Parameterising Logic App (Standard) connections.json with bicep - Part 2

#azure #bicep #logicapps

Continuing from where we left off, the next step is to update the appsettings, and set connections.json to read from appsettings.

This is where it gets interesting. After lots of searching thru' the internet and testing, there are a couple of points to highlight:

We can't replace the managedApiConnections information as a whole string, i.e. the below setting won't work

...

"managedApiConnections": {
  "azureblob_1": {
    "api": {
      "id": "@appsetting('azureBlobApiId')"
    },
    "authentication": {
      "type": "ManagedServiceIdentity"
    },
    "connection": {
      "id": "@appsetting('azureBlobConnectionId')"
    },
    "connectionRuntimeUrl": "@appsetting('azureBlobConnectionRuntimeUrl')"
  }
}
...

With the above, our connections seems to be working. Looking at the API connections' status, it reports "Connected". All is well, it seems...until we try to save a workflow. When we try to save the workflow, we're shown a puzzling error:

Workflow saved successfully. Workflow validation failed for the workflow 'xxxxxxxxxx'. The file 'connections.json' contains invalid expressions. The allowed expression functions are 'xxxxxxxxxx'.

To workaround the above issue, we can find the hint from this doc Create cross-environment parameters for workflow inputs in Azure Logic Apps. In essence, rather than the above, we should instead create the following (the below code will still cause an error when saving a workflow. see step 3 for the last observation and workaround)

...

"managedApiConnections": {
  "azureblob_1": {
    "api": {
      "id": "/subscriptions/@{appsetting('WORKFLOW_SUBSCRIPTION_ID')}/providers/Microsoft.Web/locations/@{appsetting('WORKFLOW_LOCATION')}/managedApis/azureblob"
    },
    "authentication": {
      "type": "ManagedServiceIdentity"
    },
    "connection": {
      "id": "/subscriptions/@{appsetting('WORKFLOW_SUBSCRIPTION_ID')}/resourceGroups/@{appsetting('WORKFLOW_RG_NAME')}/providers/Microsoft.Web/connections/azureblob"
    },
    "connectionRuntimeUrl": "@appsetting('azureBlobConnectionRuntimeUrl')"
  }
}
...

Note: only connectionRuntimeUrl can successfully use appsettings. apiId and connectionId can somehow be partially parameterised.

Last observation, the above Microsoft doc recommendation for interpolated format by enclosing expression using curly brackets {} doesn't seem to work. In the end, we have to remove the curly brackets so that the final connections.json will look like this:

...

"managedApiConnections": {
  "azureblob_1": {
    "api": {
      "id": "/subscriptions/@appsetting('WORKFLOW_SUBSCRIPTION_ID')/providers/Microsoft.Web/locations/@appsetting('WORKFLOW_LOCATION')/managedApis/azureblob"
    },
    "authentication": {
      "type": "ManagedServiceIdentity"
    },
    "connection": {
      "id": "/subscriptions/@appsetting('WORKFLOW_SUBSCRIPTION_ID')/resourceGroups/@appsetting('WORKFLOW_RG_NAME')/providers/Microsoft.Web/connections/azureblob"
    },
    "connectionRuntimeUrl": "@appsetting('azureBlobConnectionRuntimeUrl')"
  }
}
...

Once the above settings are done, we're now able to make use of the API connections and save workflows successfully.

Built for developers, by developers.

Whether you're building a simple prototype or a business-critical product, Heroku's fully-managed platform gives you the simplest path to delivering apps quickly — using the tools and languages you already love!

Learn More

Top comments (0)

Is Your CI/CD Server a Prime Target for Attack?

57% of organizations have suffered from a security incident related to DevOps toolchain exposures. It makes sense—CI/CD servers have access to source code, a highly valuable asset. Is yours secure? Check out nine practical tips to protect your CI/CD.

Learn more