Synapse vs Devops - Discrepancy with Authorization field in OData

Ryan Abbey 1,171 Reputation points
2023-03-07T09:05:23.54+00:00

We have a rather unusual issue that is causing a problem on deployment to subsequent environments.

We've set up an OData linked service/dataset that needs an Authorization code. In our DEV, we've set up this as a parameter

User's image

this works fine in our Dev environment and looking at the code within Synapse live, and the linked service shows as it is above.

However, we go to our DevOps workspace publish branch and it shows as a SecureString

User's image

We did previously have it set up as a secure string taking the pAUTH parameters which was working fine in Dev but on deployment, the process is failing which we've put down as due to the SecureString not passing through the actual details... currently we're unsure if the workspace publish branch is just not updating correctly or some unusual quirk of DevOps - it does record that the branch has updated

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,464 questions
{count} votes

Accepted answer
  1. AnnuKumari-MSFT 31,716 Reputation points Microsoft Employee
    2023-03-14T09:02:34.4066667+00:00

    Hi @Ryan Abbey ,

    Thankyou for your patience. Got the following response from the team:

    "We are securing authorization headers like Authorization and APIKey, and these will be considered as secureString. Therefore, the UI will not allow using dynamic expressions when configuring OData Auth headers. When deploying this Linked Service, you should parameterize these auth header items as secure strings."

    Authorization property in the linked service only accept secure string . Since there is no add dynamic content option, explicitly parameterizing it is not compliant with the API as it expects only secure string like below :

    User's image

    In order to override parameters while performing the deployment of OData Linked service , you can make use of custom parameter template

    More info here: Synapse CI/CD: Using a custom parameter template

    CICD Automation in Synapse Analytics: taking advantage of custom parameters in Workspace Templates

    Try adding OData block in template-parameters-definition.json file while using custom parameter template:

    "OData":{
    	"properties":{
    		"typeproperties":{
    			"authHeaders":{
    				"Authorization": "|:Authorization:secureString"
    					}
    				}
    			}
    	}
    

    User's image


    Hope it helps. Please accept the answer by clicking on Accept answer button and mark it as helpful. Thankyou


0 additional answers

Sort by: Most helpful