parameters.json curly brace handling not working

erwinkramer commented 1 year ago

Describe the Bug

The following in a parameters.json snippet works on Azure, but doesn't work locally, with error: The provided subscription identifier '@appsetting('WORKFLOWS_SUBSCRIPTION_ID')' is malformed or invalid.

  "arm_authentication": {
    "type": "object",
    "value": {
      "api": {
        "id": "/subscriptions/@appsetting('WORKFLOWS_SUBSCRIPTION_ID')/providers/Microsoft.Web/locations/westeurope/managedApis/arm"
      },
      "connection": {
        "id": "/subscriptions/@appsetting('WORKFLOWS_SUBSCRIPTION_ID')/resourceGroups/@appsetting('WORKFLOWS_RESOURCE_GROUP_NAME')/providers/Microsoft.Web/connections/connection_arm"
      },
      "connectionRuntimeUrl": "@appsetting('CONNECTOR_ARM_RUNTIMEURL')",
      "authentication": {
        "type": "Raw",
        "scheme": "Key",
        "parameter": "@appsetting('arm-connectionKey')"
      }
    }
  },

The following in a parameters.json snippet works locally but doesn't work on Azure. it creates a gateway timeout error going to the invoked workflow which uses this connection (i'm invoking a workflow from my main workflow, the one i'm invoking gives a timeout).

  "arm_authentication": {
    "type": "object",
    "value": {
      "api": {
        "id": "/subscriptions/@{appsetting('WORKFLOWS_SUBSCRIPTION_ID')}/providers/Microsoft.Web/locations/westeurope/managedApis/arm"
      },
      "connection": {
        "id": "/subscriptions/@{appsetting('WORKFLOWS_SUBSCRIPTION_ID')}/resourceGroups/@{appsetting('WORKFLOWS_RESOURCE_GROUP_NAME')}/providers/Microsoft.Web/connections/connection_arm"
      },
      "connectionProperties": {
        "authentication": {
          "audience": "https://management.core.windows.net/",
        NOT RELEVANT FOR SAMPLE

        }
      },
      "connectionRuntimeUrl": "@appsetting('CONNECTOR_ARM_RUNTIMEURL')",
      "authentication": {
        NOT RELEVANT FOR SAMPLE
      }
    }
  },

my connections.json:

{
  "managedApiConnections": {
    "azuresentinel": "@parameters('azuresentinel_authentication')",
    "service-now": "@parameters('servicenow_authentication')",
    "office365": "@parameters('office365_authentication')",
    "arm": "@parameters('arm_authentication')"
  }
}

So situation is:

ONLY works locally: connections.json --> pointing to parameters.json where in this file it's using is curly brackets to point to appsettings
ONLY works in azure: connections.json --> pointing to parameters.json where in this file it's NOT using curly brackets to point to appsettings

I would understand if situation 2 is not supported but situation 1 should get supported i guess...

Related to https://github.com/Azure/logicapps/issues/527, it's about connections.json but it should be fixed for parameters.json in this situation too....

Plan Type

Standard

Steps to Reproduce the Bug or Issue

Setup the linked files like explained above and test.

I'm running in the latest runtime (v4) and using the latest v1.0.45 extension (just released).

Workflow JSON

No response

Screenshots or Videos

No response

Additional context

No response

AB#16780108

github-actions[bot] commented 1 year ago

This issue is stale because it has been open for 45 days with no activity.

erwinkramer commented 1 year ago

Bump

AbodeSaafan commented 1 year ago

Hey @erwinkramer as mentioned in the other issue linked here, both ways (curly brackets or without) of referencing parameters and appsettings should work on VSCode but the recommend way and what works on both portal and vscode is using the curly brackets whenever interpolating an expression in a string. Here's an example of a connection I have and this parameterization works for both portal and VSCode:

"office365": { "api": { "id": "/subscriptions/@{appsetting('WORKFLOWS_SUBSCRIPTION_ID')}/providers/Microsoft.Web/locations/westus2/managedApis/office365" }, "connection": { "id": "/subscriptions/@{appsetting('WORKFLOWS_SUBSCRIPTION_ID')}/resourceGroups/Abode_test/providers/Microsoft.Web/connections/office365" }, "connectionRuntimeUrl": "@appsetting('runtimeurl')", "authentication": { "type": "Raw", "scheme": "Key", "parameter": "@appsetting('office365-connectionKey')" } }

Can you re-test and confirm this issue is not there anymore? Otherwise, if you are still running into it, can you confirm what bundle version you have set on portal "AzureFunctionsJobHostextensionBundleversion", the default should be "[1.*, 2.0.0)" and also confirm what is set in your authentication section and post that here (without any secrets).

erwinkramer commented 1 year ago

@AbodeSaafan hi, i tested it again. My conclusion is that only the connections.json is poorly able to be parameterized by using object types, other json files seem to suffer less from this, please focus on this file.

This is how far i can go:

{
  "managedApiConnections": {
    "azuresentinel": {
      "api": {
        "id": "/subscriptions/@{appsetting('WORKFLOWS_SUBSCRIPTION_ID')}/providers/Microsoft.Web/locations/westeurope/managedApis/azuresentinel"
      },
      "connection": {
        "id": "/subscriptions/@{appsetting('WORKFLOWS_SUBSCRIPTION_ID')}/resourceGroups/@{appsetting('WORKFLOWS_RESOURCE_GROUP_NAME')}/providers/Microsoft.Web/connections/connection_azuresentinel"
      },
      "connectionRuntimeUrl": "@appsetting('CONNECTOR_SENTINEL_RUNTIMEURL')",
      "authentication": "@parameters('azuresentinel_authentication')",
      "connectionProperties": "@parameters('azuresentinel_connectionProperties')"
    }
}

If i attempt to fully parameterize the whole object, it will fail loading the connector inside vscode designer (this 100% used to work):

{
  "managedApiConnections": {
    "azuresentinel": "@parameters('azuresentinel_authentication')",
}

And a second issue: In parameters.json if i attempt to make a reference to appsetting to fill the identity for a connectionProperties element, it will fail during runtime. Please note, appsettings work just fine in a parameters.json file at other places, if will fail ONLY specifically for the path managedApiConnections.[connectorname].connectionProperties used in connections.json (related to https://github.com/Azure/logicapps/issues/465). So the chain of references is connection.json --> connectionProperties object from parameters.json --> identity element from appsettings:

  "arm_connectionProperties": {
    "type": "object",
    "value": {
      "authentication": {
        "audience": "https://management.core.windows.net/",
        "identity": "@appsetting('MANAGED_IDENTITY_ID')",
        "type": "ManagedServiceIdentity"
      }
    }
  },

AbodeSaafan commented 1 year ago

@ccastrotrejo can you take a look at the first issue above where parameterizing the whole connection object is causing designer to not load in VSCode.

@erwinkramer for the las tissue you mentioned where the appsetting is not being resolved for identity, we are tracking that issue and we have a fix almost ready for it but no ETA yet on when it will be deployed out. I can update you when we have that.

ccastrotrejo commented 1 year ago

Hi @erwinkramer thanks for raising this issue. Parameterization resolver isn't picking the connection data when storing the whole object in parameters.json, the immediate work-around I can suggest is to keep the connection data object in connections.json . I will work on solving this issue and make it work it back again.

github-actions[bot] commented 1 year ago

This issue is stale because it has been open for 45 days with no activity.

erwinkramer commented 1 year ago

Bump

github-actions[bot] commented 1 year ago

This issue is stale because it has been open for 45 days with no activity.

github-actions[bot] commented 1 year ago

This issue was closed because it has been inactive for 14 days since being marked as stale.

Kaloszer commented 11 months ago

@ccastrotrejo - any update on this, just found out that this is a bug after getting stuck with this :)?

Found out from https://github.com/Azure/logicapps/issues/465

Azure / logicapps