logicapps icon indicating copy to clipboard operation
logicapps copied to clipboard

Published 20 hours ago verified publisher icon Azure

Ability to parameterize identity for HTTP actions with user-assigned managed identity authentication enabled

Open WenovateAA opened this issue 3 years ago • 1 comments

Now as LA supports user-assigned managed identity (UAMI) it's possible to have multiple identities assigned per single LA Standard. This is a standard benefit of using UAMI. When it comes to HTTP actions, where you primarily specify such identities for authentication to Azure and Azure AD, you choose it from drop-down list. This didn't change since LA consumption tier. This forces to specify your UAIM id in workflow code. However, it's possible to put it to parameters (and I think use output of previous actions):


            "HTTP": {
                "inputs": {
                    "authentication": {
                        "audience": "@parameters('Audience')",
                        "identity": "@parameters('Identity')",
                        "type": "ManagedServiceIdentity"
                    },
                    "method": "GET",
                    "uri": "@parameters('URL')"
                },
                "runAfter": {},
                "type": "Http"
            }

Here Identity is a string parameter containing Azure resource id. This works as expected. However, Designer shows error displaying such configuration:

image

Would be good, if UI also allows to specify custom value for UAMI.

Why it is important? Because we try to separate code from parameters, especially when using CI/CD approach. Single code, separate parameters referring to @appsettings depending on environment. Putting Id for UAMI and other env. specific data inside code breaks such concept.

WenovateAA avatar Feb 03 '22 16:02 WenovateAA

In fact, using @appsettings at all (deployed in Azure) for the identity element will not work (not from connections.json and not from parameters.json if you first make it a parameter and then reference an app setting via your parameter), it will throw the following error:

WorkflowAppOAuthTokenFailure. Failed to get oauth token for managed identity in logic app. Response: '{"statusCode":400,"message":"No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId.","correlationId":"bedf24b8...."}'

You have to hardcode it in your parameters or connections json, not good.

erwinkramer avatar Jun 01 '22 18:06 erwinkramer

This issue is stale because it has been open for 30 days with no activity.

github-actions[bot] avatar Oct 20 '22 22:10 github-actions[bot]

This issue was closed because it has been inactive for 7 days since being marked as stale.

github-actions[bot] avatar Oct 27 '22 22:10 github-actions[bot]