The previous article explained the background of the solution and how the GitHub Repository is needed, we take the ARM template out of Logic Apps and authorize the Service Principal and GitHub’s Action to make the changes to Azure. This article focuses on how you parameterize the ARM template of Logic Apps. The following post will tell how to create a CI/CD pipeline in yml and authorize another Azure resource to call Logic Apps.
4. Parameterize the files of the ARM template and add to GitHub
ARM templates coming from Azure do not go directly to GitHub, they have to be processed a bit. This causes that it is worth creating clear instructions for yourself on how to handle the ARM template. If someone else does it or it’s been longer since the last time, importing the changes to the installation automation is not painless without instructions.
template.json = A file that describes the functionality and connections of Logic Apps without environment variables. This file is used to install Logic Apps for all environments. This file shows which parameters are used, but their values come from the next file.
parameters.json = A file that describes the environment-specific parameters used in the installation of the specified environment.
Copy the parameters file and create as many copies as needed and name them according to the environment, e.g. parameters-test.json and parameters-prod.json.
Add the parameters below to the parameters files, i.e. their contents should look like the picture below.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workflow_name": {
"value": "{value}"
},
"connections_commondataservice_externalid": {
"value": "/subscriptions/{value}/resourceGroups/{value}/providers/Microsoft.Web/connections/commondataservice"
},
"connections_commondataservice_name": {
"value": "{value}"
},
"subscriptionId": {
"value": "{ GUID }"
},
"serviceprincipal_appid": {
"value": "{ GUID }"
},
"dataverse_environment_url": {
"value": "{value}"
},
"tenant_id": {
"value": "{value}"
},
"serviceprincipal_secret": {
"reference": {
"keyVault": {
"id": "/subscriptions/{value}/resourceGroups/{value}/providers/Microsoft.KeyVault/vaults/{value}"
},
"secretName": "solution-integration-serviceprincipal-test"
}
},
"claims_appid": {
"value": "{GUID}"
}
}
}
The following changes must be made in the template file
1. Add the json parameter introductions below to the beginning of the file instead of the parameters section
"parameters": {
"workflow_name": {
"type": "string"
},
"connections_commondataservice_externalid": {
"type": "string"
},
"serviceprincipal_appid": {
"type":"string"
},
"serviceprincipal_secret": {
"type":"securestring"
},
"connections_commondataservice_name": {
"type":"string"
},
"subscriptionId": {
"type":"string"
},
"dataverse_environment_url": {
"type":"securestring"
},
"tenant_id": {
"type":"securestring"
},
"claims_appid": {
"type":"securestring"
}
}
2. Before introducing LogicApps, add the following json to the resources section, where the Connetor to Dataverse is created
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('connections_commondataservice_name')]",
"location": "westeurope",
"properties": {
"displayName": "[parameters('connections_commondataservice_name')]",
"customParameterValues": {},
"api": {
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/westeurope/managedApis/', 'commondataservice')]"
},
"parameterValues": {
"token:clientId": "[parameters('serviceprincipal_appid')]",
"token:clientSecret": "[parameters('serviceprincipal_secret')]",
"token:TenantId": "[parameters('tenant_id')]",
"token:grantType": "client_credentials"
}
}
}
3. Change the workflow name to the “workflow_name” parameter
4. Add a dependsOn section to the workflow presentation
"dependsOn": [
"[resourceId('Microsoft.Web/connections', parameters('connections_commondataservice_name'))]"
],
5. Scroll to the end of the template file and replace the $connections section with the json below
"$connections": {
"value": {
"[parameters('connections_commondataservice_name')]": {
"connectionId": "[resourceId('Microsoft.Web/connections', parameters('connections_commondataservice_name'))]",
"connectionName": "[parameters('connections_commondataservice_name')]",
"id": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Web/locations/westeurope/managedApis/', 'commondataservice')]"
}
}
}
6. Use the ReplaceAll command and make sure all connection parameters are as below
@parameters('$connections')['commondataservice']['connectionId']
and make sure all have organization refers to the parameter as below
"organization": "[parameters('dataverse_environment_url')]"
7. Add an AccessControl section if you want to limit which application can call Logic Apps
"accessControl": {
"triggers": {
"openAuthenticationPolicies": {
"policies": {
"MyBF": {
"type": "AAD",
"claims": [
{
"name": "iss",
"value": "https://sts.windows.net/7c94a248-ecf2-41b6-9b42-923651114b04/"
},
{
"name": "aud",
"value": "https://management.azure.com"
},
{
"name": "appid",
"value": "[parameters('claims_appid')]"
},
{
"name": "appidacr",
"value": "2"
}
]
}
}
}
}
}
Now the json edits are complete. Next, push the files to GitHub.
You can synchronize the folder containing the json files directly with the root of the GitHub Repository, or manually add the file to the root in the Code tab.
Next post will tell you how to create the yml pipeline into GitHub