In an earlier blogpost, I created a logic app in the portal to start a runbook through an Office365 calendar appointment.
It’s very easy to create this in the portal. But it’s a lot more fun to automate the process!
Let’s see what possibilities we have to recreate the app we created before.
The challenge
There are a lot of options for automation and they are actually quite well documented. But for this particular usecase, they all have a downside: they can’t run without user interaction.
Just to be clear: It’s no problem to automate the logic app creation and a lot of triggers and actions are just fine to setup.
The problem lies in connections that require OATH Authentication. There is no way to let the logic app connect to Azure Automation or Office 365 without user interaction. The code works, an app appears… And the connections will be broken.
At the end of this post I will walk through the workarounds and possibilities I have found to deal with this.
First let’s walk through the different possibilities for deployment.
Visual Studio
In visual studio, you can get the logic app extension. With it, you can create a logic app like you would in the portal and it will create an ARM template for you. Read more about it here.
Visual Studio Code
VSC had an extension as well, which will allow you to interact directly with the logic apps in your Azure subscription. You will work without the graphical designer, it’s code only. Find out more about this here.
Powershell
You can make use of the AzureRM Logic App module.
There is one little snippet that I really love:
That’s it, you will get a copy of the logic app you just created. Very clean and easy. Read more about it here here.
ARM templates
An ARM template can be automatically created with Visual Studio or you can shape them yourself. It’s has some challenges, like the encodeURIComponent needing single quotes.
I have been looking for ways around it and this is the best one I have found, which still truly is a workaround.
I did think of another way, where the ARM template deploys through a powershell script. This way, the string with the single quotes will be given to the deployment through a powershell parameter.
The single quotes are actually the biggest issue, the rest of the template is quite straightforward.
Dealing with OATH Authentication
When using OATH Authentication (like with Azure or Office 365, the connection will deploy broken as a user needs to approve the connection.
A workaround for this is to deploy new Logic Apps to an existing resourcegroup with incremental mode. The apps can then use connections that already exist and are authorized. This works, but it might go against the lifecycle-theory for Resourcegroups.
Another possibility is a script I found to clean up the connections with Powershell: https://github.com/logicappsio/LogicAppConnectionAuth
This script will authorize the connections. But only if a user interacts with it, unfortunately. I haven’t been able to find a way without it.
Combine powershell and ARM Templates for the least amount of effort
I used the script mentioned above to get a function that will automate as far as possible. It will deploy the logic app and authorize the connections in one function, with the help of ARM templates.
You still can’t let it run without userinteraction, but it is quick and painless. The process is shown here (I have sped up the deployment-process, it takes a bit more time if you run it.
I will say the ARM template is a bit specific. To the point where it needs two users that are allowed to call the runbook. But it’s very easy to adjust to other needs.
The files are at my github: https://github.com/Ba4bes/ARM_LogicApp
So those are the ways to deal with Logic Apps. Do remember that a lot of connections will be no problem at all to deploy completely automatically, like from a pipeline.