If I deploy a logic app workflow that has connections that use the logic apps user assigned managed identity in terraform, the api connections show as invalid...
I have to manually go in and select them and then save the logic app.
I'm using ARM templates via terraform. An example api connection looks like this following...
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"connections_sql_name": {
"defaultValue": "sql",
"type": "String"
},
"location": {
"defaultValue": "uksouth",
"type": "string"
},
"subscriptionId": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('connections_sql_name')]",
"location": "[parameters('location')]",
"kind": "V1",
"properties": {
"api": {
"id": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Web/locations/', parameters('location'), '/managedApis/sql')]"
},
"parameterValueSet": {
"name": "oauthMI",
"values": {}
},
"displayName": "[parameters('connections_sql_name')]"
}
}
]
}
The connection is then referenced in the workflow here...
"sql": {
"connectionId": "[concat('/subscriptions/', parameters('subscriptionId'), '/resourceGroups/', parameters('connections_sql_externalid'))]",
"connectionName": "sql",
"connectionProperties": {
"authentication": {
"identity": "[parameters('userAssignedIdentity')]",
"type": "ManagedServiceIdentity"
}
},
"id": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Web/locations/', parameters('location'), '/managedApis/sql')]"
}
And then in an action like below...
"Get_order_details_from_Narvar_on_dates": {
"inputs": {
"body": {
"query": "SELECT\tSH.ORDER_NUMBER, \n\t\tSH.ORDER_DATE, \n\t\tSH.DELIVERY_AMOUNT,\n\t\tSL.SKU, \n\t\tP.PRODUCT_NAME, \n\t\tSL.UNIT_PRICE, \n\t\tSL.LINE_AMOUNT, \n\t\tSL.DISCOUNT_AMOUNT, \n\t\tSL.QTY_ORDERED,\n\t\tP.COLOUR, \n\t\tP.SIZE, \n\t\tP.ITEM_URL, \n\t\tP.ITEM_IMAGE \nFROM F_C_SALES_HEADER SH\nINNER JOIN F_C_SALES_LINE SL on SH.SKEY_SALES_HEADER = SL.SKEY_SALES_HEADER\nINNER JOIN D_C_PRODUCT P on SL.SKEY_PRODUCT = P.SKEY_PRODUCT\nWHERE SH.EMAIL_ADDRESS = '@{body('Parse_data_stream_message')?['attrs']?['email']}' \nAND SH.ORDER_DATE >= DATEADD(year, -@{parameters('backfill_years')}, GETDATE()) \nAND CONVERT(date, SH.ORDER_DATE) in (@{concat('''', join(variables('Backfill Order Dates'), ''','''), '''')})"
},
"host": {
"connection": {
"name": "@parameters('$connections')['sql']['connectionId']"
}
},
"method": "post",
"path": "/v2/datasets/@{encodeURIComponent(encodeURIComponent(parameters('narvar_server_name')))},@{encodeURIComponent(encodeURIComponent(parameters('narvar_database_name')))}/query/sql"
},
"runAfter": {
"Check_for_any_orders_to_backfill": [
"Succeeded"
]
},
"type": "ApiConnection"
}
Everything appears to be hooked up correctly so why do I have to re-select/re-authenticate these connections manually?
