Setting the authentication when deploying Logic App Custom Connector from ARM template

1
votes

I am deploying a Logic App Custom Connector via arm template. In the ARM template the type is Microsoft.Web/customApi.

We are also deploying the connector (Microsoft.Web/connections).

The items deploy OK but the Basic Authentication parameters are not linking properly between the customApi and the connection.

Basic auth missing the username and password display labels

The display names of the params are being reflected in the connection though, and this seems all OK (note the password is supposed to be blank, the test REST API we are using just takes username):

Connection object showing paramters OK

If we add the display names in to the custom connector, and update the connection, it works. This is what the custom connector looks like after being updated:

Custom API looking OK after manual change

So we want to get to this point purely from the ARM deployment without manual steps required. Is it possible? The documentation of Microsoft.Web/customApi doesn't give any detail about the connectionParameters you can supply.

ARM snippet for the customApi:

 "type": "Microsoft.Web/customApis",
  "name": "[variables('CustomConnectorName')]",
  "apiVersion": "2016-06-01",
  "location": "[variables('resourceGroupLocation')]",
  "tags": {
    "Environment": "[variables('environment')]"
  },
  "scale": null,
  "properties": {
    "capabilities": [
      "gateway"
    ],
    "connectionParameters": {
      "username": {
        "type": "string",
        "uiDefinition": {
          "displayName": "ConnectionUsername",              
          "description": "The UserName for this api",
          "tooltip": "Provide the UserName",
          "constraints": {
            "tabIndex": 2,
            "clearText": true,
            "required": "true"
          }
        }
      },
      "password": {
        "type": "string",
        "uiDefinition": {
          "displayName": "ConnectionPassword",              
          "description": "The Password for this api",
          "tooltip": "Provide the Password",
          "constraints": {
            "tabIndex": 3,
            "clearText": false,
            "required": "false"
          }
        }
      },
      "authType": {
        "type": "string",
        "allowedValues": [
          {
            "value": "basic"
          }
        ],
        "uiDefinition": {
          "displayName": "Authentication Type",
          "description": "Authentication type to connect to your API",
          "tooltip": "Authentication type to connect to your API",
          "constraints": {
            "tabIndex": 1,
            "required": "true",
            "allowedValues": [
              {
                "text": "basic",
                "value": "basic"
              }
            ]
          }
        }
      },
      "gateway": {
        "type": "gatewaySetting",
        "gatewaySettings": {
          "dataSourceType": "CustomConnector",
          "connectionDetails": []
        },
        "uiDefinition": {
          "constraints": {
            "tabIndex": 4,
            "required": "true",
            "capability": [
              "gateway"
            ]
          }
        }
      }
    },

ARM snippet for the connection:

 "type": "Microsoft.Web/connections",
  "apiVersion": "2016-06-01",
  "location": "[resourceGroup().location]",
  "name": "MyCustomConnector",
  "properties": {
    "api": {
      "id": "[concat('/subscriptions/',subscription().subscriptionId,'/resourceGroups/',resourceGroup().name,'/providers/Microsoft.Web/customApis/MyCustomConnector')]"
    },
    "displayName": "MyCustomConnector",
    "parameterValues": {
      "username": "[variables('UserName')]",
      "password": "[variables('Password')]",
      "authType": "basic",
      "gateway": {
        "id": "[concat('/subscriptions/',subscription().subscriptionId,'/resourceGroups/',variables('coreResourceGroupName'),'/providers/Microsoft.Web/connectionGateways/',variables('onPremiseGatewayName'))]"
      }
    }
  }
}

I'd be grateful for any suggestions about how we can get the customApi to deploy with the correct parameter names saved to negate the need for the manual step.

Thanks

2
azurearm-template
I know this is an old post, but I was having a similar issue and got it working. In the sample ARM template JSON above, I noticed that the username and password "type" is set to "string". Try setting that to "securestring". I also noticed that in the ARM snippet for the connection, the user name and password values are set using [variables]... is that right? My ARM template passes them in as [parameters].PoorInRichfield

2 Answers

0
votes

While deploying custom connectors, the connection should be created by the user with their respective apikey or whatever auth the connector is using.

So i have modified your template a little bit and it seems to work as expected.

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {},
    "resources": [
        {
            "type": "Microsoft.Web/customApis",
            "apiVersion": "2016-06-01",
            "name": "Test",
            "location": "[resourceGroup().location]",
            "properties": {
                "capabilities": [
                    "gateway"
                ],
                "connectionParameters": {
                    "username": {
                        "type": "string",
                        "uiDefinition": {
                            "displayName": "ConnectionUsername",
                            "description": "The UserName for this api",
                            "tooltip": "Provide the UserName",
                            "constraints": {
                                "tabIndex": 2,
                                "clearText": true,
                                "required": "true"
                            }
                        }
                    },
                    "password": {
                        "type": "string",
                        "uiDefinition": {
                            "displayName": "ConnectionPassword",
                            "description": "The Password for this api",
                            "tooltip": "Provide the Password",
                            "constraints": {
                                "tabIndex": 3,
                                "clearText": false,
                                "required": "false"
                            }
                        }
                    },
                    "authType": {
                        "type": "string",
                        "allowedValues": [
                            {
                                "value": "basic"
                            }
                        ],
                        "uiDefinition": {
                            "displayName": "Authentication Type",
                            "description": "Authentication type to connect to your API",
                            "tooltip": "Authentication type to connect to your API",
                            "constraints": {
                                "tabIndex": 1,
                                "required": "true",
                                "allowedValues": [
                                    {
                                        "text": "basic",
                                        "value": "basic"
                                    }
                                ]
                            }
                        }
                    },
                    "gateway": {
                        "type": "gatewaySetting",
                        "gatewaySettings": {
                            "dataSourceType": "CustomConnector",
                            "connectionDetails": []
                        },
                        "uiDefinition": {
                            "constraints": {
                                "tabIndex": 4,
                                "required": "true",
                                "capability": [
                                    "gateway"
                                ]
                            }
                        }
                    }
                },
                "backendService": {
                    "serviceUrl": "[concat('https://helloWorld.azurewebsites.net/')]"
                }
            }
        }
    ]
}

Here's how it looks when you try to access this connector from a LogicApp

enter image description here

Notice the change from [variables('resourceGroupLocation')] to [resourceGroup().location] , it is actually a built in thing in arm template, you can access the location of current resource group that the template is being pointed to.

Also one more thing i have added is the backendService which will be pointed to your API URL.

Hope this helps.

0
votes

If you use swagger to model the API, you can define the security requirements as part of the swagger. I used the API-Key method for basic auth, though I think you could probably get the Basic method working as required, I just didnt try it. https://swagger.io/docs/specification/2-0/authentication/

Here is a example of the swagger property on the Microsoft.Web/customApis JSON type I used in an ARM template (cut down for brevity).

        "swagger": {
          "swagger": "2.0",
          "host": "example.sausages.com",
          ...
          "securityDefinitions": {
            "APIKeyHeader": {
              "type": "apiKey",
              "in": "header",
              "name": "Authorization"
            }
          },
          "security": [
            {
              "APIKeyHeader": []
            }
          ],
          "paths": {
            "/sausages": {
              "get": {
                ...
              }
            }
          }
        }

When deployed, the security section of the custom connector as well as well defined endpoints available to use.