Closed gswwsg closed 2 years ago
@gswwsg see below
New-PowerAppManagementApp
. This is a step that was previously automated by the CLI but was removed due to some organizations not allowing this permission by default. We'll need to update the docs in the March release to call this out specifically, but below are the instructions. Assuming this is the issue you'll likely see a warning in the deployment pipeline step "Share Canvas App with AAD Group"Register service principal as management application
NOTE: In order for the pipelines to perform certain actions (for example, Sharing Apps) against the environments in your Power Platform tenant you will need to grant Power App Management permissions to your App registration. To do so you will need to run the following PowerShell commandlet as an interactive user that has Power Apps administrative privileges. You will need to run this command once, using an interactive user, in PowerShell after your app registration has been created. The command gives permissions to the Service Principal to be able to execute environment related functions including querying for environments and connections via Microsoft.PowerApps.Administration.PowerShell (https://docs.microsoft.com/en-us/powershell/module/microsoft.powerapps.administration.powershell/new-powerappmanagementapp?view=pa-ps-latest). For more information on the New-PowerAppManagementApp cmdlet see here https://docs.microsoft.com/en-us/powershell/module/microsoft.powerapps.administration.powershell/new-powerappmanagementapp?view=pa-ps-latest
Currently this commandlet gives elevated permissions (for example, Power Platform Admin) to the app registration. Your organization's security policies may not allow for these types of permissions. Ensure that these permissions are allowed before continuing. In the case that these elevated permissions are not allowed certain functions in the ALM Accelerator pipelines will not work.
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell
Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber
New-PowerAppManagementApp -ApplicationId [the Application (client) ID you copied when creating your app registration]
Adding to March Milestone to update docs for New-PowerAppManagementApp
Adding to March Milestone to update docs for New-PowerAppManagementApp
@mikefactorial Thanks for the summary and quick reply!
The PowerShell code resolved the canvas share; so got workarounds in place for the other stuff. look forward to April release!
With regards to point 2, looking at the devops.ts file I saw this block of code
So decided to put in variables in the alm-accelerator-variable-group
This resolved the ServiceConnection undefined issue for the validation pipeline but not test and prod pipelines.
The other thing I noticed in the code was that the logic looks for other pipelines starting with Deploy-$template, so its now picking up the first pipelines created as I'm not sure how the source-build parameter is configured when doing it manually, should it be a path to the deploy-test-solution templates?
It also happens when committing a new solution through the app...
Not sure what I'm missing, was thinking just to rename them in the meantime with a prefix to stop the code picking them up in the meantime?
cheers
@gswwsg this is good feedback. Thanks for the details. The copying of the pipelines is leftover from a previous version and should be removed. Working on a PR to fix this.
@gswwsg This has been fixed in the latest release. Please install the latest version of the toolkit following the instructions for installing updates. Note that if you do not remove the unmanaged layers as described there you will not receive updates from us.
What is your question?
Have I missed a configuration setting as I have the following steps where manual intervention is required when exporting and deploying solutions:
Pipeline variable for deploy-validation-xxxx, deploy-test-xxxx and deploy-prod-xxxx needs updated manually:
Also after completing the validation and test pipelines successfully the canvas app share is blank, the aad security has to be shared manually even though the pipelines' canvasshare.roleName.xxxx variable is populated with the groupId configured in the deployment settings of the ALM Acc app....
Any suggestions would be appreciated
Cheers!
What component are you experiencing the issue with?
ALM Accelerator Pipelines
What solution version are you using?
1.0.20220131.1