Share via

Logic App Standard Automate Reference to workflow accross environments

Jorge Rodrigues 181 Reputation points
2022-03-04T17:45:34.147+00:00

Hello, I have automated the deployment of a logic app standard via Azure Devops Pipeline using an arm template.

I have another pipeline that uses the Azure Devops zip deployment task to deploy the workflows (as recommended by Microsoft documentation).

My current struggle is when I have workflows that call other workflows.
When I deploy the zip file across different logic app standard instances the workflow url referenced is always the same.

How can I reference/call the workflow in a way that is not hardcoded and dynamically changes in the deploy? Can I use workflow() to reference other workflows?

As the access key is a property of the workflow and not the logic app standard I'm not able to set it as an app setting or parameter to be consumed inside the workflow.

Any ideas on how to bypass this issue?

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,996 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jorge Rodrigues 181 Reputation points
    2022-04-01T16:09:06.507+00:00

    Hello @MayankBargali-MSFT sorry for my late response.

    What I've ended up doing was the following.
    I have created key vault secrets. In those key vault secrets I store the workflow url containing the authorization secret.

    As I've created the other workflows pointing to the key vault secret name instead of a hardcoded url the logic app at run time will query the key vault, retrieve the url from the workflow i want to authenticate to and use it as input. As it already contains the signature it authenticates correctly.

    It's probably a workaround but it was the only way I was able to achieve success in this operation.

    For those with the same problem as me here are the steps:

    1. First I have developed the workflow to obtain the secret containing the url from the keyvault
      189258-image.png
    2. Then it calls the url using the secret as input.
      189244-image.png
    3. When I have my workflows ready to deploy. I export them and put the code on Azure Devops.
    4. Then in a build pipeline I use the following tasks:
      • task: ArchiveFiles@2
        displayName: "Archive Functions"
        inputs:
        rootFolderOrFile: "$(Build.Repository.LocalPath)/LogicApps"
        includeRootFolder: false
        archiveFile: "$(Build.ArtifactStagingDirectory)/LogicApps.zip"
        • task: AzureFunctionApp@1
          displayName: "Deploy Functions"
          inputs:
          azureSubscription: "${<!-- -->{ parameters.Subscription }}"
          appName: "mylogicappstandard"
          package: "$(Agent.BuildDirectory)/${<!-- -->{ parameters.ArtifactName}}/LogicApps.zip"
      • task: AzureCLI@2
        displayName: 'Update Signature url in ${<!-- -->{ parameters.KeyvaultName}}'
        inputs:
        azureSubscription: "${<!-- -->{ parameters.Subscription }}"
        scriptType: 'ps'
        scriptLocation: 'inlineScript'
        inlineScript: "$(Agent.BuildDirectory)/${<!-- -->{ parameters.ArtifactName}}/Scripts/Get-WorkflowUrlSignature.ps1 $(AzureSubscriptionId) ${<!-- -->{ parameters.ResourceGroup }} mylogicappstandard ${<!-- -->{ parameters.KeyvaultName}}"

    You can find the details for the script here Get-WorkflowUrlSignature.ps1

    [CmdletBinding()]  
param (  
    [Parameter(Mandatory)][string]$SubscriptionId,  
    [Parameter(Mandatory)][string]$ResourceGroup,  
    [Parameter(Mandatory)][string]$LogicAppName,  
    [Parameter(Mandatory)][string]$KeyVaultName  
)  

$json = az rest --method get --uri "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroup/providers/Microsoft.Web/sites/$LogicAppName/hostruntime/runtime/webhooks/workflow/api/management/workflows?api-version=2018-11-01"  
$workflows = $json | convertfrom-json  

foreach ($workflow in $workflows.Name){  
    $uri ="https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroup/providers/Microsoft.Web/sites/$LogicAppName/hostruntime/runtime/webhooks/workflow/api/management/workflows/$workflow/triggers/manual/listCallbackUrl?api-version=2018-11-01"  
    if (az rest --method post --uri $uri){  
        # Gets the url with signature  
        $sigurl = az rest --method post --uri $uri | convertfrom-json  
        $secret = $sigurl.value.Replace('&','"&"')  
        $workflowName = $workflow.Replace("_","")  
        #Creates or updates secret in the keyvault  
        Write-Output "Updating secret $workflowName in the keyvault"  
        az keyvault secret set --name $workflowName --vault-name $KeyVaultName --value $secret  
    }else{  
        Write-Output "The workflow $workflow does not have any trigger url"  
    }  
}

    I hope this helps other people automate the process. Please let me know if you have an easier way to do it or to query the access key or url sig.

    1 person found this answer helpful.
    0 comments