Azure Logic App Authorization Policy set via Bicep
When creating a consumption Azure Logic App using Azure Bicep -
How do you create configure Azure Active Directory Authorization Policies and set the
- Policy Name
- Policy Type
- Claims (Issuer, Audience and a custom claim)
From Azure Portal its under Logic App > Authorization > Add Policy:
Logic App Authorization screen
Here's my bicep file:
param name string = 'testlogicapptb'
param location string = 'Australia Southeast'
resource logicApp 'Microsoft.Logic/workflows@2019-05-01' = {
name: name
location: location
properties: {
definition: {
'$schema': 'https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#'
contentVersion: '1.0.0.0'
}
parameters: {}
accessControl: {
triggers: {
allowedCallerIpAddresses: [
{
addressRange: '123.1.1.1-123.1.1.1'
}
]
//Doesn't work - just trying anything
openAuthenticationPolicies: {
policies: {
name: 'test'
type: 'AAD'
issuer: 'https://123/'
audience: '123'
claim: {
name: 'role'
value: '123'
}
}
}
}
}
}
}
Here's the reference documentation but it doesn't describe how to format the policies and it just circles back around on itself.
If I search the web for anything related to OpenAuthenticationAccessPolicies I can't find anything or even know if I'm looking at the right thing.
I've tried exporting the ARM template and converting that to bicep - however the policies entered through the Portal do not come out in the export.
Even if its not bicep how do I programmatically set these up?
Solution
main.bicep
@description('The name of the logic app to create.')
param logicAppName string = 'wbtestlogicapp'
@description('A test URI')
param testUri string = 'https://azure.status.microsoft/status/'
@description('Location for all resources.')
param location string = resourceGroup().location
var policyName = 'aadPolicyTest'
var frequency = 'Hour'
var interval = '1'
var type = 'recurrence'
var actionType = 'http'
var method = 'GET'
resource stg 'Microsoft.Logic/workflows@2019-05-01' = {
name: logicAppName
location: location
tags: {
displayName: logicAppName
}
properties: {
definition: {
'$schema': 'https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#'
contentVersion: '1.0.0.0'
parameters: {
testUri: {
type: 'string'
defaultValue: testUri
}
}
triggers: {
recurrence: {
type: type
recurrence: {
frequency: frequency
interval: interval
}
}
}
actions: {
actionType: {
type: actionType
inputs: {
method: method
uri: testUri
}
}
}
}
accessControl: {
triggers: {
openAuthenticationPolicies:{
policies: {
'${policyName}': {
type: 'AAD'
claims: [
{
name: 'iss'
value: 'https://sts.windows.net/2xxxxxxx-3a06-xxxxxxxxx-8a1e-xxxxxx/'
}
{
name: 'aud'
value: 'https://management.core.windows.net'
}
{
name: 'sub'
value: 'xxxxxxxxxxx-7d1e-4d9f-xxx-xxxxxxxxxxxxxxx'
}
]
}
}
}
}
}
}
}
output name string = stg.name
output resourceId string = stg.id
output resourceGroupName string = resourceGroup().name
output location string = location
result
- How to resolve paging when retrieving data from REST API in R
- SearchService deployment fails if the resource exists
- Azure Bicep - Referencing a variable that cannot be calculated at the start
- Local development with Azure SignalR Service and Azure Functions
- Azure Functions & Application Insights requests "Operation Link" empty
- Disabling allow public blob access using terraform
- how to retrieve all resources under given subnet using Azure Resource Graph Explorer query
- I'm using SSIS in ADF to move .csv from a blob container to another and then ingest into a Azure SQL database. I get an assembly error
- How to build expression in ADF from json using parameterized variable?
- Reference a variable azure pipeline not working
- Graph Powershell adding a user to PIM for a privileged security group
- Indexing static HTML blob storage content with Azure Cognitive Search is not working as expected
- Azure python webapp deploy shows as running even though it is successful
- Azure pipeline get Pull request source and target branch name
- Error while copying Azure Storage table from one Storage to another storage table using Powershell script
- Azure Function App Fails to Delete Blob Image After Deployment
- Use Azure AD authentication but manage roles in database in .NET 6
- Microsoft Azure VMs IaaS or PaaS?
- Can an application property be updated/deleted from a ServiceBusReceivedMessage?
- Why is my Blazor Web App throwing a SocketException when authenticating with OpenIddict when deployed to Azure App Service?
- RPC failed: curl 56 failure when receiving data from the peer
- Read 'Attribute & Claims' from SAML Entra application configuration using PowerShell
- Reading Excel file returns 'Invalid Request' error
- Is it possible to clone an Azure Container App?
- Unable to Enable Encryption at host for Azure VM
- Application Insights does not capture information level logging
- How to look up logical partition count and size in Cosmos DB
- AzureRmWebAppDeployment@4 tries to deploy to a wrong URL to Linux app plan
- Azure B2C client credentials flow throws invalid_grant AADB2C90085
- Why I can't create azurerm_app_service connection?