[ALM Accelerator - QUESTION] canvasshare and activateflow deployment settings

[gswwsg]

What is your question?

Have I missed a configuration setting as I have the following steps where manual intervention is required when exporting and deploying solutions:

Pipeline variable for deploy-validation-xxxx, deploy-test-xxxx and deploy-prod-xxxx needs updated manually:

• Name: activateflow.activateas.xxxxxx Value: Blank

Also after completing the validation and test pipelines successfully the canvas app share is blank, the aad security has to be shared manually even though the pipelines' canvasshare.roleName.xxxx variable is populated with the groupId configured in the deployment settings of the ALM Acc app....

Any suggestions would be appreciated

Cheers!

What component are you experiencing the issue with?

ALM Accelerator Pipelines

What solution version are you using?

1.0.20220131.1

[mikefactorial]

@gswwsg see below

1. The activateas variables will be empty for now until we address them in the UI. They can be set manually if need be, but we have some general work in the backlog related to flow activation that will be in a future release. https://github.com/microsoft/coe-starter-kit/issues/1388
2. The undefined.crm.dynamics.com in the service connection is something that has been reported and we are working towards a solution although haven't been able to replicate it yet. Any more information you can provide on this issue would be greatly appreciated. https://github.com/microsoft/coe-starter-kit/issues/2082
3. For the sharing issue I suspect this is due to the need to register the Service Principal with New-PowerAppManagementApp. This is a step that was previously automated by the CLI but was removed due to some organizations not allowing this permission by default. We'll need to update the docs in the March release to call this out specifically, but below are the instructions. Assuming this is the issue you'll likely see a warning in the deployment pipeline step "Share Canvas App with AAD Group"

• Register service principal as management application

  NOTE: In order for the pipelines to perform certain actions (for example, Sharing Apps) against the environments in your Power Platform tenant you will need to grant Power App Management permissions to your App registration. To do so you will need to run the following PowerShell commandlet as an interactive user that has Power Apps administrative privileges. You will need to run this command once, using an interactive user, in PowerShell after your app registration has been created. The command gives permissions to the Service Principal to be able to execute environment related functions including querying for environments and connections via Microsoft.PowerApps.Administration.PowerShell (https://docs.microsoft.com/en-us/powershell/module/microsoft.powerapps.administration.powershell/new-powerappmanagementapp?view=pa-ps-latest). For more information on the New-PowerAppManagementApp cmdlet see here https://docs.microsoft.com/en-us/powershell/module/microsoft.powerapps.administration.powershell/new-powerappmanagementapp?view=pa-ps-latest

  Currently this commandlet gives elevated permissions (for example, Power Platform Admin) to the app registration. Your organization's security policies may not allow for these types of permissions. Ensure that these permissions are allowed before continuing. In the case that these elevated permissions are not allowed certain functions in the ALM Accelerator pipelines will not work.

  Install-Module -Name Microsoft.PowerApps.Administration.PowerShell
  Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber
  New-PowerAppManagementApp -ApplicationId [the Application (client) ID you copied when creating your app registration]

[mikefactorial]

Adding to March Milestone to update docs for New-PowerAppManagementApp

[gswwsg]

Adding to March Milestone to update docs for New-PowerAppManagementApp

@mikefactorial Thanks for the summary and quick reply!

The PowerShell code resolved the canvas share; so got workarounds in place for the other stuff. look forward to April release!

With regards to point 2, looking at the devops.ts file I saw this block of code

So decided to put in variables in the alm-accelerator-variable-group

This resolved the ServiceConnection undefined issue for the validation pipeline but not test and prod pipelines.

The other thing I noticed in the code was that the logic looks for other pipelines starting with Deploy-$template, so its now picking up the first pipelines created as I'm not sure how the source-build parameter is configured when doing it manually, should it be a path to the deploy-test-solution templates?

It also happens when committing a new solution through the app...

Not sure what I'm missing, was thinking just to rename them in the meantime with a prefix to stop the code picking them up in the meantime?

cheers

[mikefactorial]

@gswwsg this is good feedback. Thanks for the details. The copying of the pipelines is leftover from a previous version and should be removed. Working on a PR to fix this.

[CoEStarterKitBot]

@gswwsg This has been fixed in the latest release. Please install the latest version of the toolkit following the instructions for installing updates. Note that if you do not remove the unmanaged layers as described there you will not receive updates from us.