2

I have made a Logic app that listens to an Event Grid Topic and it works fine, but if I delete it and try to create from the template it doesn't work. It never runs.

The problem is that while it does create the API connection to the event grid, it leaves it unauthorized and it doesn't create any subscription to the event grid topic either. At no point are any errors displayed. Everything succeeds, but it just doesn't create everything it is supposed to.

To get around this, I added commands to the Powershell script to authenticate it. This works fine, but this of course does not create the subscription.

If I run the ARM-template again, I expected it to create it now as connection is not valid, but no, it doesn't. I suppose Azure realizes nothing has changed in the template and does nothing? If I edit the ARM-template and change the subscription name, and deploy it again, then the subscription is created and it starts working.

I could of course call the template twice with 2 different subscription names as parameter but that sounds silly. There has to be some better way.

So what would be the best way to create that kind of logic app from templates and scripts?

SamiR
  • 77
  • 10

2 Answers2

2

You can create both your Event Grid Topic Subscription and the Logic Apps connection to it as separate resources. Examples template objects are below. Keep in mind that the connection is using oauth.

Event Grid Topic Subscription

{
  "type": "Microsoft.EventGrid/topics/providers/eventSubscriptions",
  "name": "[concat(parameters('TopicName'), '/Microsoft.EventGrid/', variables('name'))]",
  "location": "[parameters('Location')]",
  "apiVersion": "2018-01-01",
  "properties": {
    "destination": {
      "endpointType": "WebHook",
      "properties": {
        "endpointUrl": "[parameters('Endpoint')]"
      }
    },
    "filter": {
      "includedEventTypes": [
        "[parameters('EventType')]"
      ]
    }
  },
  "dependsOn": [
  ]
}

Web Connection

{
  "type": "Microsoft.Web/connections",
  "name": "[variables('connectionName')]",
  "apiVersion": "2016-06-01",
  "location": "[parameters('ConnectionLocation')]",
  "properties": {
    "displayName": "[variables('connectionName')]",
    "api": {
      "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/northcentralus/managedApis/azureeventgrid/')]"
    },
    "parameterValues": {
      "token:clientId": "[parameters('ConnectionClientId')]",
      "token:clientSecret": "[parameters('ConnectionClientSecret')]",
      "token:TenantId": "[parameters('ConnectionTenantId')]",
      "token:resourceUri": "https://management.core.windows.net/",
      "token:grantType": "client_credentials"
    }
  },
  "dependsOn": []
}
Josh Williams
  • 436
  • 3
  • 9
  • Thanks a lot mate! I was struggling to get the Event Grid Logic App Monitoring connection to setup and be connected via ARM Template. Do you mind telling how did you find those parameter values? I couldn't find any documentation around for them. – Pranav Jituri Apr 07 '20 at 03:29
  • @pranav-jituri Glad to help. Check this out - **GET** `https://management.azure.com/subscriptions/[your subscription id]/providers/Microsoft.Web/locations/[your connection region (e.g. eastus)]/managedApis/azureeventgrid?api-version=2016-06-01`. You'll also need an `Authorization` header with a bearer token. You can modify the `managedApis` value for _any_ logic app api connection. – Josh Williams Apr 08 '20 at 17:44
1

I believe there isn't a way to workaround the authorization required after the first time you deploy. So the simplest solution would be to have 2 separate templates - one for the API connection and the other for the Logic App.

Your PowerShell script would deploy the API Connection first, authorize it and then deploy the Logic App.

You could also have them in the same template too and control which is deployed by using a condition on each resource.

PramodValavala
  • 6,026
  • 1
  • 11
  • 30
  • This sounds like the way to do it and I got it working doing just like that. But it feels like a bug that a new run of the same template after the connection is authorized won't create the subscription unless the subscription name is changed. – SamiR Feb 25 '19 at 08:28