search

jeffhollan / LogicAppTemplateCreator

Script to convert Logic Apps into templates for deployment
MIT License
143 stars 74 forks source link

ActiveDirectoryOAuth authentication '-Authority' parameter - No default value #89

Closed evandeworp closed 3 years ago

evandeworp commented 3 years ago

TemplateGenerator.cs creates '-Authority' parameter with no default value like this example:

"Get_FullLoad_Data-Authority": {
  "type": "string",
  "defaultValue": ""
},

When I query ARM:

(Search-AzGraph -Include DisplayName -Query 'where type =~ "Microsoft.Logic/workflows" | where name =~ "logic-azureactivedirectory-fullload-01"|where resourceGroup =~ "rg-hrfuncapp-dev"').properties.definition.actions.Try_Scope.actions.Get_FullLoad_Data.inputs.authentication

I don't see "authority" in the results:

type : ActiveDirectoryOAuth tenant : @variables('Secret')?['Tenant'] clientId : @variables('Secret')?['ClientId'] audience : @variables('Secret')?['ApiUrl'] secret : @variables('Secret')?['ClientSecret']

The above results (with no "authority") seems to match Microsoft documentation https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-custom-api-authentication which has the following example that also has no "authority" value:

{ "tenant": "", "audience": "", "clientId": "", "secret": "", "type": "ActiveDirectoryOAuth" }

Could TemplateGenerator.cs please not add the "-Authority" template parameter if "authority" is not returned by ARM. I ask this because it creates a template parameter with no default value which then breaks Get-ParameterTemplate.

MLogdberg commented 3 years ago

Hi, The reason audience is added is beacuse ARM returns that property when properties to the api connection is collected and it's set to empty string as default due to that defalt value from connector is null and that is breaking the release. If the value is empty string ARM will handle it and use a default value instead, I'll check the Get-ParameterTemplate and the setup to check for a valid solution. Thanks for reporting!

evandeworp commented 3 years ago

Now I don't think there is an issue in 1.0.20. I had to set authority to 'https://login.windows.net' in the template file generated by an older version (maybe 1.0.17?) but I can't recreate the problem with 1.0.20. Instead it works as you say: ARM handles the empty string as the value of "authority" with no issue.