apple on the iOS Provisioning Portal"
}
},
"Apns.certificateKey": {
"type": "string",
"metadata": {
"description": "The Certificate Key provided by the iOS Provisioning Portal when registering the application"
},
"defaultValue": ""
},
"Apns.endpoint": {
"type": "string",
"metadata": {
"description": "The APNS endpoint to which our service connects. This is one of two values: gateway.sandbox.push.apple.com for the sandbox endpoint or gateway.push.apple.com, for the production endpoint. Any other value is invalid"
},
"defaultValue": "gateway.sandbox.push.apple.com"
}
},
"variables": {
"hubVersion": "[providers('Microsoft.NotificationHubs', 'namespaces').apiVersions[0]]",
"notificationHubNamespace": "[concat('hubv2', uniqueString(resourceGroup().id))]",
"notificationHubName": "notificationhub"
},
"resources": [
{
"name": "[variables('NotificationHubNamespace')]",
"location": "[resourceGroup().location]",
"type": "Microsoft.NotificationHubs/namespaces",
"apiVersion": "2017-04-01",
"comments": "Notification hub namespace",
"properties": {
"namespaceType": "NotificationHub"
},
"resources": [
{
"name": "[concat(variables('NotificationHubNamespace'),'/',variables('NotificationHubName'))]",
"location": "[resourceGroup().location]",
"type": "Microsoft.NotificationHubs/namespaces/notificationHubs",
"apiVersion": "2017-04-01",
"properties": {
"GcmCredential": {
"properties": {
"googleApiKey": "[parameters('Gcm.GoogleApiKey')]",
"gcmEndpoint": "https://android.googleapis.com/gcm/send"
}
},
"apnsCredential": {
"properties": {
"apnsCertificate" : "[parameters('Apns.apnsCertificate')]",
"certificateKey" : "[parameters('Apns.certificateKey')]",
"endpoint" : "[parameters('Apns.endpoint')]"
}
}
},
"dependsOn": [
"[concat('Microsoft.NotificationHubs/namespaces/', variables('NotificationHubNamespace'))]"
]
}
]
}
],
"outputs": {
}
}
In the apnsCredentials property, the apsnCertificate is the base64 string from file and the certificatekey is your certificate password which needs to be a strong password. Are you following the same?
Also, is there an inner error message you see. If yes, what is it?
Thanks,
Amol

Resources