A walkthrough of parameterization of different connection types in Logic App Standard

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

For deploying workflows across different environments, one of the important activities is to parameterize the API connections. With the latest update of the logic apps extension (starting on version 1.0.40) parametrization of the Logic Apps Standard apps becomes easier, as now both runtime and designer support the interpolation of app settings or parameter references.  More details on this concept are explained in the blog- Parameterizing Managed Connections with Logic Apps Standard - Microsoft Community Hub

 

In this article, we will walk through the process of parameterizing different connection types.

In this example, we are using:

  1. A managed API connection to connect to Azure Service bus,
  2. A built-in API connection to connect to Azure blob,
  3. A function connection to call a function app.

 

Shree_Divya_M_V_0-1677837114294.png

 

The Connections.json file looks like the snippet below when I create this workflow in VS Code.

 

 

 

 

{ "serviceProviderConnections": { "serviceBus": { "parameterValues": { "connectionString": "@appsetting('serviceBus_connectionString')" }, "serviceProvider": { "id": "/serviceProviders/serviceBus" }, "displayName": "service bus-builtin" } }, "managedApiConnections": { "azureblob_2": { "api": { "id": "/subscriptions/ea3e783f-6b4a-4e74-b379-9fa512da2b7f/providers/Microsoft.Web/locations/eastus/managedApis/azureblob" }, "connection": { "id": "/subscriptions/ea3e783f-6b4a-4e74-b379-9fa512da2b7f/resourceGroups/TriageDemo/providers/Microsoft.Web/connections/azureblob-2" }, "connectionRuntimeUrl": "https://28e4576f9043090d.05.common.logic-eastus.azure-apihub.net/apim/azureblob/64a89f8747fb4ee8b772a26b837965c3/", "authentication": { "type": "Raw", "scheme": "Key", "parameter": "@appsetting('azureblob_2-connectionKey')" } } }, "functionConnections": { "azureFunctionOperation": { "function": { "id": "/subscriptions/ea3e783f-6b4a-4e74-b379-9fa512da2b7f/resourceGroups/Myresourcegroup/providers/Microsoft.Web/sites/DivyaTestFunction/functions/HttpTriggerCSharp1" }, "triggerUrl": "https://divyatestfunction.azurewebsites.net/api/httptriggercsharp1", "authentication": { "type": "QueryString", "name": "Code", "value": "@appsetting('azureFunctionOperation_functionAppKey')" }, "displayName": "Functionconnectiion" } } }

 

 

 

 

Also, once we choose “Use Connections from Azure” from the context menu of the designer, the below app settings get added to local.settings.json file.

 

WORKFLOWS_TENANT_ID

WORKFLOWS_SUBSCRIPTION_ID

WORKFLOWS_RESOURCE_GROUP_NAME

WORKFLOWS_LOCATION_NAME

WORKFLOWS_MANAGEMENT_BASE_URI

 

Parameterizing Managed API Connections

For the managed API connection, we can parameterize api ID and connection ID with the use of the above app settings.

 

 

 

"api": { "id": "/subscriptions/@appsetting('WORKFLOWS_SUBSCRIPTION_ID')/providers/Microsoft.Web/locations/@appsetting('WORKFLOWS_LOCATION_NAME')/managedApis/azureblob" }, "connection": { "id": "/subscriptions/@appsetting('WORKFLOWS_SUBSCRIPTION_ID')/resourceGroups/@appsetting('WORKFLOWS_RESOURCE_GROUP_NAME')/providers/Microsoft.Web/connections/azureblob" }

 

 

 

 

Connection runtime URL is a unique URL of the API connection. During DevOps deployment of API connection, this URL can be exported as an app setting.

Please refer the blog for more details on exporting the connection runtime URL as an app setting- Deploying Logic App Standard resource through DevOps pipeline - Microsoft Community Hub

 

While creating API connection from VS Code, this URL is hardcoded in Connections.json. Copy this URL to local.settings file and parameterize the field in Connections.json

Alternatively, Connection runtime URL can be stored as a parameter in the parameters.json and referred in Connections.json.

 

 

 

"connectionRuntimeUrl": "@appsetting('BLOB_CONNECTION_RUNTIMEURL')"

 

 

 

Using the right authentication type:

Authentication field is populated by the raw authentication key when authenticated through VS Code.

While deploying through DevOps, this needs to be changed to the corresponding authentication type to be used in the portal.

This can be achieved by parameterizing this field in the Connections.json and creating a parameter file to store the value.

In this example, I have created one parameter file for local VS Code usage which uses raw authentication.

Parameters.json:

 

 

 

{ "blob_auth": { "type":"object", "value": { "type": "Raw", "scheme": "Key", "parameter": "@appsetting('azureblob_2-connectionKey')" } } }

 

 

 

 

And another one for Azure portal deployment which uses managed identity authentication.

Parameters_azure.json:

 

 

 

{ "blob_auth": { "type":"object", "value": { "type": "ManagedServiceIdentity" } } }

 

 

 

 

 

Either the corresponding parameter file can be included in the zip folder itself or it can be separately applied to the existing zip deployment using the below CLI command:

az functionapp | Microsoft Learn

 

 

 

az functionapp deploy --resource-group <Resource group> --name <logic app name> --src-path <Parameter file path> --type static --target-path parameters.json Example: az functionapp deploy --resource-group TriageDemo --name shmvlastandarddemo1 --src-path /home/shree/parameters_azure.json --type static --target-path parameters.json

 

 

 

 

Parameterizing Function Connections:

Functions connection has two fields that can be parametrized- Function ID and trigger URL.

 

 

 

"function": { "id": "@appsetting('azureFunctionOperation_functionResourceURI')" }, "triggerUrl": "@appsetting('azureFunctionOperation_functionTriggerURI')" }

 

 

 

 

Parameterizing Service Provider Connections:

Service provider connection is parametrized while creating through VS Code itself, hence it doesn’t require any additional step.

 

Final result:

The resulting Connections.json file would look like below, which can be used for both local development and remote deployment with different parameter files and app settings.

 

 

 

{ "functionConnections": { "azureFunctionOperation": { "authentication": { "name": "Code", "type": "QueryString", "value": "@appsetting('azureFunctionOperation_functionAppKey')" }, "displayName": "FunctionApiConnection", "function": { "id": "@appsetting('azureFunctionOperation_functionResourceURI')" }, "triggerUrl": "@appsetting('azureFunctionOperation_functionTriggerURI')" } }, "managedApiConnections": { "azureblob": { "api": { "id": "/subscriptions/@appsetting('WORKFLOWS_SUBSCRIPTION_ID')/providers/Microsoft.Web/locations/@appsetting('WORKFLOWS_LOCATION_NAME')/managedApis/azureblob" }, "authentication": "@parameters('blob_auth')", "connection": { "id": "/subscriptions/@appsetting('WORKFLOWS_SUBSCRIPTION_ID')/resourceGroups/@appsetting('WORKFLOWS_RESOURCE_GROUP_NAME')/providers/Microsoft.Web/connections/azureblob" }, "connectionRuntimeUrl": "@appsetting('BLOB_CONNECTION_RUNTIMEURL')" } }, "serviceProviderConnections": { "serviceBus": { "displayName": "ServiceBus-Builtin", "parameterValues": { "connectionString": "@appsetting('serviceBus_connectionString')" }, "serviceProvider": { "id": "/serviceProviders/serviceBus" } } } }

 

 

 

 

Key Vault reference for App settings:

Key Vault references can be used as values for Application Settings, allowing us to keep secrets in Key Vault instead of the site config. 

If any of the above app settings you would like to secure, it can be done by creating a secret in the Key vault and by providing access to Logic App to access the secret.

Use Key Vault references - Azure App Service | Microsoft Learn

At app settings, set the reference as the value of the setting as below.

 

 

 

.KeyVault(SecretUri=https://<keyvaultname>.vault.azure.net/secrets/<secret name>/) Example: @microsoft.KeyVault(SecretUri=https://shmvkeyvault.vault.azure.net/secrets/ConnectionString/)

 

 

 

 

References:

Deploying Logic App Standard resource through DevOps pipeline - Microsoft Community Hub

Parameterizing Managed Connections with Logic Apps Standard - Microsoft Community Hub

LogicAppStandard/azure-devops-sample at master · ShreeDivyaMV/LogicAppStandard (github.com)

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.