Azure generate URL for a standard Logic app with connection to CosmosDB

Asked 20/8, 2021 at 14:36 Answered 2/9, 2021 at 9:22

azure azure-cosmosdb azure-rm-template azure-connect azure-logic-app-standard

I have a workflow in a standard logic app, that have HTTP trigger. When the workflow is trigged, the workflow, retrieve some data from a CosmosDB. Something like:

The previous method will require to have an API connection. I have already created and deployed a 'V2' API connection. Let's call it myCosmosCon

Also in the ARM template for my logic app I have already added a connectionRuntimeUrl of my connection API (to myCosmosCon) to appSettings (configuration):

....
"siteConfig": {
      "appSettings": [
       {
          "name": "subscriptionId",
          "value": "[subscription().subscriptionId]"
       },
       {
          "name": "resourceGroup_name",
          "value": "[resourceGroup().name]"
       },
       {
            "name": "location_name",
            "value": "[resourceGroup().location]"
       },
       {
            "name": "connectionRuntimeUrl",
            "value": "[reference(resourceId('Microsoft.Web/connections', parameters('connection_name')),'2016-06-01', 'full').properties.connectionRuntimeUrl]"
      },
      .....               
      ]
    },

Then I wrote the following in the connections.json:

{
"managedApiConnections": {
  "documentdb": {
    "api": {
      "id": "/subscriptions/@appsetting('subscriptionId')/providers/Microsoft.Web/locations/@appsetting('location_name')/managedApis/documentdb"
    },
    "connection": {
      "id": "/subscriptions/@appsetting('subscriptionId')/resourceGroups/@appsetting('resourceGroup_name')/providers/Microsoft.Web/connections/myCosmosCon"
    },
    "connectionRuntimeUrl": "@appsetting('connection_runtimeUrl')",
    "authentication": {
        "type": "ManagedServiceIdentity"
    }
  }
}

}

Now, when I deploy the ARM template of my Logic app, workflow, ... etc. I see no errors, the workflow looks also good. The only problem is the URL link to the HTTP trigger is not generated, I can't run the program.

However, if I change the connection_runtimeUrl in the connections.json file to have the actual value; to look something like:

      "connectionRuntimeUrl": "https://xxxxxxxxxxxxx.xx.common.logic-norwayeast.azure-apihub.net/apim/myCosmosCon/xxxxxxxxxxxxxxxxxxxxxxxx/",

The URL is generated directly and I can simply run the workflow. AFTER that, if I return the connection_runtimeUrl as it was (a call to appsettings()), it still working!! the link also stay there.

It looks like the when I deploy the Logic app and the workflow that the connections.json, do not compile or make the call, so Azure think that there is an error and do not generate the link.

Any idea about how to solve the problem??

Thanks!

Amphimacer answered 20/8, 2021 at 14:36 Comment(4)

Are you trying to extract the URL for the webapp or the Cosmos DB account? – Breakout 21/8, 2021 at 0:50

No, I am trying to extract the URL for the API connection (that connect to Cosmos DB). So, in my ARM template for logic app under appsettings I have the follwoing: { "name": "connectionRuntimeUrl", "value": "[reference(resourceId('Microsoft.Web/connections', parameters('connection_name')),'2016-06-01', 'full').properties.connectionRuntimeUrl]" }, – Amphimacer 23/8, 2021 at 6:7

Can you see that the connectionRuntimeUrl appsetting has the desired/right value ? also when creating the api connection you also need to create an access policy for it. – Sheridansherie 23/8, 2021 at 6:16

The connectionRuntimeUrl has exactly the same value in the appsettings as under the properties of the API connections. What do you mean with I need to create access policy? Where? and to who? – Amphimacer 23/8, 2021 at 8:55

Not sure but could be the issue: When you create a connection api for a logic app standard, you also need to create an access policy at the connection api level for the system assigned identity running the logic app standard.

param location string = resourceGroup().location
param cosmosDbAccountName string
param connectorName string = '${cosmosDbAccountName}-connector'

// The principalid of the logic app standard system assigned identity
param principalId string

// get a reference to the cosmos db account
resource cosmosDbAccount 'Microsoft.DocumentDB/databaseAccounts@2021-06-15' existing = {
  name: cosmosDbAccountName
}

// create the related connection api
resource cosmosDbConnector 'Microsoft.Web/connections@2016-06-01' = {
  name: connectorName
  location: location
  kind: 'V2'
  properties: {
    displayName: connectorName
    parameterValues: {
      databaseAccount: cosmosDbAccount.name
      accessKey: listKeys(cosmosDbAccount.id, cosmosDbAccount.apiVersion).primaryMasterKey
    }
    api: {
      id: 'subscriptions/${subscription().subscriptionId}/providers/Microsoft.Web/locations/${location}/managedApis/documentdb'
    }
  }
}

// Grant permission to the logic app standard to access the connection api
resource cosmosDbConnectorAccessPolicy 'Microsoft.Web/connections/accessPolicies@2016-06-01' = {
  name: '${cosmosDbConnector.name}/${principalId}'
  location: location
  properties: {
    principal: {
      type: 'ActiveDirectory'
      identity: {
        tenantId: subscription().tenantId
        objectId: principalId
      }
    }
  }
}

output connectionRuntimeUrl string = reference(cosmosDbConnector.id, cosmosDbConnector.apiVersion, 'full').properties.connectionRuntimeUrl

Sheridansherie answered 24/8, 2021 at 5:50 Comment(1)

unfortunately it is still not working. I have access policy in my API connection but it is still not working. I begin to feel that it is a bug in Microsoft side – Amphimacer 24/8, 2021 at 9:1

I'm having trouble with the exact same issue/bug. The only work around as I see it is to deploy the workflow twice. First time with an actual URL pointing to a dummy connection and the second time with the appsetting reference.

Dom answered 2/9, 2021 at 9:22 Comment(0)

Recommended topics

Hot tags